| Oracle® Identity Manager Connector Guide for IBM OS/400 Advanced Release 9.0.4 Part Number E10452-04 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for IBM OS/400 Advanced Release 9.0.4 Part Number E10452-04 |
|
|
View PDF |
This connector enables real-time reconciliation of user data from the target system. After you deploy the connector and import existing user data from the target system to Oracle Identity Manager, you need not depend on a scheduled task to start reconciliation runs with the target system.
This chapter discusses the following topics:
The XML file for trusted source reconciliation, oimAs400TrustedXellerateUser.xml, contains definitions of the connector components that are used for trusted source reconciliation. To import this XML file:
Note:
The procedure described in this section enables trusted source reconciliation for both the initial reconciliation run and subsequent real-time reconciliation runs.Click the Deployment Management link on the left navigation pane.
Click the Import link under Deployment Management. A dialog box for opening files is displayed.
Locate and open the oimAs400TrustedXellerateUser.xml file, which is in the OIM_HOME/XLIntegrations/as400/xml directory. Details of this XML file are shown on the File Preview page.
Click Add File. The Substitutions page is displayed.
Click Next. The Confirmation page is displayed.
Click Import.
In the message that is displayed, click Import to confirm that you want to import the XML file, and then click OK.
The initial reconciliation run involves importing user data from the target system into Oracle Identity Manager, immediately after you deploy the connector.
To start the initial reconciliation run:
Ensure that properties that are common to both the run script and the run_initial_recon_provisioning script have the same values.
The run script is located in the LDAP_INSTALL_DIR/bin directory. The run_initial_recon_provisioning script is located in the OIM_HOME/JavaTasks directory.
In a text editor, open the OIM_HOME/JavaTasks/initialAs400Adv.properties file.
In the initialAs400Adv.properties file, specify values for the properties that control the initial reconciliation script.
Note:
Ensure that properties that are common to both the initialAs400Adv.properties file and as400Connection.properties file have the same values.The properties in the file that control initial reconciliation are:
xlAdminId: Oracle Identity Manager administrator ID.
idfTrusted: Enter true as the value of this property to specify that you want to perform trusted source reconciliation with the target system. Enter false to specify target resource reconciliation.
_resourceObject_: Resource object for reconciliation.
_itResource_: IT resource for target resource reconciliation.
isFileRecon: The value for this is true, which specifies file-based initial reconciliation. You cannot change this value.
userFile: Enter the name of the TXT file in which you have stored the user IDs of the target system users that you want to reconcile. This file must be placed in the OIM_HOME/Javatasks directory:
For more information about this file, see the sample user.txt file in the scripts directory on the installation media.
reconAttrs: Fields that are reconciled.
idfServerUrl: Enter the LDAP Gateway host and port.
Note:
If you are configuring the LDAP Gateway on the computer on which Oracle Identity Manager is installed, then specify
localhost as the host name in the value of the idfServerUrl property. If you are configuring the LDAP Gateway on a different computer, then specify the host name or IP address of that computer. However, it is recommended that you install the LDAP Gateway on the same computer on which Oracle Identity Manager is installed.You are not allowed to change the values of the rest of the properties in the initialAs400Adv.properties file.
The following is a sample set of values for the properties in the initialAs400Adv.properties file:
xlAdminId:xelsysadm _resourceObject_:OIMAS400AdvResourceObject _itResource_:AS400AdvResource idfTrusted:false isFileRecon:true userFile:/tmp/user.txt idfServerUrl:ldap://localhost:5389 idfAdminDn:cn=idfAs400Admin, dc=as400,dc=com idfAdminPwd:idfAs400Pwd ouPeople:ou=People ouGroups:ou=Files ouBaseDn:dc=as400,dc=com idfSystemAdminDn:cn=Directory Manager, dc=system,dc=backend idfSystemAdminPwd:testpass idfSystemDn:dc=system,dc=backend reconAttrs:uid,userPassword,text,passwordExpire,status,owner,inlpgm,usrcls,grpprf,inlmnu,supgrpprf,jobd,lmtcpb
In a text editor, open the OIM_HOME/JavaTasks/run_initial_recon_provisioning script.
To perform trusted source reconciliation:
Set the value of the JV parameter in the script to –X to reconcile Xellerate User.
Run the script.
When you run the script, it opens the file (whose name is the value of the userFile property) containing user data and reads the user IDs of the users that you want to reconcile. Then, the loader, which is the initial load script, connects to the LDAP Gateway and issues commands to fetch the required user data from the target system. This data is loaded in the LDAP Gateway cache and reconciliation events are submitted to Oracle Identity Manager. Xellerate Users are created for all the target system users identified by the userFile property in the initialAs400Adv.properties file.
In the run_initial_recon_provisioning script, change the value of the JV parameter to -R to run target resource reconciliation.
Run the script again.
Because you have set the value of the JV parameter in the script to -R, target resource reconciliation is performed when you run the script. Resources are assigned to each OIM User that was created when you first ran the script.
To perform target resource reconciliation only:
Note:
Ignore step 6 if you want to run trusted source reconciliation.In a text editor, open the initialAs400Adv.properties file and enter false as the value of the idfTrusted property to specify that you want to perform target resource reconciliation with the target system.
Make the same change in the as400Connection.properties file.
In the run_initial_recon_provisioning script, change the value of the JV parameter to -P to run target resource reconciliation.
Run the script again.
Because you have set the value of the JV parameter in the script to -P, target resource reconciliation is performed when you run the script.
After the initial reconciliation run ends, real-time reconciliation takes over and newly created or modified user data is automatically reconciled into Oracle Identity Manager.
Note:
If you want to configure provisioning and initial reconciliation but not real-time reconciliation, then see step 7 in "Installing and Configuring the LDAP Gateway".If a problem exists with fault tolerance and the LDAP Gateway and Reconciliation Agent are down for a long time, and there is a possibility of losing user data, then run full reconciliation.
When a user is disabled or enabled on the target system, the user is reconciled and the changed status is reflected in Oracle Identity Manager. To configure the reconciliation of account status data:
In the LDAP_INSTALL_DIR directory, add the name of the status attribute to the reconAttrs section in the as400Connection.properties file.
Make the same change in the initialAs400Adv.properties file, which is in the OIM_HOME/JavaTasks directory.
Restart the LDAP Gateway for the changes to take effect.
In the Design Console:
See Also:
Oracle Identity Manager Design Console Guide for detailed information about the following stepsIn the OIMAs400ResourceObject resource object, create a field to represent the status attribute.
In the OIMAs400ProvisioningProcess process definition, map the field for the status attribute to the OIM_OBJECT_STATUS field.
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|