10 Preparing Directories Other than Oracle Internet Directory

This chapter explains how to prepare directories other than Oracle Internet Directory for Oracle Access Manager and Oracle Identity Manager. This requires the directory schema to be extended for supporting Oracle Access Manager-specific schema elements.

Deployments that allow schema extensions in the back-end directory use the approach explained in Section 10.1, "Preparing a Directory for Fusion Applications, Oracle Access Manager, and Oracle Identity Manager."

In deployments where the back-end schema extension is not allowed in the enterprise Identity Store, use Oracle Internet Directory as a shadow directory and use Oracle Virtual Directory to merge the entities from the directories. The configuration requirements for such deployments is described in Section 10.2, "Configuring Multiple Directories as an Identity Store: Split Profile with Oracle Virtual Directory."

Some deployments might have both internal and external entities. Configuration requirements for such deployments is described in Section 10.3, "Configuring Multiple Directories as an Identity Store: Distinct User and Group Populations in Multiple Directories."

This chapter contains the following topics:

• Section 10.1, "Preparing a Directory for Fusion Applications, Oracle Access Manager, and Oracle Identity Manager"

• Section 10.2, "Configuring Multiple Directories as an Identity Store: Split Profile with Oracle Virtual Directory"

• Section 10.3, "Configuring Multiple Directories as an Identity Store: Distinct User and Group Populations in Multiple Directories"

10.1 Preparing a Directory for Fusion Applications, Oracle Access Manager, and Oracle Identity Manager

This section explains how to configure Active Directory.

It contains the following topics:

• Section 10.1.1, "Configuring Active Directory for Use with Oracle Access Manager and Oracle Identity Management"

• Section 10.1.2, "Disable Oracle Virtual Directory Access Control"

10.1.1 Configuring Active Directory for Use with Oracle Access Manager and Oracle Identity Management

This section describes how to configure Active Directory. Extend the schema in Active Directory as follows.

1. Locate the following files:

   IDM_ORACLE_HOME/oam/server/oim-intg/ldif/ad/schema/ADUserSchema.ldif

   IDM_ORACLE_HOME/oam/server/oim-intg/ldif/ad/schema/AD_oam_pwd_schema_add.ldif

2. In both these files, replace the domain-dn with the appropriate domain-dn value

3. Use ldapadd from the command line to load the two LDIF files, as follows.

   ldapadd -h activedirectoryhostname -p activedirectoryportnumber -D AD_administrator -q -c -f file
   

   where AD_administrator is a user which has schema extension privileges to the directory

   For example:

   ldapadd -h "activedirectoryhost.mycompany.com" -p 389 -D adminuser –q -c -f ADUserSchema.ldif
   ldapadd -h "activedirectoryhost.mycompany.com" -p 389 -D adminuser -q -c -f AD_oam_pwd_schema_add.ldi
   

4. Then go to:

   MW_HOME/oracle_common/modules/oracle.ovd_11.1.1/oimtemplates

   Run the following command to extend Active Directory schema:

   sh extendadschema.sh -h AD_host -p AD_port -D 'administrator@mydomain.com' -AD "dc=mydomain,dc=com" -OAM true
   

   The command is extendadschema.bat on Windows.

10.1.2 Disable Oracle Virtual Directory Access Control

f you are using Active Directory as your directory store you need to Disable the Access Control Flag in OVD. To do this perform the following steps:

1. In a web browser, go to Oracle Directory Services Manager (ODSM) at: http://admin.mycompany.com/odsm

2. Connect to each Oracle Virtual Directory instance by using the appropriate connection entry.

3. Navigate to Advanced->ServerSettings->Settings.

4. Deselect Enable Access Control.

5. Click Save.

6. Click Apply.

10.2 Configuring Multiple Directories as an Identity Store: Split Profile with Oracle Virtual Directory

This section describes how to configure two parallel directories. Oracle Virtual Directory links them together to present a single DIT view to clients. It contains the following topics:

• Section 10.2.1, "Directory Structure Overview"

• Section 10.2.2, "Configuring Oracle Virtual Directory Adapters and Plug-ins"

10.2.1 Directory Structure Overview

Figure 10-1 shows the directory structure in the primary store and application store.

Figure 10-1 Directory Structure

Figure 10-2 shows how the DIT appears to a user or client application.

Figure 10-2 Client View of the DIT

10.2.2 Configuring Oracle Virtual Directory Adapters and Plug-ins

Figure 10-3 provides an overview of the configuration.

Figure 10-3 Configuration Overview

Create the user adapter on the Oracle Virtual Directory instances running on OVDHOST1 and OVDHOST2 individually. Follow these steps to create the User Adapter in Oracle Virtual Directory using Oracle Directory Services Manager:

1. Start the Administration Server and the WLS_ODSM Managed Servers as described in Section 19.1, "Starting and Stopping Oracle Identity Management Components."

2. In a web browser, go to Oracle Directory Services Manager (ODSM) at:

   http://admin.mycompany.com/odsm

3. Create connections to each of the Oracle Virtual Directory instances running on OVDHOST1 and OVDHOST2, if they do not already exist.

4. Connect to each Oracle Virtual Directory instance by using the appropriate connection entry.

5. On the Home page, click the Adapter tab.

6. Start the New Adapter Wizard by clicking Create Adapter at the top of the adapter window.

7. Create new adapters using the New Adapter Wizard, with the parameters shown in the following tables.

10.2.2.1 User/Role Adapter A1

Table 10-1 User/Role Adapter A1

Screen	Field	Value
Type	Adapter Type	LDAP
	Name	User_Adapter_A1
	Adapter Template	FAPrimary_User_OID FAPrimary_User_ActiveDirectory Choose the correct template for the LDAP directory you are connecting to.
Connection	Use DNS for Auto Discovery	No
	Host	Enter the host or virtual name of the directory host, for example: ad.mycompany.com
	Port	Enter the port to connect to the LDAP directory on.
	Use SSL/TLS	Select this value if you connect to your LDAP directory using SSL or if you are using Active Directory.
	SSL Authentication Mode	If you connect to your LDAP directory using SSL, choose the authentication mode. If using Active Directory select Server Only Authentication (Mutual Authentication).
	Server Proxy Bind DN	A bind DN that has administrative rights on the directory server. For example: cn=AdminUser,cn=system,dc=mycompany,dc=com
	Proxy Password	Password for Server Proxy account
Connection Test		Validate that the test succeeds
Namespace	Remote Base	dc=mycompany, dc=com
	Mapped NamespaceFoot 1	dc=mycompany, dc=com

^Footnote 1 Mapped namespace is the location in the target directory. This example assumes that the target directory has the same structure that appears in Oracle Virtual Directory. If this is not the case, then modify accordingly.

10.2.2.2 User/Role Adapter A2

Table 10-2 User/Role Adapter A2

Screen	Field	Value
Type	Adapter Type	LDAP
	Name	User_Adapter_A2
	Adapter Template	FAJoiner_User_OID Choose the correct template for the LDAP directory you are connecting to.
Connection	Use DNS for Auto Discovery	No
	Host	Enter the host or virtual name of the directory host, for example: ldap.mycompany.com
	Port	Enter the port to connect to the LDAP directory on.
	Use SSL/TLS	Select this value if you connect to your LDAP directory using SSL or if you are using Active Directory.
	SSL Authentication Mode	If you connect to your LDAP directory using SSL, choose the Authentication mode.
	Server Proxy Bind DN	A bind DN that has administrative rights on the directory server. For example: cn=AdminUser,cn=system,dc=mycompany,dc=com
	Proxy Password	Password for Server Proxy account
Connection Test		Validate that the test succeeds
Namespace	Remote Base	dc=mycompany, dc=com
	Mapped NamespaceFoot 1	dc=mycompany, dc=com

^Footnote 1 Mapped namespace is the location in the target directory. This example assumes that the target directory has the same structure that appears in Oracle virtual directory. If this is not the case, then modify accordingly.

10.2.2.3 User/Role Adapter A3

Table 10-3 User/Role Adapter A3

Screen	Field	Value
Type	Adapter Type	LDAP
	Name	User_Adapter_A3
	Adapter Template	User_OID Choose the correct template for the LDAP directory you are connecting to.
Connection	Use DNS for Auto Discovery	No
	Host	Enter the Host or Virtual Name of the directory host, for example: ad.mycompany.com
	Port	Enter the Port to connect to the LDAP directory on.
	Use SSL/TLS	Select this value if you connect to your LDAP directory using SSL or if you are using Active Directory.
	SSL Authentication Mode	If you connect to your LDAP directory using SSL, choose the Authentication mode. If using Active Directory select Server Only Authentication (Mutual Authentication).
	Server Proxy Bind DN	A bind DN that has administrative rights on the directory server. For example: cn=AdminUser,cn=system,dc=mycompany,dc=com
	Proxy Password	Password for Server Proxy account
Connection Test		Validate that the test succeeds
Namespace	Remote Base	dc=mycompany, dc=com
	Mapped NamespaceFoot 1	dc=mycompany, dc=com

^Footnote 1 Mapped namespace is the location in the target directory. This example assumes that the target directory has the same structure that appears in Oracle virtual directory. If this is not the case, then modify accordingly.

10.2.2.4 User/Role Adapter J1 (JoinView Adapter)

Table 10-4 User/Role Adapter J1 (JoinView Adapter)

Screen	Field	Value
Type	Adapter Type	Join
	Name	Join_Adapter_J1
	Adapter Template	Default
Settings	Adapter	dc=mycompany, dc=com
	Primary Adapter	User_Adapter_A1
	Bind Adapters	User_Adapter_A1

After creating the JoinView adapter, perform the following steps:

1. Click Join_Adapter_J1 from the Adapters list and click the Edit button.

2. In the Join Rules box click Add new Join Rule.

3. Enter the following information:

   • Joined Adapter: User_Adapter_A2

   • Type: com.octetstring.vde.join.shadowJoiner

   • Condition: cn

4. Click OK to save the condition.

5. Click Apply.

10.2.2.5 Changelog Adapter C1

Table 10-5 Changelog Adapter C1

Screen	Field	Value
Type	Adapter Type	LDAP
	Name	Changelog_Adapter_C1
	Adapter Template	Changelog_OID Changelog_ActiveDirectory Choose the correct template for the LDAP directory you are connecting to.
Connection	Use DNS for Auto Discovery	No
	Host	Enter the host or virtual name of the directory host, for example: ad.mycompany.com
	Port	Enter the port to connect to the LDAP directory on.
	Proxy Password	Password for Server Proxy account
Connection Test		Validate that the test succeeds
Namespace	Remote Base
	Mapped NamespaceFoot 1	cn=changelog

^Footnote 1 Mapped namespace is the location in the target directory. This example assumes that the target directory has the same structure that appears in Oracle virtual directory. If this is not the case, then modify accordingly.

To edit the Change Log Adapter C1, follow these steps:

1. Select Changelog_Adapter_C1.

2. Click the Plug-ins tab.

3. In the Deployed Plus-ins table, click the changelog plug-in, then click Edit in the plug-ins table. The plug-in editing window appears.

4. In the Parameters table, update the parameter values.Edit the Change Log Adapter to either add or modify the properties so that they match the values shown in the following table. You must add the modifierDNFilter, sizeLimit, and targetDNFilter properties to the adapter.

   Table 10-6 Values in Parameters Table

   Parameter	Value	Comments
   modifierDNFilter	A bind DN that has administrative rights on the directory server, in the format: "!(modifiersname=cn=BindDN)" For example: "!(modifiersname=cn=orclAdminUser,cn=systemids,dc=mycompany,dc=com)"	Create
   sizeLimit	1000	Create
   targetDNFilter	dc=mycompany,dc=com	Create
   mapUserState	true	Update
   oamEnabled	true	Update
   virtualDITAdapterName	Join_Adapter_J1;User_Adapter_A1	Create

   
   

10.2.2.6 Changelog Adapter C2

Table 10-7 Changelog Adapter C2

Screen	Field	Value
Type	Adapter Type	LDAP
	Name	Changelog_Adapter_C2
	Adapter Template	Changelog_OID Choose the correct template for the LDAP directory you are connecting to.
Connection	Use DNS for Auto Discovery	No
	Host	Enter the host or virtual name of the directory host, for example: ad.mycompany.com
	Port	Enter the port to connect to the LDAP directory on.
	Proxy Password	Password for server proxy account
Connection Test		Validate that the test succeeds
Namespace	Remote Base
	Mapped NamespaceFoot 1	cn=changelog

^Footnote 1 Mapped namespace is the location in the target directory. This example assumes that the target directory has the same structure that appears in Oracle Virtual Directory. If this is not the case, then modify accordingly.

To edit the Change Log Adapter C2, follow these steps:

1. Select Changelog_Adapter_C2.

2. Click the Plug-ins tab.

3. In the Deployed Plus-ins table, click the changelog plug-in, then click Edit in the plug-ins table. The plug-in editing window appears.

4. In the Parameters table, update the parameter values.Edit the Change Log Adapter to either add or modify the properties so that they match the values shown in the following table. You must add the modifierDNFilter, sizeLimit, and targetDNFilter properties to the adapter.

   Table 10-8 Values in Parameters Table

   Parameter	Value	Comments
   modifierDNFilter	A bind DN that has administrative rights on the directory server, in the format: "!(modifiersname=cn=BindDN)" For example: "!(modifiersname=cn=orclAdminUser,cn=systemids,dc=mycompany,dc=com)"	Create
   sizeLimit	1000	Create
   targetDNFilter	dc=mycompany,dc=com	Create
   mapUserState	true	Update
   oamEnabled	true	Update
   virtualDITAdapterName	Join_Adapter_J1;User_Adapter_A2	Create
   virtualDITAdapterName	User_Adapter_A3	Create

   
   

10.2.2.7 Creating Oracle Virtual Directory Global Plug-ins

To create a Global Oracle Virtual Directory plug-in

1. In a web browser, go to Oracle Directory Services Manager (ODSM) at:

   http://admin.mycompany.com/odsm

2. Create connections to each of the Oracle Virtual Directory instances running on OVDHOST1 and OVDHOST2, if they do not already exist.

3. Connect to each Oracle Virtual Directory instance by using the appropriate connection entry.

4. On the Home page, click the Adapter tab.

5. Click the + next to Global Plugins in the left pane.

6. Click Create Plugin.

7. Create the Global Consolidated Changelog Plug-in and the Global FAUserRole Plugin as follows:

Global Consolidated Changelog Plug-in

Enter the following values to create the Global Consolidated Plug-in:

Name: Global Consolidated Changelog

Class: Click Select then choose: ConsolidatedChangelog

Click OK when finished.

Global FAUserRole Plugin

Enter the following values to create the Global Consolidated Plug-in:

Name: FA User Role Plugin

Class: Click Select then choose: FAUserRolePlugIn

Click Create Parameter

Create the following parameters:

Table 10-9 Parameters for FAUserRole Plugin

Name	Value
objectWrite	objectclass=orclAppIDUser;User_Adapter_A3
objectWrite	objectclass=orclAppIDGroup;User_Adapter_A3
objectWrite	objectclass=orclIDXGroup;User_Adapter_A1; User_Adapter_A3
objectWrite	objectclass=container;User_Adapter_A3

Click OK when finished.

10.3 Configuring Multiple Directories as an Identity Store: Distinct User and Group Populations in Multiple Directories

In this configuration, all the Oracle specific attributes and Oracle specific entities are created in the Policy Store (OID) directory. Enterprise Identity Store is an LDAP directory.

Note:

The Oracle Internet Directory that is to be used is not necessarily the PolicyStore Oracle Internet Directory. Conceptually, a non-AD directory can be used as the second directory. For convenience, Policy Store Oracle Internet Directory is referred to here.

The following conditions are assumed:

• Enterprise Directory Identity data is in one or more directories. Application-specific attributes on the user / group are stored in the Enterprise Directory.

• Application-specific entries are in Application Directory. (AppIDs and Enterprise Roles are stored in Application Directory)

This section contains the following topics:

• Section 10.3.1, "Topology"

• Section 10.3.2, "Directory Structure Overview"

• Section 10.3.3, "Configuring Oracle Virtual Directory Adapters and Plug-ins"

10.3.1 Topology

Figure 10-4 is an overview of the topology:

Figure 10-4 Overview of Topology

10.3.2 Directory Structure Overview

Figure 10-5 shows the directory structure in the internal and external directories.

Figure 10-5 Directory Structure

Figure 10-6 shows how the DIT appears to a user or client application.

Figure 10-6 Client View of the DIT

10.3.3 Configuring Oracle Virtual Directory Adapters and Plug-ins

Figure 10-7 provides an overview of the configuration.

Figure 10-7 Configuration Overview

Create the user adapter on the Oracle Virtual Directory instances running on OVDHOST1 and OVDHOST2 individually. Follow these steps to create the User Adapter in Oracle Virtual Directory using Oracle Directory Services Manager:

1. If they are not already running, start the Administration Server and the WLS_ODSM Managed Servers as described in Section 19.1, "Starting and Stopping Oracle Identity Management Components."

2. In a web browser, go to Oracle Directory Services Manager (ODSM) at:

   http://admin.mycompany.com/odsm

3. Create connections to each of the Oracle Virtual Directory instances running on OVDHOST1 and OVDHOST2, if they do not already exist.

4. Connect to each Oracle Virtual Directory instance by using the appropriate connection entry.

5. On the Home page, click the Adapter tab.

6. Start the New Adapter Wizard by clicking Create Adapter at the top of the adapter window.

7. Create new adapters using the New Adapter Wizard, with the parameters shown in the following tables.

10.3.3.1 User/Role Adapter A1

Table 10-10 User/Role Adapter A1

Screen	Field	Value
Type	Adapter Type	LDAP
	Name	User_Adapter_A1
	Adapter Template	User_OID User_ActiveDirectory Choose the correct template for the LDAP directory you are connecting to.
Connection	Use DNS for Auto Discovery	No
	Host	Enter the host or virtual name of the directory host, for example: ad.mycompany.com
	Port	Enter the port to connect to the LDAP directory on.
	Use SSL/TLS	Select this value if you connect to your LDAP directory using SSL or if you are using Active Directory.
	SSL Authentication Mode	If you connect to your LDAP directory using SSL, choose the authentication mode. If using Active Directory select Server Only Authentication (Mutual Authentication).
	Server Proxy Bind DN	The DN of a user that Oracle Virtual Directory can use to connect to AD and perform any operations. A user called oimAdminUser is created in the section Section 11.4, "Preparing the Identity Store" which can be used for this purpose.
	Proxy Password	Password for Server Proxy account
Connection Test		Validate that the test succeeds
Namespace	Remote Base	dc=mycompany, dc=com
	Mapped NamespaceFoot 1	dc=mycompany, dc=com

^Footnote 1 Mapped namespace is the location in the target directory. This example assumes that the target directory has the same structure that appears in Oracle Virtual Directory. If this is not the case, then modify accordingly.

10.3.3.2 User/Role Adapter A2

Table 10-11 User/Role Adapter A2

Screen	Field	Value
Type	Adapter Type	LDAP
	Name	User_Adapter_A2
	Adapter Template	User_OID Choose the correct template for the LDAP directory you are connecting to.
Connection	Use DNS for Auto Discovery	No
	Host	Enter the host or virtual name of the directory host, for example: ldap.mycompany.com
	Port	Enter the port to connect to the LDAP directory on.
	Use SSL/TLS	Select this value if you connect to your LDAP directory using SSL or if you are using Active Directory.
	SSL Authentication Mode	If you connect to your LDAP directory using SSL, choose the authentication mode. If you are using Active Directory, choose Server Only Authentication/Mutual Authentication.
	Server Proxy Bind DN	The DN of a user that Oracle Virtual Directory can use to connect to AD and perform all operations. The user oimAdminUser, which is created in Section 11.4, "Preparing the Identity Store," can be used for this purpose.
	Proxy Password	Password for server proxy account
Connection Test		Validate that the test succeeds
Namespace	Remote Base	dc=mycompany, dc=com
	Mapped NamespaceFoot 1	dc=mycompany, dc=com

^Footnote 1 Mapped namespace is the location in the target directory. This example assumes that the target directory has the same structure that appears in Oracle Virtual Directory. If this is not the case, then modify accordingly.

10.3.3.3 Changelog Adapter C1

Table 10-12 Changelog Adapter C1

Screen	Field	Value
Type	Adapter Type	LDAP
	Name	Changelog_Adapter_C1
	Adapter Template	Changelog_OID Changelog_ActiveDirectory Choose the correct template for the LDAP directory you are connecting to.
Connection	Use DNS for Auto Discovery	No
	Host	Enter the host or virtual name of the directory host, for example: ad.mycompany.com
	Port	Enter the port to connect to the LDAP directory on.
	Proxy Password	Password for server proxy account
Connection Test		Validate that the test succeeds
Namespace	Remote Base
	Mapped NamespaceFoot 1	cn=changelog

^Footnote 1 Mapped namespace is the location in the target directory. This example assumes that the target directory has the same structure that appears in Oracle Virtual Directory. If this is not the case, then modify accordingly.

To edit the Change Log Adapter C1, follow these steps:

1. Select the OIM change log adapter Changelog_Adapter_C1.

2. Click the Plug-ins tab.

3. In the Deployed Plus-ins table, click the changelog plug-in, then click Edit in the plug-ins table. The plug-in editing window appears.

4. In the Parameters table, update the parameter values.Edit the Change Log Adapter to either add or modify the properties so that they match the values shown in the following table. You must add the modifierDNFilter, sizeLimit, and targetDNFilter properties to the adapter.

   Table 10-13 Values in Parameters Table

   Parameter	Value	Comments
   modifierDNFilter	A bind DN that has administrative rights on the directory server, in the format: "!(modifiersname=cn=BindDN)" For example: "!(modifiersname=cn=orclAdminUser,cn=systemids,dc=mycompany,dc=com)"	Create
   sizeLimit	1000	Create
   targetDNFilter	dc=mycompany,dc=com	Create
   mapUserState	true	Update
   oamEnabled	true	Update
   virtualDITAdapterName	The adapter name of User/Role Adapter A1: User_Adapter_A1	Create

   
   

10.3.3.4 Changelog Adapter C2

Table 10-14 Changelog Adapter C2

Screen	Field	Value
Type	Adapter Type	LDAP
	Name	Changelog_Adapter_C2
	Adapter Template	Changelog_OID Choose the correct template for the LDAP directory you are connecting to.
Connection	Use DNS for Auto Discovery	No
	Host	Enter the host or virtual name of the directory host, for example: ad.mycompany.com
	Port	Enter the port to connect to the LDAP directory on.
	Proxy Password	Password for server proxy account
Connection Test		Validate that the test succeeds
Namespace	Remote Base
	Mapped NamespaceFoot 1	cn=changelog

^Footnote 1 Mapped namespace is the location in the target directory. This example assumes that the target directory has the same structure that appears in Oracle Virtual Directory. If this is not the case, then modify accordingly.

To edit the Change Log Adapter C2, follow these steps:

1. Select the OIM change log adapter Changelog_Adapter_C2.

2. Click the Plug-ins tab.

3. In the Deployed Plus-ins table, click the changelog plug-in, then click Edit in the plug-ins table. The plug-in editing window appears.

4. In the Parameters table, update the parameter values.Edit the Change Log Adapter to either add or modify the properties so that they match the values shown in the following table. You must add the modifierDNFilter, sizeLimit, and targetDNFilter properties to the adapter.

   Table 10-15 Values in Parameters Table

   Parameter	Value	Comments
   modifierDNFilter	A bind DN that has administrative rights on the directory server, in the format: "!(modifiersname=cn=BindDN)" For example: "!(modifiersname=cn=orclAdminUser,cn=systemids,dc=mycompany,dc=com)"	Create
   sizeLimit	1000	Create
   targetDNFilter	dc=mycompany,dc=com	Create
   mapUserState	true	Update
   oamEnabled	true	Update
   virtualDITAdapterName	The adapter name of User/Role adapter A2: User_Adapter_A2	Create

   
   

10.3.3.5 Creating Oracle Virtual Directory Global Plug-ins

To create a Global Oracle Virtual Directory plug-in

1. In a web browser, go to Oracle Directory Services Manager (ODSM) at:

   http://admin.mycompany.com/odsm

2. Create connections to each of the Oracle Virtual Directory instances running on OVDHOST1 and OVDHOST2, if they do not already exist.

3. Connect to each Oracle Virtual Directory instance by using the appropriate connection entry.

4. On the Home page, click the Adapter tab.

5. Click the + next to Global Plugins in the left pane.

6. Click Create Plugin.

7. Create the Global Consolidated Changelog Plug-in and the Global FAUserRole Plugin as follows:

Global Consolidated Changelog Plug-in

Enter the following values to create the Global Consolidated Plug-in:

Name: Global Consolidated Changelog

Class: Click Select then choose: ConsolidatedChangelog

Click OK when finished.

Global FAUserRole Plugin

Enter the following values to create the Global Consolidated Plug-in:

Name: FA User Role Plugin

Class: Click Select then choose: FAUserRolePlugIn

Click Create Parameter

Create the following parameters:

Table 10-16 Parameters for FAUserRole Plugin

Name	Value
objectWrite	objectclass=orclAppIDUser;User_Adapter_A2
objectWrite	objectclass=orclAppIDGroup;User_Adapter_A2
objectWrite	objectclass=orclIDXGroup;User_Adapter_A1; User_Adapter_A2
objectWrite	objectclass=container;User_Adapter_A2

Click OK when finished.