| Oracle® Identity Manager Connector Guide for Sun Java System Directory Release 9.0.4 Part Number E10446-04 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for Sun Java System Directory Release 9.0.4 Part Number E10446-04 |
|
|
View PDF |
This chapter provides an overview of the updates made to the software and documentation for the Sun Java System Directory connector in release 9.0.4.4.
The updates discussed in this chapter are divided into the following categories:
This section describes updates made to the connector software.
Documentation-Specific Updates
This section describes major changes made to this guide. These changes are not related to software updates.
The following sections discuss updates made from release 9.0.4 to the current release of the connector:
The following are software updates in release 9.0.4.1_6742889:
Support for New Attributes and Object Classes for Reconciliation and Provisioning
Support for Configuring Both Target Resource and Trusted Source Reconciliation
Changes in the Directory Structure of the Connector Files on the Installation Media
The following are issues resolved in release 9.0.4.1_6742889:
| Bug Number | Issue | Resolution |
|---|---|---|
| 5353476 | A limited subset of target system attributes was available for reconciliation. | You can now expand the subset of target system attributes for reconciliation. |
| 6332970 | Provisioning was limited to the default object class (inetorgperson) of Sun Java System Directory. |
You can specify the mandatory and optional attributes of a custom object class that you want to use for provisioning operations. |
| 6333007 | A limited subset of target system attributes was available for trusted source reconciliation. | The subset of attributes has been expanded. |
| 6521484 | There was scope for improvement in the reconciliation of deleted user data. | Reconciliation of deleted user data has been optimized. To realize the full benefit of this change, you must upgrade the Oracle Identity Manager installation to Oracle Identity Manager release 9.0.3.0.8a or later (or the equivalent in the release 9.0.1, 9.0.3.1, and 9.1 tracks). Contact Oracle Global Support for further information on the equivalent Oracle Identity Manager patch. |
You can add new attributes and object classes for reconciliation and provisioning. See the following sections for more information:
You can now use a native query for implementing partial reconciliation. In the earlier release, you could use only queries specified in a non-native format to implement partial reconciliation. To implement this feature, the IsNativeQuery attribute has been added to the scheduled task.
See "Partial Reconciliation" for more information.
You can now configure the connector for both target resource and trusted source reconciliation. The reconciliation scheduled task has been modified to implement this feature. To implement this feature, the DualMode attribute has been added to the scheduled task.
Note:
The Dual Mode Reconciliation feature has been desupported from release 9.0.4.3 onward.The xliIPlanet.jar file has been split into two files, SJSDSProv.jar and SJSDSRecon.jar. Corresponding changes have been made in the following sections:
The following are issues resolved in release 9.0.4.1_6858468:
| Bug Number | Issue | Resolution |
|---|---|---|
| 6858468 | If you performed an Update User provisioning operation on a user who was created directly under the root context, then an error was encountered. | This issue has been resolved. You can now perform Update User provisioning operations on users who are created directly under the root context. |
| 6488868 | For connector operations, you had to use an administrator account on the target system with maximum privileges. | You can now create a target system account with specific privileges for connector operations. See "Creating a Target System User Account for Connector Operations" for more information. |
The following are software updates in release 9.0.4.2:
From Oracle Identity Manager release 9.1.0 onward, the Administrative and User Console provides the Connector Installer feature. This feature can be used to automate the connector installation procedure.
See "Installing the Connector on Oracle Identity Manager Release 9.1.0 or Later" for more information.
The following are issues resolved in release 9.0.4.2:
| Bug Number | Issue | Resolution |
|---|---|---|
| 7262351 | User details and group details are stored in separate object classes on the target system. For each target system user, a new connection to the target system was opened for fetching the user's group membership details during a reconciliation run. Performance was adversely affected if a large number of connections were opened. | This issue has been resolved. A single connection is used to fetch group membership details. This connection is kept open until the end of the reconciliation run. |
| 7282425 | A reconciliation search filter and sort query are run on the target system records during reconciliation. If the target system contained a large number of users, then the reconciliation process was very slow. | In earlier releases, target system records were sorted on the basis of the modifytimestamp attribute. You can now create a VLV index on the target system and select the attribute on the basis of which target system records must be sorted during reconciliation. See "Creating a VLV Index" for information about the procedure to create VLV index. |
The following are software updates in release 9.0.4.3:
Sun ONE Directory Server 6.3 has been added to the list of certified target system versions. See "Verifying Deployment Requirements" for information about the full list of certified target system versions.
In earlier releases, the connector supported dual mode reconciliation in which you ran both trusted source and target resource reconciliation on the target system. From this release onward, the connector does not support dual mode reconciliation.
From this release onward, the following procedures are supported:
Adding New Multivalued Attributes for Target Resource Reconciliation
Enabling Update of New Multivalued Attributes for Provisioning
In the "Reconciled Resource Object Fields" section, the following fields have been added to the list of fields covered by target resource reconciliation:
NsuniqueID
Common Name
Status
In the "Reconciled Xellerate User (OIM User) Fields" section, the Status field has been added to the list of fields covered by trusted source reconciliation.
In the "Provisioning Module" section, the Common Name field has been added to the list of fields covered by provisioning.
The following are issues resolved in release 9.0.4.3:
| Bug Number | Issue | Resolution |
|---|---|---|
| 7612234 | The following is the format of the time-stamp filter applied to each target system record during reconciliation:
timestamp_record_updated >= last_reconciliation_run_timestamp When this filter was applied, a record that was added or modified at the instant the reconciliation run ended was also reconciled. However, the application of the time-stamp filter caused the same record to be reconciled during the next reconciliation run. |
This issue has been resolved.
The time-stamp filter cannot be changed to the following: timestamp_record_updated > last_reconciliation_run_timestamp As a workaround, one second is added to the time stamp recorded in the IT resource before the filter is applied during a reconciliation run. In other words, the filter is changed to the following: timestamp_record_updated + 1 second >= last_reconciliation_run_timestamp Application of this filter ensures that a record reconciled at the end of a reconciliation run is not reconciled during the next reconciliation run. |
| 7557852 | The following issue was observed if you created and then disabled a user on the target system before the user was reconciled into Oracle Identity Manager:
After the reconciliation run, the OIM User was created with the Active status. |
This issue has been resolved. If the user is Disabled on the target system, then the user is created with the Disabled status on Oracle Identity Manager.
Note: The minimum release of Oracle Identity Manager that supports reconciliation of status data is release 9.0.3.2. This requirement is mentioned later in the guide. |
| 7516594 | Suppose you had two organizations with the same name and at different locations on the target system, for example:
ou=PeopleOrg,dc=support ou=PeopleOrg,ou=Engineering,dc=support After lookup field reconciliation, the Code Key column was populated with the DN value and the Decode key was populated with the organization name. Because provisioning was based on the Decode key, the user was sometimes provisioned to the wrong organization. |
This issue has been resolved. Provisioning operations are performed in the specified organization even if there is more than one organization with the same name. |
| 7478975 and 7676228 | During reconciliation of deleted users, records of users who had been newly created or modified were also fetched into Oracle Identity Manager.
The |
This issue has been resolved. New scheduled tasks have been introduced in this release. See "Configuring the Reconciliation Scheduled Tasks" for more information. |
| 7386568 | During lookup reconciliation, roles names are reconciled in the same case (uppercase and lowercase) in which they are stored in the target system lookup field.
When you assign a role to a user on the target system, the role name is converted to lowercase letters in the user record. When you reconcile this user into Oracle Identity Manager, the role name is stored in Oracle Identity Manager in the same case (uppercase and lowercase) in which it is stored on the target system. If the role assigned to a user was stored in a different case in the lookup definition, then the role details were not displayed along with the rest of the user details in Oracle Identity Manager. |
This issue has been resolved. During lookup field reconciliation, names of all roles are converted to lowercase. With this update, roles assigned to users can be matched with the roles in the lookup definition and, therefore, role details can be displayed in Oracle Identity Manager.
For information about a limitation related to this resolution, see Bug 8276871 in the "Known Issues" chapter. |
| 7345488 | Incremental reconciliation did not work if you set the IsNativeQuery attribute to yes and also specified a value for the CustomizedReconQuery parameter. |
The IsNativeQuery attribute and CustomizedReconQuery parameter have been replaced by the searchfilter scheduled task attribute.
See "User Reconciliation Scheduled Task" for more information. |
| 6937079 | Only a single time-stamp format was supported. The time stamp is used during reconciliation to identify newly added or modified target system records. | This issue has been resolved. You can now use the TARGET_TIMESTAMP_SEARCHFORMAT parameter in the IPNT.Parameter lookup definition to specify the time-stamp format.
See "Setting Up Lookup Definitions in Oracle Identity Manager" for more information. |
| 6792067 | The target system allows you to change the user ID (UID) of a user. However, when reconciliation was performed after the user ID of a user was changed on the target system, a new account was created for the user in Oracle Identity Manager. | This issue has been resolved. The nsuniqueid field of the target system is now used as the key field for reconciliation matching. This field is populated by the target system during user creation. |
| 7676205 | The Prov Attribute Lookup Code and Attribute Lookup Code IT resource parameters did not have default values. | This issue has been resolved. The following default values have been assigned to these parameters:
|
| 7721222 | When you disable a user on the target system:
When you disabled a user on Oracle Identity Manager, only the |
This issue has been resolved. When you disable a user on Oracle Identity Manager, the cn=nsmanageddisablerole role is assigned to the user and the nsaccountlock flag of the user's record is set to TRUE.
For information about a limitation related to this resolution, see Bug 8294827 in the "Known Issues" chapter. |
| 7707148 and 7676263 | Batched reconciliation did not work if you set the BatchSize attribute to 0.
The |
This issue has been resolved. If you set the BatchSize attribute to 0, then all target system records are fetched into Oracle Identity Manager at the same time. In other words, set the BatchSize attribute to 0 if you do not want to implement batched reconciliation.
The |
| 7680631 | During a provisioning operation, the e-mail address that you specified for the user was not propagated to the target system. | This issue has been resolved. During provisioning operations, the e-mail address is propagated to the target system along with the rest of the user data fields. |
| 7676299 | Two lookup definitions were mapped to the same group data table on the target system. | This issue has been resolved. One of the lookup definitions has been deleted. |
| 7676283 | Default roles and groups were assigned to users during provisioning operations. | This issue has been resolved. Default roles and groups are not assigned during provisioning operations. |
The following are software updates in release 9.0.4.4:
The high-availability feature for ITResource is now supported by the connector. This feature enables the connector to perform operations using the backup servers if the primary LDAP server fails or is unavailable.
The connector now supports attribute mapping for groups and roles. New attributes can be added for groups and roles, and they can be provisioned and reconciled.
The following are issues resolved in release 9.0.4.4:
| Bug Number | Issue | Resolution |
|---|---|---|
| 8287081 | The connector did not support attribute mapping for Roles and Groups. | This issue has been resolved. The connector now supports attribute mapping for groups and roles. New attributes can be added for groups and roles, and they can be provisioned and reconciled. |
| 8287058 | The Organization Name in the Resource Object form for Groups and Roles field was a text field instead of a lookup field. | This issue has been resolved. The Organization Name in the Resource Object form for Groups and Roles is now modified to a look up field. |
The following documentation-specific updates have been made in the guide:
There are no known issues associated with this release of the connector. Points that were earlier listed in the "Known Issues" chapter have been moved to the "Guidelines to Be Applied While Using the Connector" section.
Changes have been made in the "Configuring SSL" section.
Instructions to create or modify the ACI for the user account have been added in the following sections:
The following are documentation-specific updates in release 9.0.4.3:
In the "Multilanguage Support" section, Arabic has been added to the list of supported languages.
In the "Testing and Troubleshooting" chapter, the "Testing Partial Reconciliation" and "Testing Batched Reconciliation" sections have been removed.
In the "Known Issues" chapter, known issues have been added.
The following are documentation-specific updates in release 9.0.4.4:
In the "Configuring the IT Resource" section, IT resource parameters have been added.
In the "Importing the Connector XML File" section, IT resource parameters have been added.
In the "Deploying the Connector" chapter, the "Configuring High Availability of the Target System" section has been added.
In the "Verifying Deployment Requirements" section, changes have been made in the "Target systems" row.
In the "Specifying Values for the Scheduled Task Attributes" section, the "Group and Role Reconciliation Scheduled Task" section has been added.
In the "Compiling Adapters" section, the adapter list has been updated.
In the "Provisioning Organizational Units, Groups, and Roles" section, the lookup definition for provisioning Group and Role in organization unit has been added.
In the "Configuring the Connector" chapter, the "Adding New Attributes for Group or Role Reconciliation" section has been added.
In the "Adding New Multivalued Attributes for Target Resource Reconciliation" section, a Note has been added for provisioning multivalued attributes for Group and Role.
In the "Known Issues" chapter, known issues have been removed.
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
