Sun Identity Manager 8.1 Resources Reference

Adapter Details

Use this adapter to support user accounts for logging into Sybase Adaptive Server Enterprise. If you have a custom Sybase table, see Chapter 10, Database Tablefor information about using the Resource Adapter Wizard to create a custom Sybase table resource.

Resource Configuration Notes

None

Identity Manager Installation Notes

The Sybase ASE resource adapter is a custom adapter. You must perform the following steps to complete the installation process:

Installing the Sybase ASE Resource Adapter

Copy the SybaseInstallDir\jConnect-5_5\classes\jconn2.jar file to the $WSHOME$/WEB-INF/lib directory.

Add the following value in the Custom Resources section of the Configure Managed Resources page.
com.waveset.adapter.SybaseASEResourceAdapter
Then click Save.

Usage Notes

None

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager uses JDBC over SSL to communicate with this adapter.

Required Administrative Privileges

The following table lists the permissions needed to execute the system procedures:

System Procedure	Permissions Required
sp_addlogin, sp_droplogin	System Administrator or System Security Officer
sp_adduser, sp_droplogin	Database Owner, System Administrator, or System Security Officer
sp_changegroup	Database Owner, System Administrator, or System Security Officer
sp_displayroles	System Administrator or System Security Officer
sp_helpuser	None
sp_locklogin	System Administrator or System Security Officer
sp_modifylogin	Only a System Administrator can execute sp_modifylogin to change the default database. Any user can execute sp_modifylogin to change his or her own login account.
sp_password	Only a System Security Officer can execute sp_password to change another user’s password. Any user can execute sp_password to change his or her own password.

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.

Feature	Supported?
Enable/disable account	Yes
Rename account	No
Pass-through authentication	Yes
Before/after actions	No
Data loading methods	Import directly from resource Reconcile with resource

Account Attributes

The following table lists the default account attributes. All the default attributes are strings.

Identity System User Attribute	Resource Attribute Name	Description
`serverRoles`	`serverRoles`	The database server roles the user is assigned.
`defaultDB`	`defaultDB`	The user’s default database.

Because multiple databases can be managed, the Identity Manager administrator must add account attributes for each database to be managed. These attributes must include the database name as part of the attribute name in order to differentiate them from attributes for other managed databases:

Identity System User Attribute	Data Type	Description
`userNameDBName`	String	The user name of the account on the database. Setting a userName for a database will grant access to the database for the account, and clearing the userName for a database will remove access.
`groupDBName`	String	The group for the account on the database.

Resource Object Support

Managed Objects

This adapter does not manage objects on the Sybase ASE resource.

Listable Objects

The following table describes the Sybase objects that can be called using the listAllObjects method within a user form.

Object	Description
allDatabases	Lists the databases on the resource.
dbGroups	Lists the groups in a database managed on the resource.
managedDatabases	Lists the databases managed on the resource. This list is set on the Databases resource attribute.
serverRoles	Lists the database server roles the user is assigned.

Identity Template

$accountId$

Sample Forms

SybaseASEUserForm

Troubleshooting

Use the Identity Manager debug pages to set trace options on the following classes:

com.waveset.adapter.SybaseASEResourceAdapter
com.waveset.adapter.JdbcResourceAdapter