Oracle® Identity Manager Connector Guide for Database User Management Release 9.1.0 E11193-01 |
|
![]() Previous |
![]() Next |
After you deploy the connector, you must test it to ensure that it functions as expected.
You can use the testing utility to identify the cause of problems associated with connecting to the target system and performing basic operations on the target system.
While running the testing utility, the testing utility reads the connectivity information from the IT Resource, lookup definitions from Oracle Identity Manager, and process form data is read from the config.properties file.
While running the testing utility, you must ensure that the connector should be deployed and Oracle Identity Manager should be running. Perform the following steps to test the connector for provisioning:
Note: The testing utility might not work for IBM WebSphere Application Server and Oracle WebLogic Server. |
Copy the following files to OIM_HOME/xellerate/ThirdParty directory:
For IBM WebSphere Application Server:
com.ibm.ws.admin.client_6.1.0.jar from WAS_HOME/AppServer/runtimes
ibmorb.jar from WAS_HOME/AppServer/java/jre/lib
xlDataObjectBeans.jar from OIM_CLIENT/xlclient/lib
For JBoss Application Server:
jbossall-client.jar from JBOSS_HOME/client
log4j.jar from JBOSS_HOME/server/default/lib
xlGenericUtils.jar from OIM_HOME/xellerate/lib
For Oracle WebLogic Server:
weblogic.jar from BEA_HOME/weblogic81/server/lib
Modify the attributes of the config.properties file using the values specified in the following table. This file is located in the OIM_HOME/xellerate/XLIntegrations/DBUM/config directory.
Name | Description | Sample or Default Value |
---|---|---|
Attributes Common to all databases | ||
ACTION | Enter the type of operation that you want to test.
You can specify one of the following values: For IBM DB2 UDB: CONNECT, CREATEUSER, DELETEUSER For Microsoft SQL Server: CONNECT, CREATELOGIN, DELETELOGIN, CREATEUSER, DELETEUSER, ENABLELOGIN, DISABLELOGIN For Oracle Database: CONNECT, CREATEUSER, DELETEUSER, ENABLEUSER, DISABLEUSER, ADDROLE, ADDPRIVILEGE, UPDATEPASSWORD For Sybase: CONNECT, CREATELOGIN, DELETELOGIN, CREATEUSER, DELETEUSER, ENABLELOGIN, DISABLELOGIN |
CREATEUSER |
IT_RESOURCE_NAME | Enter the name of the IT resource from which connectivity information must be read.
You can specify one of the following values: DB2UDB, MS SQL Server, Oracle, Sybase |
Oracle |
Process Form Fields and Query Code Keys for Oracle Database | Note: Enter values for these process form fields and query code keys if your target system is Oracle Database. For all other databases, do not enter values for these process form fields and query code keys of the other databases. | |
ORA_CREATEUSER_CODE_KEY
ORA_ENABLEUSER_CODE_KEY ORA_DISABLEUSER_CODE_KEY ORA_DELETEUSER_CODE_KEY ORA_ADDROLE_CODE_KEY ORA_ADDPRIVILEGE_CODE_KEY ORA_UPDATEPASSWORD_CODE_KEY |
Do not change the default values of these query code keys. | ORA_CREATE_USER
ORA_ENABLE_USER ORA_DISABLE_USER ORA_DELETE_USER ORA_ADD_ROLE ORA_ADD_PRIVILEGE ORA_UPDATE_PASSWORD |
UD_DB_ORA_U_USERNAME | Enter the user name for the provisioning operation.
Note: This is a mandatory field. If you are planning to test a user enable, disable, or delete operation, then you must first ensure that the user exists on the target system. |
johndoe |
UD_DB_ORA_U_ITRES | This attribute holds the name of the IT resource to be used for the provisioning operation. | Oracle |
UD_DB_ORA_U_PASSWORD | Enter the password for the user whose user name you enter as the value of UD_DB_ORA_U_USERNAME in this file.
Note: You must enter a password if you select the PASSWORD authentication type as the value of UD_DB_ORA_U_AUTHTYPE in this file. |
mypassw0r1 |
UD_DB_ORA_U_AUTHTYPE | Enter the authentication type.
You can select one of the following authentication types: PASSWORD, EXTERNAL, or GLOBAL. Note: This is a mandatory field. |
PASSWORD |
UD_DB_ORA_U_TEMP_QUOTASIZE
UD_DB_ORA_U_GLOBAL_DN UD_DB_ORA_U_TEMPTABLESPACE UD_DB_ORA_U_TABLESPACE UD_DB_ORA_U_PROFILE UD_DB_ORA_U_QUOTASIZE |
Enter values for the columns that you want to use in the provisioning operation.
Note: You can enter values for all or a combination of these columns. If you do not want to enter a value for a particular property, then leave it empty. |
NA |
UD_DB_ORA_R_ROLE
UD_DB_ORA_R_ADMIN_OPTION |
Enter values for these attributes if you want to provision a role. | For UD_DB_ORA_R_ROLE, enter a value in the format shown in the following sample value:
1~CONNECT For UD_DB_ORA_R_ADMIN_OPTION, enter WITH ADMIN OPTION. |
UD_DB_ORA_P_PRIVILEGE
UD_DB_ORA_P_ADMIN_OPTION |
Enter values for these attributes if you want to provision a privilege. | For UD_DB_ORA_P_PRIVILEGE, enter a value in the format shown in the following sample value:
1~CREATE SESSION For UD_DB_ORA_P_ADMIN_OPTION, enter WITH ADMIN OPTION. |
Process Form Fields and Query Code Keys for Sybase | Note: Enter values for these process form fields and query code keys if your target system is Sybase. For all other databases, do not enter values for these process form fields and query code keys of the other databases. | |
SYB_CREATELOGIN_CODE_KEY
SYB_DELETELOGIN_CODE_KE Y SYB_ENABLELOGIN_CODE_KEY SYB_DISABLELOGIN_CODE_KE SYB_CREATEUSER_CODE_KEY SYB_DELETEUSER_CODE_KEY |
Do not change the default values of these query code keys. | SYB_CREATE_LOGIN
SYB_DELETE_LOGIN SYB_ENABLE_LOGIN SYB_DISABLE_LOGIN SYB_CREATE_USER SYB_DELETE_USER |
UD_DB_SYB_L_LOGIN | Enter the login name for the provisioning operation.
Note: This is a mandatory field. If you are planning to test a login enable, disable, or delete operation, then you must first ensure that the login exists on the target system. |
johndoe |
UD_DB_SYB_L_ITRES | This attribute holds the name of the IT resource to be used for the provisioning operation. | Sybase |
UD_DB_SYB_L_PASSWORD | Enter the password for the user whose user name you enter as the value of UD_DB_SYB_L_LOGIN in this file.
Note: You must enter a password. |
mypassw0r1 |
UD_DB_SYB_L_FULLNAME
UD_DB_SYB_L_DEFAULTLANG UD_DB_SYB_L_DEFDB |
Enter values for the columns that you want to use in the provisioning operation.
Note: You can enter values for all or a combination of these columns. If you do not want to enter a value for a particular property, then leave it empty. |
NA |
UD_DB_SYB_U_USERNAME | Enter the user name for the provisioning operation.
Note: This is a mandatory field. If you are planning to test a user enable, disable, or delete operation, then you must first ensure that the user exists on the target system. |
johndoe |
UD_DB_SYB_U_LOGINNAME | Enter the login name for the user provisioning operation.
Note: This is a mandatory field. The login name that you enter must exist of the target system. |
johndoe |
UD_DB_SYB_U_ITRES | This attribute holds the name of the IT resource to be used for the provisioning operation. | Sybase |
UD_DB_SYB_U_DBGROUP | Enter a value for this column.
Note: If you do not want to enter a value for this attribute, then leave it empty. |
NA |
Process Form Fields and Query Code Keys for IBM DB2 UDB | Note: Enter values for these process form fields and query code keys if your target system is IBM DB2 UDB. For all other databases, do not enter values for these process form fields and query code keys of the other databases. | |
DB2_CREATEUSER_CODE_KEY
DB2_ENABLEUSER_CODE_KEY DB2_DISABLEUSER_CODE_KEY DB2_DELETEUSER_CODE_KEY |
Do not change the default values of these query code keys. | DB2_CREATE_USER
DB2_GRANT_PRIVELEGE DB2_REVOKE_PRIVELEGE DB2_DELETE_USER |
UD_DB_DB2_U_USERNAME | Enter the user name for the provisioning operation.
Note: This is a mandatory field. If you are planning to test a user delete operation, then you must first ensure that the user exists on the target system. |
johndoe |
UD_DB_DB2_U_ITRES | This attribute holds the name of the IT resource to be used for the provisioning operation. | DB2UDB |
UD_DB_DB2_U_USERTYPE | Enter the user type.
You can select one of the following user types: USER and GROUP Note: This is a mandatory field. |
USER |
Process Form Fields and Query Code Keys for Microsoft SQL Server | Note: Enter values for these process form fields and query code keys if your target system is Microsoft SQL Server. For all other databases, do not enter values for these process form fields and query code keys of the other databases. | |
UD_DB_SQL_L_LOGIN | Enter the login name for the provisioning operation.
Note: This is a mandatory field. If you are planning to test login enable, disable, or delete operation, then you must first ensure that the user exists on the target system. |
janedoe |
UD_DB_SQL_L_ITRES | This attribute holds the name of the IT resource to be used for the provisioning operation. | MS SQLServer |
UD_DB_SQL_L_PASSWORD | Enter the password for the user whose user name you enter as the value of UD_DB_SQL_L_LOGIN in this file.
Note: You must enter a password. |
mypassw0r1 |
UD_DB_SQL_L_AUTHTYPE | Enter the authentication type.
You can select one of the following authentication types: SQL_SERVER_AUTHENTICATION or WINDOWS_AUTHENTICATION. Note: This is a mandatory field. |
SQL_SERVER_AUTHENTICATION |
UD_DB_SQL_L_DEFLANG
UD_DB_SQL_L_DEFDB |
Enter values for the columns that you want to use in the provisioning operation.
Note: You can enter values for one or both these columns. If you do not want to enter a value for a particular attribute, then leave it empty. |
NA |
UD_DB_SQL_U_USERNAME | Enter the user name for the provisioning operation.
Note: This is a mandatory field. If you are planning to test a user delete operation, then you must first ensure that the user exists on the target system. |
rroe |
UD_DB_SQL_U_LOGINNAME | Enter the login name for the user provisioning operation.
Note: This is a mandatory field. The login name that you enter must exist of the target system. |
|
UD_DB_SQL_U_ITRES | This attribute holds the name of the IT resource to be used for the provisioning operation. | Sybase |
UD_DB_SQL_U_AUTHTYPE | Enter the authentication type.
You can select one of the following authentication types: SQL_SERVER_AUTHENTICATION or WINDOWS_AUTHENTICATION. Note: This is a mandatory field. |
SQL_SERVER_AUTHENTICATION |
Attributes Used for Oracle Identity Manager Signature Login (Common to all Databases) | ||
XL_HOME_DIR
JAVA_SECURITY_POLICY JAVA_SECURITY_AUTH_LOGIN_CONFIG JAVA_NAMING_PROVIDER_URL |
For a signature-based login in Oracle Identity Manager, you must set values for the following system properties:
XL_HOME_DIR: Specify the path of the Oracle Identity Manager home directory. For example, the path until the xellerate directory. For example: C:\OIM_JBOSS_9102\OimServer\xellerate JAVA_SECURITY_POLICY: Specify the path of xl.policy file. It is present in the config directory. For example: C:\OIM_JBOSS_9102\OimServer\xellerate\config\xl.policy JAVA_SECURITY_AUTH_LOGIN_CONFIG: Specify the path of auth.conf file. It is present in the config directory. For example: C:\OIM_JBOSS_9102\OimServer\xellerate\config\auth.conf For JBoss Application Server: Specify the path of aut.conf For Oracle WebLogic Server: Specify the path of authwl.conf file For IBM WebSphere Application Server: Specify the path of authws.conf JAVA_NAMING_PROVIDER_URL: Specify the value of the "java.naming.provider.url" attribute present in the Discovery settings in OIM_HOME/xellerate/config/xlconfig.xml |
NA
OIM_HOME/xellerate Path of the xl.policy file, such as OIM_HOME/xellerate/config/xl.policy Path of the auth.conf file, such as OIM_HOME/xellerate/config/auth.conf Value of java.naming.provider.url in OIM_HOME/xellerate/config/xlconfig.xml |
After you specify values in the config.properties file, run one of the following files:
For UNIX:
OIM_HOME/xellerate/XLIntegrations/DBUM/scripts/DBUMTestingUtility.sh
For Microsoft Windows:
OIM_HOME/XLIntegrations/DBUM/scripts/DBUMTestingUtility.bat
The following table lists the column names or attributes for create and update user in the config.properties and their labels:
Attributes | Labels |
---|---|
Oracle Database | |
UD_DB_ORA_U_USERNAME | Username |
UD_DB_ORA_U_ITRES | IT Resource |
UD_DB_ORA_U_PASSWORD | Password |
UD_DB_ORA_U_AUTHTYPE | Authentication Type |
UD_DB_ORA_U_TEMP_QUOTASIZE | Temporary Tablespace Quota (in MB) |
UD_DB_ORA_U_GLOBAL_DN | Global DN |
UD_DB_ORA_U_TEMPTABLESPACE | Temporary Tablespace |
UD_DB_ORA_U_TABLESPAC | Default Tablespace |
UD_DB_ORA_U_PROFILE | Profile Name |
UD_DB_ORA_U_QUOTASIZE | Default Tablespace Quota (in MB) |
UD_DB_ORA_R_ROLE | Role |
UD_DB_ORA_R_ADMIN_OPTION | Role Admin Option |
UD_DB_ORA_P_PRIVILEGE | Privilege |
UD_DB_ORA_P_ADMIN_OPTION | Privilege Admin Option |
Sybase database | |
UD_DB_SYB_L_LOGIN | Login Name |
UD_DB_SYB_L_PASSWORD | Password |
UD_DB_SYB_L_ITRES | IT Resource |
UD_DB_SYB_L_FULLNAME | Full Name |
UD_DB_SYB_L_DEFAULTLANG | Default Language |
UD_DB_SYB_L_DEFDB | Default Database |
UD_DB_SYB_U_USERNAME | Username |
UD_DB_SYB_U_LOGINNAME | Login Name |
UD_DB_SYB_U_ITRES | IT Resource |
UD_DB_SYB_U_DBGROUP | Database Group |
DB2 database | |
UD_DB_DB2_U_USERNAME | Username |
UD_DB_DB2_U_ITRES | IT Resource |
UD_DB_DB2_U_USERTYPE | User Type |
MSSQL database | |
UD_DB_SQL_L_LOGIN | Login Name |
UD_DB_SQL_L_PASSWORD | Password |
UD_DB_SQL_L_AUTHTYPE | Authentication Type |
UD_DB_SQL_L_ITRES | IT Resource |
UD_DB_SQL_L_DEFLANG | Default Language |
UD_DB_SQL_L_DEFDB | Default DataBase |
UD_DB_SQL_U_USERNAME | Username |
UD_DB_SQL_U_LOGINNAME | Login Name |
UD_DB_SQL_U_AUTHTYPE | Authentication Type |
UD_DB_SQL_U_ITRES | IT Resource |