User Objects
Since Service Provider users are also persistent objects, you can create and modify them in the same way as configuration objects. While this is the fastest way to create users in the directory, it is important to understand that the provisioning of resource accounts does not happen when you use the persistent object methods. If you want to perform provisioning you must use the IDMX User View and the view methods.
The IDMXUser class is a subclass of Composite, which provides a generic model to represent an object with a collection of attributes, assignments to resources, and links to the associated objects on those resources. The structure of the IDMXUser class is similar to the Identity Manager WSUser class, but the field and method names are slightly different, because the model is intended for use with entities other than user accounts.
The following table shows the correspondence of some of the major classes and field names in the two products.
|
Description |
Identity Manager |
Service Provider |
|---|---|---|
|
General user class |
WSUser |
Composite |
|
Attribute class |
WSAttributes |
GenericObject |
|
Add resource method |
WSUser.addPrivateResource |
Composite.addAssignment |
|
Resource account class |
ResourceInfo |
Link |
|
Get account identity method |
ResourceInfo.getAccountId |
Link.getIdentity |
|
Set account attributes method |
ResourceInfo.setAttributes |
Link.setPendingAttributes |
When you set the attributes of an IDMXUser, it is important to know how these attributes are being mapped to attributes in the directory. This mapping is defined by a Resource definition in the repository, which is named Service Provider End-User Directory in the examples.
This resource is available in Identity Manager by default. The resource has a schema map set up to work with the Service Provider example end user pages.
|
IDMXUser Attribute |
Directory Attribute |
|---|---|
|
name |
uid |
|
password |
userPassword |
|
firstname |
givenname |
|
lastname |
sn |
|
objectClass |
objectClass |
|
fullname |
cn |
|
xml |
jpegPhoto |
|
|
|
|
homephone |
telephoneNumber |
|
cellphone |
mobile |
|
passwordRetryCount |
passwordRetryCount |
|
accountUnlockTime |
accountUnlockTime |
The full DN of this user will be built according to the identity template defined in the resource. If you want to assign a DN whose structure differs from that in the identity template, call the setIdentity method to specify the full DN.
Any attribute that you set on an IDMXUser that is not defined in the directory schema map will be stored as an extended attribute. Extended attributes are stored in the XML blob with the other object metadata, they are not directly accessible in the directory.
When you no longer need a persistent object, it may be deleted to reclaim space and reduce clutter in searches. Service Provider does not perform reference checks before deleting an object. This means that it is possible to delete a Resource object, for example, while that object is still being referenced by a Role object.
- © 2010, Oracle Corporation and/or its affiliates