3 Configuring the Connector

After you deploy the connector, you must configure it to meet your requirements. This chapter discusses the following connector configuration procedures:

Note:

These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.

• Configuring Reconciliation

• Configuring Provisioning

3.1 Configuring Reconciliation

As mentioned earlier in this guide, reconciliation involves duplicating in Oracle Identity Manager the creation of and modifications to user accounts on the target system. This section discusses the following topics related to configuring reconciliation:

• Partial Reconciliation

• Batched Reconciliation

• Configuring Trusted Source Reconciliation

• Configuring the Reconciliation Scheduled Tasks

3.1.1 Partial Reconciliation

By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.

For this connector, you create a filter by specifying values for the CustomizedReconQuery IT resource parameter while performing the procedure described in the "Defining IT Resources" section.

The following table lists the Novell GroupWise attributes, and the corresponding Oracle Identity Manager attributes, that you can use to build the query condition. You specify this query condition as the value of the CustomizedReconQuery parameter.

Oracle Identity Manager Attribute	Novell GroupWise Attribute
User ID	cn
File ID	nGWFileID
Account ID	nGWAccountID
Gateway Access	nGWGatewayAccess

The following are sample query conditions:

• Value assigned to the CustomizedReconQuery parameter: cn=JOHN|cn=JANE

  The user with user ID JOHN and JANE are reconciled.

• Value assigned to the CustomizedReconQuery parameter: nGWFileID=f06|nGWFileID=s1z

  The users with File ID f06 and s1z are reconciled.

If you do not specify values for the CustomizedReconQuery parameter, then all the records in the target system are compared with existing Oracle Identity Manager records during reconciliation.

The following are guidelines to be followed while specifying a value for the CustomizedReconQuery parameter:

• For the target system attributes, you must use the same case (uppercase or lowercase) as given in the table shown earlier in this section. This is because the attribute names are case-sensitive.

• You must not include unnecessary blank spaces between operators and values in the query condition.

  A query condition with spaces separating values and operators would yield different results as compared to a query condition that does not contain spaces between values and operators. For example, the output of the following query conditions would be different:

  cn=John

  cn= John

  In the second query condition, the reconciliation engine would look for first name and last name values that contain a space at the start.

• You must not include special characters other than the equal sign (=), ampersand (&), and vertical bar (|) in the query condition.

  Note:

  An exception is thrown if you include special characters other than the equal sign (=), ampersand (&), and vertical bar (|).

• The query condition must be an expression without any braces.

• Searching users based on more than three user attributes are not supported. For example, if the query condition is cn=JOHN&nGWFileID=f06&nGWGatewayAccess=Sublm|nGWAccountID=23, then the query generates an error.

You specify a value for the CustomizedReconQuery parameter while performing the procedure described in the "Defining IT Resources" section.

3.1.2 Batched Reconciliation

During a reconciliation run, all changes in the target system records are reconciled into Oracle Identity Manager. Depending on the number of records to be reconciled, this process may require a large amount of time. In addition, if the connection breaks during reconciliation, then the process would take longer to complete.

You can configure batched reconciliation to avoid such problems.

To configure batched reconciliation, you must specify values for the following user reconciliation scheduled task attributes:

• StartRecord: Use this attribute to specify the record number from which batched reconciliation must begin.

• BatchSize: Use this attribute to specify the number of records that must be included in each batch.

• NumberOfBatches: Use this attribute to specify the total number of batches that must be reconciled. If you do not want to use batched reconciliation, specify All Available as the value of this attribute.

  Note:

  If you specify All Available as the value of this attribute, then the values of the StartRecord and BatchSize attributes are ignored.

You specify values for these attributes by following the instructions described in the "User Reconciliation Scheduled Task" section.

After you configure batched reconciliation, if reconciliation fails during a batched reconciliation run, then refer to the log file for information about the batch at which reconciliation has failed. The log file provides the following information about batched reconciliation:

• Serial numbers of the batches that have been successfully reconciled

• User IDs associated with the records with each batch that has been successfully reconciled

• If the batched reconciliation run fails, then the serial number of the batch that has failed

3.1.3 Configuring Trusted Source Reconciliation

While configuring the connector, the target system can be designated as a trusted source or target resource. If you designate the target system as a trusted source, then both newly created and modified user accounts are reconciled in Oracle Identity Manager. If you designate the target system as a target resource, then only modified user accounts are reconciled in Oracle Identity Manager.

Note:

You can skip this section if you do not want to designate the target system as a trusted source for reconciliation.

Configuring trusted source reconciliation involves the following steps:

1. Import the XML file for trusted source reconciliation, GroupwiseXLResourceObject.xml, by using the Deployment Manager. This section describes the procedure to import the XML file.

   Note:

   Only one target system can be designated as a trusted source. If you import the GroupwiseXLResourceObject.xml file while you have another trusted source configured, then both connector reconciliations would stop working.

2. Set the TrustedSource scheduled task attribute to True. You specify a value for this attribute while configuring the user reconciliation scheduled task, which is described later in this guide.

To import the XML file for trusted source reconciliation:

1. Open the Oracle Identity Manager Administrative and User Console.

2. Click the Deployment Management link on the left navigation bar.

3. Click the Import link under Deployment Management. A dialog box for opening files is displayed.

4. Locate and open the GroupwiseXLResourceObject.xml file, which is in the OIM_HOME/xellerate/groupwise/xml directory. Details of this XML file are shown on the File Preview page.

5. Click Add File. The Substitutions page is displayed.

6. Click Next. The Confirmation page is displayed.

7. Click Import.

8. In the message that is displayed, click Import to confirm that you want to import the XML file and then click OK.

After you import the XML file for trusted source reconciliation, you must set the value of the TrustedSource reconciliation scheduled task attribute to True. This procedure is described in the "Configuring the Reconciliation Scheduled Tasks" section.

3.1.4 Configuring the Reconciliation Scheduled Tasks

When you perform the procedure described in the "Importing the Connector XML File" section, the scheduled tasks for lookup fields and user reconciliations are automatically created in Oracle Identity Manager. To configure the scheduled task:

1. Open the Oracle Identity Manager Design Console.

2. Expand the Xellerate Administration folder.

3. Select Task Scheduler.

4. Click Find. The details of the predefined scheduled tasks are displayed on different tabs.

5. For the first scheduled task, enter a number in the Max Retries field. Oracle Identity Manager must attempt to complete the task before assigning the FAILED status to the task.

6. Ensure that the Disabled and Stop Execution check boxes are not selected.

7. In the Start region, double-click the Start Time field. From the date-time editor that is displayed, select the date and time at which you want the task to run.

8. In the Interval region, set the following schedule parameters:

   • To set the task to run on a recurring basis, select the Daily, Weekly, Recurring Intervals, Monthly, or Yearly option.

     If you select the Recurring Intervals option, then you must also specify the time interval at which you want the task to run on a recurring basis.

   • To set the task to run only once, select the Once option.

9. Provide values for the attributes of the scheduled task. Refer to the "Specifying Values for the Scheduled Task Attributes" section for information about the values to be specified.

   See Also:

   Oracle Identity Manager Design Console Guide for information about adding and removing task attributes

10. Click Save. The scheduled task is created. The INACTIVE status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you set in Step 7.

11. Repeat Steps 5 through 10 to create the remaining scheduled tasks.

After you create the remaining scheduled tasks, proceed to the "Configuring Provisioning" section.

3.1.4.1 Specifying Values for the Scheduled Task Attributes

This section provides information about the values to be specified for the following scheduled tasks:

• User Reconciliation Scheduled Task

• Distribution List Lookup Field Reconciliation Scheduled Task

• Post Office List Lookup Fields Reconciliation Scheduled Task

3.1.4.1.1 User Reconciliation Scheduled Task

You must specify values for the following attributes of the Groupwise User Recon Task user reconciliation scheduled task.

Note:

• Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

• Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.

Attribute	Description	Sample/Default Value
ITResourceName	Name of the IT resource for setting up a connection to Novell GroupWise	Groupwise IT Resource
eDirITResourceName	Name of the IT resource for setting up a connection to Novell eDirectory	eDirectory IT Resource
RemoteResourceName	Name of the IT resource in which the remote service name and URL are specified	GroupWise XRM
ResourceObjectName	Name of the resource object into which users must be reconciled	Groupwise User
XLDeleteUsersAllowed	If this attribute is set to true, then the Delete reconciliation event is started. Users who are deleted from the target system are removed from Oracle Identity Manager. This requires all the users on the target system to be compared with all the users in Oracle Identity Manager. If this attribute is set to false, then the users are not deleted. Note: This process affects performance.	true/false
TrustedSource	Specifies whether or not reconciliation must be performed in trusted mode The value of this attribute must be set to True for trusted source reconciliation. The value of this attribute must be set to False for target source reconciliation.	True or False
Xellerate Type	Default type for the Xellerate User account	End-User Administrator
Organization	Default organization for the Xellerate User	Xellerate Users
Role	Default employee type for the Xellerate User	Consultant
StartRecord	The start record for the batching process This attribute is also discussed in the "Partial Reconciliation" section.	1
BatchSize	The number of records that must be there in a batch This attribute is also discussed in the "Partial Reconciliation" section.	3
NumberOfBatches	The number of batches that must be reconciled This attribute is also discussed in the "Partial Reconciliation" section.	Default value: All Available Sample value: 50

After you specify values for these task attributes, proceed to Step 10 of the procedure to create scheduled tasks.

3.1.4.1.2 Distribution List Lookup Field Reconciliation Scheduled Task

You must specify values for the following attributes of the Groupwise DistributionList Lookup Recon Task Distribution List lookup fields reconciliation scheduled task.

Note:

• Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

• Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.

Attribute	Description	Sample/Default Value
LookupCodeName	Name of the master distribution list lookup code table	Lookup.NGW.DistributionLists
ITResourceName	Name of the IT resource for setting up a connection to Novell eDirectory	eDirectory IT Resource
SearchContext	Name of the Novell GroupWise context	O=mpaf_tree
ObjectClass	Name of the object class for the distribution list object	groupWiseDistributionList
ReconMode	Specify REFRESH to completely refresh the existing lookup. Specify UPDATE to update the lookup with the new values.	Refresh

After you specify values for these task attributes, proceed to Step 10 of the procedure to create scheduled tasks.

3.1.4.1.3 Post Office List Lookup Fields Reconciliation Scheduled Task

You must specify values for the following attributes of the Groupwise PostOffice List Lookup Recon Task Post Office List lookup field reconciliation scheduled task.

Note:

• Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

• Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.

Attribute	Description	Sample/Default Value
LookupCodeName	Name of the master Post Office List lookup code table	Lookup.NGW.PostOffices
ITResourceName	Name of the IT resource for setting up a connection to Novell eDirectory	eDirectory IT Resource
SearchContext	Name of the Novell GroupWise context	O=mpaf_tree
ObjectClass	Name of the object class for the Post Office List object	groupWisePostOffice
ReconMode	Specify REFRESH to completely refresh the existing lookup. Specify UPDATE to update the lookup with new values.	Refresh

After you specify values for these task attributes, proceed to Step 10 of the procedure to create scheduled tasks.

Stopping Reconciliation

Suppose the User Reconciliation Scheduled Task for the connector is running and user records are being reconciled. If you want to stop the reconciliation process:

1. Perform Steps 1 through 4 of the procedure to configure reconciliation scheduled tasks.

2. Select the Stop Execution check box in the task scheduler.

3. Click Save.

3.2 Configuring Provisioning

As mentioned earlier in this guide, provisioning involves creating or modifying a user's account information on the target system through Oracle Identity Manager.

Note:

You must perform the procedure described in this section if you want to use the provisioning features of Oracle Identity Manager for this target system.

Adapters are used to implement provisioning functions. The following adapters are imported into Oracle Identity Manager when you import the connector XML file:

See Also:

The "Supported Functionality" section for a listing of the provisioning functions that are available with this connector

• NGW Create Mailbox

• NGW Delete Mailbox

• NGW Disable Mailbox

• NGW Enable Mailbox

• NGW Move User to PostOffice

• NGW Add User to Distribution List

• NGW Remove User from Distribution List

• NGW Add Nickname to User

• NGW Reset Password

• NGW Change User Password

• NGW PP String

• NGW Delete Nickname of User

You must compile these adapters before they can be used in provisioning operations.

To compile adapters by using the Adapter Manager form:

1. Open the Adapter Manager form.

2. To compile all the adapters that you import into the current database, select Compile All.

   To compile multiple (but not all) adapters, select the adapters you want to compile. Then, select Compile Selected.

   Note:

   Click Compile Previously Failed to recompile only those adapters that were not compiled successfully. Such adapters do not have an OK compilation status.

3. Click Start. Oracle Identity Manager compiles the selected adapters.

4. If Oracle Identity Manager is installed in a clustered environment, then copy the compiled adapters from the OIM_HOME/xellerate/Adapter directory to the same directory on each of the other nodes of the cluster. If required, overwrite the adapter files on the other nodes.

If you want to compile one adapter at a time, then use the Adapter Factory form.

See Also:

Oracle Identity Manager Tools Reference Guide for information about using the Adapter Factory and Adapter Manager forms

To view detailed information about an adapter:

1. Highlight the adapter in the Adapter Manager form.

2. Double-click the row header of the adapter, or right-click the adapter.

3. Select Launch Adapter from the shortcut menu that is displayed. Details of the adapter are displayed.