Skip Headers
Oracle® Identity Manager Connector Guide for IBM Lotus Notes and Domino
Release 9.0.4
Part Number E10428-07
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

3 Configuring the Connector

After you deploy the connector, you must configure it to meet your requirements. This chapter discusses the following connector configuration procedures:

Note:

These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.

3.1 Configuring Reconciliation

As mentioned earlier in this guide, reconciliation involves duplicating in Oracle Identity Manager the creation of and modifications to user accounts on the target system. This section discusses the following topics related to configuring reconciliation:

3.1.1 Partial Reconciliation

By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.

Creating a filter involves specifying a value for a target system attribute, which will be used in the query SELECT criteria to retrieve the records to be reconciled. You can specify values for any one or a combination of the following filter attributes, which are also target system attributes:

  • LastName

  • OU

If you want to use both target system attributes to filter records, then you must also specify the logical operator (AND or OR) that you want to apply to the combination of target system attributes that you select.

For example, suppose you specify the following values for these attributes:

  • LastName: Doe

  • OU: DEL

  • Operator: OR

Because you are using the OR operator, during reconciliation, only user records for which any one of these criteria is met are reconciled. If you were to use the AND operator, then the user records that are reconciled are the ones that meet both criteria.

While deploying the connector, follow the instructions in the "Specifying Values for the Scheduled Task Attributes" section to specify values for these attributes and the logical operator that you want to apply.

3.1.2 Batched Reconciliation

During a reconciliation run, all changes in the target system records are reconciled into Oracle Identity Manager. Depending on the number of records to be reconciled, this process may require a large amount of time. In addition, if the connection breaks during reconciliation, then the process would take longer to complete.

You can configure batched reconciliation to avoid these problems.

To configure batched reconciliation, you must specify values for the following user reconciliation scheduled task attributes:

  • BatchSize: Use this attribute to specify the number of records that must be included in each batch. The default value is 1000.

  • NumberOfBatches: Use this attribute to specify the total number of batches that must be reconciled. The default value is All.

If you specify a value other than All, then some of the newly added or modified user records may not get reconciled during the current reconciliation run. The following example illustrates this:

Suppose you specify the following values while configuring the scheduled tasks:

  • BatchSize: 20

  • NumberOfBatches: 10

Suppose that 314 user records were created or modified after the last reconciliation run. Of these 314 records, only 200 records would be reconciled during the current reconciliation run. The remaining 114 records would be reconciled during the next reconciliation run.

You specify values for the BatchSize and NumberOfBatches attributes by following the instructions described in the "Specifying Values for the Scheduled Task Attributes" section.

3.1.3 Configuring the Target System As a Trusted Source

While configuring the connector, the target system can be designated as a trusted source or target resource. If you designate the target system as a trusted source, then during a reconciliation run:

  • For each newly created user on the target system, an OIM User is created.

  • Updates made to each user on the target system are propagated to the corresponding OIM User.

If you designate the target system as a target resource, then during a reconciliation run:

  • For each account created on the target system, a resource is assigned to the corresponding OIM User.

  • Updates made to each account on the target system are propagated to the corresponding resource.

Note:

Skip this section if you do not want to designate the target system as a trusted source for reconciliation.

The following is a summary of the steps involved in configuring trusted source reconciliation:

  1. Import the XML file for trusted source reconciliation, xlLotusNotes_XellerateUser.xml, by using the Deployment Manager. This section describes the procedure to import the XML file.

    Note:

    Only one target system can be designated as a trusted source. If you import the xlLotusNotes_XellerateUser.xml file while you have another trusted source configured, then both connector reconciliations would stop working.

  2. Specify values for the attributes of the Lotus Notes trusted User Reconciliation scheduled task. This procedure is described later in this guide.

To import the XML file for trusted source reconciliation:

  1. Open the Oracle Identity Manager Administrative and User Console.

  2. Click the Deployment Management link on the left navigation bar.

  3. Click the Import link under Deployment Management. A dialog box for opening files is displayed.

  4. Locate and open the xlLotusNotes_XellerateUser.xml file, which is in the OIM_HOME/xellerate/XLIntegrations/LotusNotes/xml directory. Details of this XML file are shown on the File Preview page.

  5. Click Add File. The Substitutions page is displayed.

  6. Click Next. The Confirmation page is displayed.

  7. Click Import.

  8. In the message that is displayed, click Import to confirm that you want to import the XML file and then click OK.

3.1.4 Configuring the Reconciliation Scheduled Tasks

When you perform the procedure described in the "Importing the Connector XML File" section, the scheduled tasks for lookup fields, trusted source, and target resource reconciliation are automatically created in Oracle Identity Manager. To configure these scheduled tasks:

  1. Open the Oracle Identity Manager Design Console.

  2. Expand the Xellerate Administration folder.

  3. Select Task Scheduler.

  4. Click Find. The details of the predefined scheduled tasks are displayed on two different tabs.

  5. For the first scheduled task, enter a number in the Max Retries field. This number represents the number of times Oracle Identity Manager must attempt to complete the task before assigning the FAILED status to the task.

  6. Ensure that the Disabled and Stop Execution check boxes are not selected.

  7. In the Start region, double-click the Start Time field. From the date-time editor that is displayed, select the date and time at which you want the task to run.

  8. In the Interval region, set the following schedule parameters:

    • To set the task to run on a recurring basis, select the Daily, Weekly, Recurring Intervals, Monthly, or Yearly option.

      If you select the Recurring Intervals option, then you must also specify the time interval at which you want the task to run on a recurring basis.

    • To set the task to run only once, select the Once option.

  9. Provide values for the attributes of the scheduled task. Refer to the "Specifying Values for the Scheduled Task Attributes" section for information about the values to be specified.

    See Also:

    Oracle Identity Manager Design Console Guide for information about adding and removing task attributes

  10. Click Save. The scheduled task is created. The INACTIVE status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you set in Step 7.

  11. Repeat Steps 5 through 10 to configure the second scheduled task.

After you configure both scheduled tasks, proceed to the "Adding Custom Attributes for Reconciliation" section.

3.1.4.1 Specifying Values for the Scheduled Task Attributes

This section provides information about the values to be specified for the following scheduled tasks:

3.1.4.1.1 Lookup Fields Reconciliation Scheduled Task

You must specify values for the following attributes of the Lotus Notes Lookup Reconciliation lookup fields reconciliation scheduled task.

Note:

  • Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

  • Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.

Attribute Description Default/Sample Value
ServerName Name of the IT resource instance that the connector uses to reconcile data LotusNotes
LookupFieldName Name of the group lookup field that is to be reconciled LookUp.Lotus.Grp

After you specify values for these task attributes, proceed to Step 10 of the procedure to create scheduled tasks.

3.1.4.1.2 User Reconciliation Scheduled Tasks

Depending on whether you want to implement trusted source or target resource reconciliation, you must specify values for the attributes of one of the following user reconciliation scheduled tasks:

  • Lotus Notes trusted User Reconciliation (Scheduled task for trusted source reconciliation)

  • Lotus Notes User Reconciliation (Scheduled task for target resource reconciliation)

The following table describes the attributes of both scheduled tasks.

Note:

  • Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

  • Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.

Attribute Description Default/Sample Value
TargetRO Name of the resource object LOTUSRO for target resource reconciliation

Xellerate User for trusted source reconciliation
ServerName Name of the IT resource instance that the connector uses to reconcile data LotusNotes
IsTrusted Specifies whether or not reconciliation is to be carried out in trusted mode For trusted source reconciliation, set the value of this attribute to Yes.

For target resource reconciliation, set the value of this attribute to No.
LoginNameField Parameter whose value is used as the login name for the Xellerate User (OIM User)

Ensure that the value of the parameter that you select is unique for each IBM Lotus Notes and Domino user.

 Notes.LastName or Notes.ShortName
XellerateOrganisation Default value for the Oracle Identity Manager Organization name

This value is used to create the Xellerate User (OIM User) in trusted mode.

Note: This attribute is specific to trusted source reconciliation.

 Xellerate Users
BatchSize Number of records in each batch that is reconciled

You must specify an integer value greater than zero.

See Also: The "Batched Reconciliation" section

 The default value is 1000.
NoOfBatches Number of batches to be reconciled

The number of records in each batch is specified by the BatchSize attribute.

See Also: The "Batched Reconciliation" section

 Specify All if you want to reconcile all the batches. This is the default value.

Specify an integer value greater than zero if you want to reconcile only a fixed number of batches.
LastName This is a filter attribute. Use this attribute to specify the last name of the user whose records you want to reconcile.

If you do not want to use this filter attribute, then specify Nodata.

See Also: The "Partial Reconciliation" section

 The value can be either the last name or Nodata.

The default value is Nodata.
OU This is a filter attribute. Use this attribute to specify the OU of the users whose records you want to reconcile.

If you do not want to use this filter attribute, then specify Nodata.

See Also: The "Partial Reconciliation" section

 The value can be either the OU of the users or Nodata.

The default value is Nodata.
Operator This is a filter attribute. Use this attribute to specify the operator that you want to apply on the filter attributes.

See Also: The "Partial Reconciliation" section

 The value can be AND or OR.

The default value is AND.

After you specify values for these task attributes, proceed to Step 10 of the procedure to create scheduled tasks.

3.1.5 Adding Custom Attributes for Reconciliation

Note:

In this section, the term "attribute" refers to the identity data fields that store user data.

By default, the attributes listed in the "Reconciliation Module" section are mapped for reconciliation between Oracle Identity Manager and the target system. If required, you can map additional attributes for reconciliation as follows:

Note:

You need not perform this procedure if you do not want to add custom attributes for reconciliation.

See Also:

Oracle Identity Manager Design Console for detailed instructions on performing the following steps

  1. Modify the attributemapping_recon.properties file, which is in the OIM_HOME/xellerate/XLIntegrations/LotusNotes/config directory.

    At the end of this file, some of the attribute definitions are preceded by comment characters. You can uncomment the definition of an attribute to add the attribute to the list of reconciliation attributes. If required, you can also add new attributes in this file. The format that you must use is as follows:

    OimAttributeName=TargetAttributeName

    For example:

    Users.City=City

    In this example, City is the reconciliation field and also the equivalent target system attribute. As a standard, the prefix "Users." is added at the start of all reconciliation field names.

  2. In the resource object definition, add a reconciliation field corresponding to the new attribute as follows:

    1. Open the Resource Objects form. This form is in the Resource Management folder.

    2. Click Query for Records.

    3. On the Resource Objects Table tab, double-click the LOTUSRO resource object to open it for editing.

    4. On the Object Reconciliation tab, click Add Field to open the Add Reconciliation Field dialog box.

    5. Specify a value for the field name.

      You must specify the name that is to the left of the equal sign in the line that you uncomment or add while performing Step 1.

      For example, if you uncomment the Users.City=City line in Step 1, then you must specify Users.City as the attribute name.

    6. From the Field Type list, select a data type for the field.

      For example: String

    7. Save the values that you enter, and then close the dialog box.

    8. If required, repeat Steps d through g to map more fields.

  3. If a corresponding field does not exist in the process form, then add a new column in the process form.

    1. Open the Form Designer form. This form is in the Development tools folder.

    2. Query for the UD_LOTUS form.

    3. Click Create New Version.

      The Create a New Version dialog box is displayed.

    4. In the Label field, enter the name of the version.

    5. Click Save and close the dialog box.

    6. From the Current Version box, select the version name that you entered in the Label field in Step d.

    7. On the Additional Columns tab, click Add.

    8. In the Name field, enter the name of the data field and then enter the other details of the field.

      Note:

      Repeat Steps g and h if you want to add more attributes.

    9. Click Save, and then click Make Version Active.

  4. Modify the process definition to include the mapping between the newly added attribute and the corresponding reconciliation field:

    1. Open the Process Definition form. This form is in the Process Management folder of the Design Console.

    2. Click the Query for Records icon.

    3. On the Process Definition Table tab, double-click the Lotus Process process definition.

    4. On the Reconciliation Field Mappings tab, click Add Field Map to open the Add Reconciliation Field Mapping dialog box.

    5. From the Field Name list, select the name of the resource object that you add in Step 2.e.

    6. Double-click Process Data Field and select the corresponding process form field from the Lookup dialog box. Then, click OK.

    7. Click Save and close the dialog box.

    8. If required, repeat Steps c through g to map more fields.

3.2 Configuring Provisioning

As mentioned earlier in this guide, provisioning involves creating or modifying a user's account information on the target system through Oracle Identity Manager.

This section discusses the following topics related to configuring provisioning:

3.2.1 Compiling Adapters

Note:

You must perform the procedure described in this section if you want to use the provisioning features of Oracle Identity Manager for this target system.

You need not perform the procedure to compile adapters if you have performed the procedure described in "Installing the Connector on Oracle Identity Manager Release 9.1.0 or Later".

Adapters are used to implement provisioning functions. The following adapters are imported into Oracle Identity Manager when you import the connector XML file:

See Also:

The "Supported Functionality" section for a listing of the provisioning functions that are available with this connector

  • adpLNCreateuser

  • adpLNUpdateUserName

  • adpUpdateUserInfo

  • adpLNDeleteUser

  • adpLNEnableDisable

  • adpLNUpdateGrp

  • adpLNUpdatePassword

  • LNPrepopulateLastName

You must compile these adapters before they can be used in provisioning operations.

To compile adapters by using the Adapter Manager form:

  1. Open the Adapter Manager form.

  2. To compile all the adapters that you import into the current database, select Compile All.

    To compile multiple (but not all) adapters, select the adapters you want to compile. Then, select Compile Selected.

    Note:

    Click Compile Previously Failed to recompile only those adapters that were not compiled successfully. Such adapters do not have an OK compilation status.

  3. Click Start. Oracle Identity Manager compiles the selected adapters.

  4. If Oracle Identity Manager is installed in a clustered environment, then copy the compiled adapters from the OIM_HOME/xellerate/Adapter directory to the same directory on each of the other nodes of the cluster. If required, overwrite the adapter files on the other nodes.

If you want to compile one adapter at a time, then use the Adapter Factory form.

See Also:

Oracle Identity Manager Tools Reference Guide for information about using the Adapter Factory and Adapter Manager forms

To view detailed information about an adapter:

  1. Highlight the adapter in the Adapter Manager form.

  2. Double-click the row header of the adapter, or right-click the adapter.

  3. Select Launch Adapter from the shortcut menu that is displayed. Details of the adapter are displayed.

3.2.2 Adding Custom Attributes for Provisioning

Note:

In this section, the term "attribute" refers to the identity data fields that store user data.

By default, the attributes listed in the "Provisioning Module" section are mapped for provisioning between Oracle Identity Manager and the target system. If required, you can map additional attributes for provisioning as follows:

See Also:

Oracle Identity Manager Design Console Guide

  1. Modify the attributemapping_prov.properties file, which is in the OIM_HOME/xellerate/XLIntegrations/LotusNotes/config directory.

    At the end of this file, some of the attribute definitions are preceded by comment characters. You can uncomment the definition of an attribute to make it a part of the list of provisioning attributes. If required, you can also add new attributes in this file. The format that you must use is as follows:

    OimAttributeName=TargetAttributeName

    For example:

    City=City

  2. Add a new column in the process form.

    1. Open the Form Designer form. This form is in the Development Tools folder of the Oracle Identity Manager Design Console.

    2. Query for the UD_LOTUS form.

    3. Click Create New Version.

      The Create a New Version dialog box is displayed.

    4. In the Label field, enter the name of the version.

    5. Click Save and close the dialog box.

    6. From the Current Version box, select the version name that you entered in the Label field in Step d.

    7. On the Additional Columns tab, click Add.

    8. Specify the new field name and other values.

  3. Add a new variable in the variable list.

    1. Open the Adapter Factory form. This form is in the Development Tools folder of the Oracle Identity Manager Design Console.

    2. Click the Query for Records icon.

    3. On the Adapter Factory Table tab, double-click the adpLNCreateuser adapter from the list.

    4. On the Variable List tab, click Add.

    5. In the Add a Variable dialog box, specify the required values and then save and close the dialog box.

  4. Define an additional adapter task for the newly added variable in the adpLNCreateuser adapter.

    1. On the Adapter Tasks tab of the Adapter Factory form, click Add.

    2. In the Adapter Task Selection dialog box, select Functional Task, select Java from the list of functional task types, and then click Continue.

    3. In the Object Instance Selection dialog box, select Persistent Instance and then click Continue.

    4. In the Add an Adapter Factory Task dialog box, specify the task name, select the setProperty method from the Method list, and then click Save.

    5. Map the application method parameters, and then save and close the dialog box. To map the application method parameters:

      For the "Output: String Return variable (Adapter Variable)" parameter:

      i. From the Map to list, select Adapter Variables.

      ii. From the Name list, select Return variable.

      For the "Input: String (Adapter Variable)" parameter:

      i. From the Map to list, select Adapter Variables.

      ii. From the Name list, select Input.

      For the "Input: String (Literal)" parameter:

      i. From the Map to list, select Literal.

      ii. From the Name list, select String.

      iii. In the Value field, specify the name that is to the left of the equal sign in the line that you uncomment or add while performing Step 1.

      For example, if you uncomment the City=City line in Step 1, then you must specify City as the attribute name.

      For the "Input: String (Adapter Variable)" parameter:

      i. From the Map to list, select Adapter Variables.

      ii. From the Name list, select the newly added adapter variable.

    6. Repeat Steps a through e to create more adapter tasks.

  5. Create an additional adapter task to set the input variable.

    1. Open the Adapter Factory form. This form is in the Development Tools folder in the Oracle Identity Manager Design Console.

    2. On the Adapter Tasks tab, click Add.

    3. In the Adapter Task Selection dialog box, select Logic Task, select SET VARIABLE from the list, and then click Continue.

    4. In the Edit Set Variable Task Parameters dialog box, select input from the Variable Name list, select Adapter Task from the Operand Type list, and the Operand Qualifier as the Adapter Task that you have created in the previous step. Then, click Save.

  6. Map the process form columns and adapter variables for the Create User process task as follows:

    1. Open the Process Definition form. This form is in the Process Management folder of the Design Console.

    2. Click the Query for Records icon.

    3. On the Process Definition Table tab, double-click the Lotus Process process definition.

    4. On the Tasks tab, double-click the Create User task.

    5. In the Closing Form dialog box, click Yes.

    6. On the Integration tab of the Editing Task Columns Create User dialog box, map the unmapped variables, and then save and close the dialog box. To map an unmapped variable:

      i. Double-click the row in which N is displayed in the Status column. The value N signifies that the variable is not mapped.

      ii. From the Map to list in the Edit Data Mapping for Variables dialog box, select Process Data.

      iii. From the Qualifier list, select the name of the variable.

Repeat Steps 1 through 6 if you want to add more attributes.

Enabling Updates of the Field That You Add for Provisioning

To enable updates of the field that you add for provisioning:

Note:

Some of the steps in the following procedure are specific to the values that have been used. If you use other values, then these steps might need to be performed differently.

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Process Management and then double-click Process definition.

  3. Enter Lotus Process in the Name field, and then click the Query for records button.

  4. Add a new task. For example, if you add the City field for provisioning, then add the City Updated task.

  5. Click the Integration tab of the newly added task, and then click Add.

  6. Select Adapter as the handler type and then perform the following:

    1. Select LNUpdateUserInfo and click Save.

    2. In Adapter Variables, double click attrName. A window is displayed for editing the data mapping of the variable.

    3. From the Map To list, select Literal.

    4. In the Literal field, enter City as the name of the Oracle Identity Manager attribute. This value must be the same as that specified in the attributemapping_prov.properties file.

  7. Create all required mappings.

  8. Click the Responses tab of the City Updated task. Add the SUCCESS and ERROR responses. Enter C for the SUCCESS response and R for the ERROR response.

  9. Save the changes.

3.3 Configuring the Connector for Multiple Installations of the Target System

Note:

Perform this procedure only if you want to configure the connector for multiple installations of IBM Lotus Notes and Domino.

You may want to configure the connector for multiple installations of IBM Lotus Notes and Domino. The following example illustrates this requirement:

The Tokyo, London, and New York offices of Example Multinational Inc. have their own installations of IBM Lotus Notes and Domino. The company has recently installed Oracle Identity Manager, and they want to configure Oracle Identity Manager to link all the installations of IBM Lotus Notes and Domino.

To meet the requirement posed by such a scenario, you must configure the connector for multiple installations of IBM Lotus Notes and Domino.

To configure the connector for multiple installations of the target system:

See Also:

Oracle Identity Manager Design Console Guide for detailed instructions on performing each step of this procedure

  1. Create copies of the LotusNotes IT resource so that there is one IT resource for each installation of the target system.

    Refer to the "Importing the Connector XML File" section for information about the values to be specified for the IT resource parameters.

  2. Create copies of the Lotus Notes trusted User Reconciliation, Lotus Notes User Reconciliation, and Lotus Notes Lookup Reconciliation scheduled tasks for each installation of the target system. While creating a scheduled task, specify attribute values corresponding to the target system installation for which you are creating the scheduled task.

    Refer to the "Specifying Values for the Scheduled Task Attributes" section for information about the values to be specified for the scheduled task attributes.

When you use the Administrative and User Console to perform provisioning, you can specify the IT resource corresponding to the IBM Lotus Notes and Domino installation to which you want to provision the user.

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us