Sun Identity Manager 8.1 Resources Reference

Adapter Details

Use this adapter to support user accounts for logging into Sybase Adaptive Server Enterprise. If you have a custom Sybase table, see Chapter 10, Database Tablefor information about using the Resource Adapter Wizard to create a custom Sybase table resource.

Resource Configuration Notes

None

Identity Manager Installation Notes

The Sybase ASE resource adapter is a custom adapter. You must perform the following steps to complete the installation process:

ProcedureInstalling the Sybase ASE Resource Adapter

  1. Copy the SybaseInstallDir\jConnect-5_5\classes\jconn2.jar file to the $WSHOME$/WEB-INF/lib directory.

  2. Add the following value in the Custom Resources section of the Configure Managed Resources page.


    com.waveset.adapter.SybaseASEResourceAdapter

    Then click Save.

Usage Notes

None

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager uses JDBC over SSL to communicate with this adapter.

Required Administrative Privileges

The following table lists the permissions needed to execute the system procedures:

System Procedure  

Permissions Required  

sp_addlogin, sp_droplogin 

System Administrator or System Security Officer 

sp_adduser, sp_droplogin 

Database Owner, System Administrator, or System Security Officer 

sp_changegroup 

Database Owner, System Administrator, or System Security Officer 

sp_displayroles 

System Administrator or System Security Officer 

sp_helpuser 

None 

sp_locklogin 

System Administrator or System Security Officer 

sp_modifylogin 

Only a System Administrator can execute sp_modifylogin to change the default database. Any user can execute sp_modifylogin to change his or her own login account. 

sp_password 

Only a System Security Officer can execute sp_password to change another user’s password. Any user can execute sp_password to change his or her own password. 

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.

Feature  

Supported?  

Enable/disable account 

Yes 

Rename account 

No 

Pass-through authentication 

Yes 

Before/after actions 

No 

Data loading methods 

  • Import directly from resource

  • Reconcile with resource

Account Attributes

The following table lists the default account attributes. All the default attributes are strings.

Identity System User Attribute

Resource Attribute Name

Description

serverRoles

serverRoles

The database server roles the user is assigned. 

defaultDB

defaultDB

The user’s default database. 

Because multiple databases can be managed, the Identity Manager administrator must add account attributes for each database to be managed. These attributes must include the database name as part of the attribute name in order to differentiate them from attributes for other managed databases:

Identity System User Attribute

Data Type

Description

userNameDBName

String 

The user name of the account on the database. Setting a userName for a database will grant access to the database for the account, and clearing the userName for a database will remove access. 

groupDBName

String 

The group for the account on the database. 

Resource Object Support

Managed Objects

This adapter does not manage objects on the Sybase ASE resource.

Listable Objects

The following table describes the Sybase objects that can be called using the listAllObjects method within a user form.

Object  

Description  

allDatabases 

Lists the databases on the resource. 

dbGroups 

Lists the groups in a database managed on the resource. 

managedDatabases 

Lists the databases managed on the resource. This list is set on the Databases resource attribute.

serverRoles 

Lists the database server roles the user is assigned. 

Identity Template

$accountId$

Sample Forms

SybaseASEUserForm

Troubleshooting

Use the Identity Manager debug pages to set trace options on the following classes: