Oracle® Identity Manager Connector Guide for Oracle Internet Directory Release 9.0.4 Part Number E10436-07 |
|
|
View PDF |
This chapter provides an overview of the updates made to the software and documentation for the Oracle Internet Directory connector in release 9.0.4.6.
See Also:
The earlier release of this guide for information about updates that were new for that releaseThe updates discussed in this chapter are divided into the following categories:
This section describes updates made to the connector software.
Documentation-Specific Updates
This section describes major changes made to this guide. These changes are not related to software updates.
The following sections discuss updates made from release 9.0.4 to the current release of the connector:
The following is a software update in release 9.0.4.1:
The xliOID.jar
file has been split into two files, OIDProv.jar
and OIDRecon.jar
. Corresponding changes have been made in the following sections:
The following are resolved issues in release 9.0.4.1_6673431:
Bug Number | Issue | Resolution |
---|---|---|
6673431 | Delete reconciliation was run after trusted source reconciliation. This sequence resulted in deletion of some OIM Users who were not actually deleted on the target system. | This issue has been resolved. During a trusted source reconciliation run, the API that implements Delete reconciliation is called before reconciliation of existing target system records. |
The following are resolved issues in release 9.0.4.2:
Bug Number | Issue | Resolution |
---|---|---|
7003824 | If you added an object class and its attributes, then subsequent Create User provisioning operations failed. An error message similar to the following one was displayed as the outcome of the provisioning operations:
|
This issue has been resolved. You can now add an object class and then perform Create User provisioning operations. See "Adding New Object Classes for Provisioning and Reconciliation" for more information.
Note: A trusted source reconciliation run fails if it involves user-defined fields (UDFs). This issue is tracked through Bug 7047363. |
The following is a software update in release 9.0.4.3:
From Oracle Identity Manager release 9.1.0 onward, the Administrative and User Console provides the Connector Installer feature. This feature can be used to automate the connector installation procedure.
See "Installing the Connector on Oracle Identity Manager Release 9.1.0 or Later" for details.
The following are resolved issues in release 9.0.4.4:
Bug Number | Issue | Resolution |
---|---|---|
7257647 | The connector did not support batched or paged reconciliation. There were performance issues related to this limitation. | The connector now supports paged reconciliation. You can implement this feature if the target system is Oracle Internet Directory 10.1.4.0.1 or later. See "Paged Reconciliation" for more information. |
7306055 | There was scope for improvement in the performance of the following provisioning operations:
|
The performance of provisioning operations that involve group or role membership changes has been enhanced. |
The following are resolved issues in release 9.0.4.5:
Bug Number | Issue | Resolution |
---|---|---|
7564492, 6334595, 6317860 | Incremental reconciliation was not supported.
If you deleted one user from one organization on the target system and then performed trusted source delete reconciliation, then all users were deleted from all organizations in Oracle Identity Manager. During reconciliation, user data was fetched from the target system, regardless of whether or not it had been modified. |
Incremental reconciliation is now supported. |
6312504 | IT resource parameters for the names of the lookup definitions for reconciliation and provisioning were set to NULL when you restarted Oracle Identity Manager. | The names of the lookup definitions are set as the default values of the IT resource parameters. These parameters are not set to NULL when you restart Oracle Identity Manager. |
6168631 | In earlier releases, you had to use the orcladmin account on the target system for reconciliation and provisioning operations. | This issue has been resolved. You can now create a user on the target system, assign the minimum required permissions to the user, and then use it for connector operations. |
6312344 | The default value of the Organization DN field on the Administrative and User Console was cn=user. | The Organization DN field has been changed to a lookup field, and the default value has been removed. You can now select a value in this lookup field. |
6804852 | The Manager ID field was not available for reconciliation and provisioning. | The Manager ID field has been added to the list of fields that are available for reconciliation and provisioning. |
7233799 | At the end of a successful provisioning operation, the "Mapping Not Found" message was recorded in the log file. This message has now been removed. | This issue has been resolved. The "Mapping Not Found" message is no longer recorded in the log file at the end of a successful provisioning operation.
The following are some of the entries in the AttrName.Prov.Map.OID lookup definition. You must ensure that these entries are not changed. ldapUserID: cn ldapFirstName: givenName ldapLastName: sn ldapPassword: userPassword |
6987536 | The Start Date and End Date fields of the target system were not used by the connector. | This issue has been resolved. The Start Date and End Date fields have been added for reconciliation and provisioning operations. |
7022721 | The process form had two fields for two object classes. This imposed a limitation on the number of objectclasses to which a user could be assigned during a Create User provisioning operation. | This issue has been resolved. The Objectclassess field replaces the two fields on the process form. You can enter a list of objectclasses in this field during a provisioning operation. Use the vertical bar (|) as the delimiter character in the list of objectclasses. |
7047363 | You could not add to the default attribute mappings for reconciliation. | This issue has been resolved. You can now use the AttrName.Recon.Map.OID lookup definition to add attributes for reconciliation. See "Adding the Object Class and its Attributes to the Lookup Definition for Reconciliation" in the connector guide for more information. |
6490731 | The length of the Password field was 14 bytes. | The length of the Password field has been increased to 30 bytes. |
7434067 | A reconciliation error was encountered if you applied a custom reconciliation query that filtered user records by both role assignment and group membership. For example, application of the following reconciliation query would result in an error:
role=role1&group=group1 |
This issue has been resolved. Any combination of the following attributes can be used in the query:
Limitation: The custom reconciliation query must not include field values that contain any of the following characters:
In addition, the field values must not contain the word "group" or "role." The following are examples of query conditions that are invalid: givenname="mary&brown" This value is invalid because it contains the ampersand (&). givenname="johngroup" This value is invalid because it contains the word group. |
7360833 | The name of the IT resource type for all LDAP-based connectors was LDAP Server. | This issue has been resolved. The IT resource type for the Oracle Internet Directory connector has been renamed to "OID IT Resource." |
7308328 | A space after a comma in the DN value would cause a reconciliation error. | This issue has been resolved. DN values that have a space after the comma are now correctly reconciled.
You implement this solution by copying the JAR files as part of the deployment procedure. |
7218933 | The "INSUFFICIENT_INFORMATION_PROVIDED" message was displayed if any process form field was left empty during a provisioning operation. The field itself was not pointed out by the message. | This issue has been resolved. The name of the field in which a value has not been provided is included in the message displayed on the console. |
7120339 | The INSUFFICIENT_INFORMATION_PROVIDED error message was not mapped in the resource bundle. | This issue has been resolved. The error message is now mapped in the resource bundle. |
7165810 | When you changed the name of an organizational unit through a provisioning operation, the existing OU was deleted and then re-created with the new name that you specified. | This issue has been resolved. The name of the OU is actually changed when you perform the Change OU Name provisioning operation. The OU is not deleted and re-created with the new name.
You implement this solution by copying the JAR files as part of the deployment procedure. |
6275476 | On the target system, DNs of groups are not case-sensitive. In Oracle Identity Manager, group DNs are case-sensitive. This caused problems during reconciliation of group membership details. |
|
7423099 | Special characters were not supported in the First Name and Last Name fields on the process form. | This issue has been resolved. See "Provisioning Module" in the connector guide for information about the special characters that are supported in process form fields.
You implement this solution by copying the JAR files as part of the deployment procedure. |
6489877 | The connector supported neither Mode 1 nor Mode 2 secure connections to Oracle Internet Directory. | The connector supports Mode 1 secure connections to Oracle Internet Directory.
See "Configuring SSL" in the connector guide for detailed information. |
7564599 | During a Create Group provisioning operation, it was mandatory to specify a parent OU for the group. | This issue has been resolved. If a parent OU is not specified, then the group is created under the DN context. |
7601582 | The User Deletion Successful message was displayed when the Delete User provisioning operation was performed on a user who had already been deleted on the target system. | The message has been corrected. |
7301659 | The orclguid field of the target system stores identifier for each LDAP entry in Oracle Internet Directory. The connector did not fetch and store the orclguid of target system users. | This issue has been resolved. The connector now retrieves and stores the orclguid field of target system users. |
The following are the software updates in release 9.0.4.6:
From this release onward, the connector supports the reconciliation and provisioning of multivalued attributes. See "Adding New Multivalued Attributes for Reconciliation and Provisioning" for the procedure to add new multivalued attributes for reconciliation and provisioning.
From this release onward, the connector adds support for Oracle Internet Directory 11gR1 as the target system.
This target system is mentioned in the "Verifying Deployment Requirements" section of the connector guide.
The following sections discuss documentation-specific updates in the guide:
The following documentation-specific update has been made in releases 9.0.4.1 through 9.0.4.5:
New points have been added in the "Known Issues" chapter.
The following documentation-specific updates have been made in release 9.0.4.6:
In the "Configuring the Connector" chapter:
The "Configuring the Connector for Multiple Installations of the Target System" section has been removed. This feature is not supported by default.
The following sections have been added:
In the "Lookup Fields Reconciliation Scheduled Task" section:
The name of the reconciliation scheduled task has been changed from OID Group Lookup Reconciliation Task
to OID Lookup Reconciliation Task
.
The AttrType
attribute has been added to the list of OID Lookup Reconciliation Task
reconciliation scheduled task attributes.
The LookupCodeName
attribute values for groups, roles, and organization and organization unit have been changed.
The "Customizing the xlconfig.xml File" section has been moved from the "Configuring the Oracle Identity Manager Server" section to a new location. The instructions described in the "Customizing the xlconfig.xml File" section are now performed before installing the connector.
In the "Setting Up Lookup Definitions in Oracle Identity Manager" section:
The name of the lookup definition has been changed from global.AttrName.Prov.Map.OID.Preferred-Language
to Lookup.OID.PrefLang.
The global.AttrName.Prov.Map.OID.Location
and global.AttrName.Prov.Map.OID.Time-Zone
definitions have been removed as they have been converted into text fields.
In the "Deploying the Connector" chapter, the procedure to add custom object classes and custom attributes on the target system has been removed.
In the "Verifying Deployment Requirements" section, changes have been made in the "Target systems" row.