| Oracle® Identity Manager Connector Guide for UNIX SSH Release 9.0.4 Part Number E10447-06 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for UNIX SSH Release 9.0.4 Part Number E10447-06 |
|
|
View PDF |
Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for SSH is used to integrate Oracle Identity Manager with target systems running AIX, HP-UX, Linux, and Solaris, using the SSH protocol.
This chapter contains the following sections:
Note:
In this guide, the term Oracle Identity Manager server refers to the computer on which Oracle Identity Manager is installed.Reconciliation involves duplicating in Oracle Identity Manager the creation of and modifications to user accounts on the target system. It is an automated process initiated by a scheduled task that you configure.
See Also:
The "Deployment Configurations of Oracle Identity Manager" section in Oracle Identity Manager Connector Concepts Guide for conceptual information about reconciliation configurationsThe following target system attributes are reconciled:
User Login
Note:
The connector does not support logins that differ by case only. It also requires all logins to be distinct considering that their values are automatically converted to uppercase by Oracle Identity Manager.For example, the user logins jdoe and JDOE would be considered different on a UNIX server. However, from Oracle Identity Manager, the input would always be passed as JDOE, because user ID values are stored only in uppercase in Oracle Identity Manager.
User UID
Primary Group Name
Default Shell
Home Directory
GECOS
Password Change Time
Account Expiry Date
Note:
For a trusted configuration, such as the HP-UX (trusted) mode, the Password Change Time and Account Expiry Date fields are not reconciled.Provisioning involves creating or modifying a user's account information on the target system through Oracle Identity Manager. You use the Oracle Identity Manager Administrative and User Console to perform provisioning operations.
See Also:
The "Deployment Configurations of Oracle Identity Manager" section in Oracle Identity Manager Connector Concepts Guide for conceptual information about provisioningFor this target system, the following fields are provisioned:
User Login
Password
Secondary Group Names
User UID
Primary Group Name
Default Shell
GECOS
Home Directory
Account Expiry Date
Note:
During provisioning, the maximum permitted date value for account expiry is 31-Dec-2099.Password Change Time
Create Home Directory
Skeleton Directory
Inactive Days
The following table lists the functions that are available with this connector.
| Function | Type | Description |
|---|---|---|
| Create User | Provisioning | Creates a user
When you use this function, in the User Defined process form:
|
| Delete User | Provisioning | Deletes a user |
| Update User UID | Provisioning | Updates user properties according to a change in the User UID attribute |
| Update User Group | Provisioning | Updates user properties according to a change in the User Group attribute |
| Update User Password Change Time | Provisioning | Updates user properties according to a change in the User Password Change Time attribute |
| Update Shell | Provisioning | Updates user properties according to a change in the Shell attribute |
| Update Home Directory | Provisioning | Updates user properties according to a change in the Home Directory attribute
Note: The home directory specified for a user should not contain spaces. |
| Update Account Expiry Date | Provisioning | Updates user properties according to a change in the Account Expiry Date attribute
Note: During provisioning, the maximum permitted date value for account expiry is 31-Dec-2099. |
| Update User GECOS | Provisioning | Updates user properties according to a change in the User GECOS attribute |
| Set Password | Provisioning | Updates user properties according to a change in the Password attribute
The changed password must conform to the password policy requirements of the target system. |
| Update Secondary Group Names | Provisioning | Updates user properties according to a change in the Secondary Group Names attribute
When you specify the secondary group name for the first time and then run this function, the primary group name is assigned the same value as the secondary group name. However, after the value of the primary group name is changed, you cannot set the secondary group name to the same value. On Solaris, the value of the Secondary Group Names field in the User Defined process form must always be different from the value of the Primary Group Name field. |
| Update Inactive Days | Provisioning | Updates user properties according to a change in the Update Inactive Days attribute
This function is not supported on AIX 5.2. |
| Update User Login | Provisioning | Updates user properties according to a change in the User Login attribute
On AIX 5.2, if the User GECOS value contains spaces, then this function does not work. |
| Disable User | Provisioning | Disables an existing user on the UNIX server
Note: Suppose that a user on the UNIX server is disabled. If the Set Password function is run on this user account, then the account is automatically reenabled. |
| Enable User | Provisioning | Enables a disabled existing user on the UNIX server
Before running this function, the Set Password function must be run. |
| Trusted Reconciliation for User | Reconciliation | Creates OIM User accounts corresponding to the reconciled user accounts from the UNIX server |
| Create User | Reconciliation | Reconciles user accounts from the UNIX server |
| Update User | Reconciliation | Updates the attributes of previously reconciled user accounts from the UNIX server |
| Delete User | Reconciliation | Reconciles user accounts that have been deleted from the UNIX server |
The connector supports the following languages:
Arabic
Chinese Simplified
Chinese Traditional
Danish
English
French
German
Italian
Japanese
Korean
Portuguese (Brazilian)
Spanish
Note:
However, the connector does not support the entry of multibyte characters in some of the fields. Appendix A, "Attribute Mappings Between Oracle Identity Manager and UNIX SSH" provides information about the fields in which multibyte characters are not supported.See Also:
Oracle Identity Manager Globalization Guide for information about supported special charactersThe files and directories on the installation media are listed and described in Table 1-1.
Table 1-1 Files and Directories on the Installation Media
| File in the Installation Media Directory | Description |
|---|---|
configuration/UNIX SSH-CI.xml |
This XML file contains configuration information that is used during connector installation. |
ext/sshfactory.jar |
This file contains the JSCAPE libraries. These libraries are used to open an SSH session with the target server. During connector deployment, this file is copied into the following directories: OIM_HOME/xellerate/ThirdParty
|
lib/xliSSH.jar |
This file contains the Java classes that are required to support provisioning and reconciliation in SSH. During connector deployment, this file is copied into the following directories: OIM_HOME/xellerate/JavaTasks OIM_HOME/xellerate/ScheduleTask |
|
Files in the |
Each of these resource bundles contains language-specific information that is used by the connector. During connector deployment, these resource bundles are copied into the following directory: OIM_HOME/xellerate/connectorResources
Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the user interface of Oracle Identity Manager. These text strings include GUI element labels and messages displayed on the Administrative and User Console. |
scripts/privateKeyGen.sh |
This file is used to generate the private key in SSH. |
scripts/sudoers |
This file contains the SUDO user specifications and configurations. |
test/config/config.properties |
This file is used to specify the parameters and settings required to connect to the target system by using the testing utility. |
test/config/log.properties |
This file is used to specify the log level and the directory in which the log file is to be created when you run the testing utility. |
config/userAttribute_NonAIX_prov.properties |
This file contains the parameters required for dynamic provisioning on non-AIX platforms. |
config/userAttribute_AIX_prov.properties |
This file contains the parameters required for dynamic provisioning on AIX platform. |
config/userAttribute_NonAIX_recon.properties |
This file contains the parameters required for dynamic reconciliation on non-AIX platforms. |
config/userAttribute_AIX_recon.properties |
This file contains the parameters required for dynamic reconciliation on AIX platform. |
test/scripts/SSH.bat test/scripts/SSH.sh |
This file contains the script required to run the client for running test calls from the Oracle Identity Manager server. |
xml/SSHNonTrustedUser.xml |
This XML file contains definitions for the following SSH User components of the connector:
|
xml/XellSSHUser.xml |
This XML file contains the configuration for the Xellerate User (OIM User) and the definition of the trusted source reconciliation schedule task. You must import this file only if you plan to use the connector for trusted source reconciliation. |
You might have a deployment of an earlier release of the connector. While deploying the latest release, you might want to know the release number of the earlier release. To determine the release number of the connector that has already been deployed:
In a temporary directory, extract the contents of the following JAR file:
OIM_HOME/xellerate/JavaTasks/xliSSH.jar
Open the manifest.mf file in a text editor. The manifest.mf file is one of the files bundled inside the xliSSH.jar file.
In the manifest.mf file, the release number of the connector is displayed as the value of the Version property.
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|