Sun Identity Manager 8.1 Resources Reference

Chapter 10 Database Table

The Database Table adapter is defined in the com.waveset.adapter.DatabaseTableResourceAdapter class.

Adapter Details

This adapter supports any relational database that has a JDBC driver.

The Database Table resource adapter is designed to guide you through a series of steps to connect to and manage users that are located in a single custom database table. The adapter also supports Active Sync to poll for account changes.

Note –

This resource is not designed to manage the DBMS system accounts which are typically found in multiple tables. (The adapter does not support join operations.) For those resources, continue to use the Oracle, SQL Server, DB2, Sybase, and MySQL resources.

Resource Configuration Notes


Identity Manager Installation Notes

All connections to SQL Server must be performed using the same version of the Microsoft SQL Server JDBC driver. (The possible versions are the 2005 or the 2000 version.) This includes the repository as well as all resource adapters that manage or require SQL Server accounts or tables, including the Microsoft SQL adapter, Microsoft Identity Integration Server adapter, Database Table adapter, Scripted JDBC adapter, and any custom adapter based on these adapters. Conflict errors occur if you attempt use different versions of the driver.

Usage Notes

This section provides configuration notes related to using the Database Table resource adapter, including:

General Configuration

Use the following steps to set up a new Database Table resource:

ProcedureTo Set Up a New Database Table Adapter: General Steps

  1. Specify the database access parameters. Include the database type, connection information, and the database name where the table to be managed is located.

  2. All of the available tables for that database are displayed on the Database Tables page. Select the table where the resource accounts for this resource are stored.

  3. Select the columns from the table that Identity Manager will manage. One of these columns will be designated as the Key and be used as the account name attribute for the users and one column will be designated as the Password and be used as the account password. Other columns can be selected as attributes to be managed.

  4. The resource schema map page will list just those attributes that were selected to be managed. It will not list the Key and Password attributes. These attributes will be implicitly managed.

  5. The Active Sync Configuration page allows you to optionally specify the Active Sync-related Database Table attributes. If you are not using the adapter as an Active Sync, you can skip these values. See the Active Sync Configuration section for additional details.

  6. Specify the identity template used for this resource. This is the Identity Manager attribute name that will be used for the Key attribute.

  7. Specify the Identity Manager resource parameters for this resource. This includes information like the resource name, Active Sync scheduling and logging, and approvers for the resource.

Active Sync Configuration

Note –

The Active Sync adapter does not detect account deletions. As a result, you must reconcile to detect these deletions.

During its Active Sync poll, the Database Table adapter selects resource accounts (from the specified database table) for passing to the user form (or instead to the workflow if specified).

The Static Search Predicate parameter specifies the optional static predicate used to qualify the accounts to be returned from the database. (A predicate is an SQL expression that is evaluated.) The parameter must be expressed in the native SQL syntax.

The following example illustrates the use of this parameter:

syncState = ”P’

This example requires that a column named syncState exists and that P is a possible value. This value is combined with the Last Fetched Predicate parameter to form the complete qualifier.

The Last Fetched Conjunction parameter is the value AND or OR. It specifies the conjunction prepended to the Last Fetched Predicate.

The Last Fetched Predicate parameter specifies another optional predicate, but this predicate can contain one or more user attributes defined in Identity Manager. This feature allows you to construct a predicate in native SQL syntax that compares values returned in a previous poll to values returned in the current poll. For example, if the lastMod column contains a timestamp, then this value can be compared on each poll. Then, if the value is higher on the current poll than on the previous poll, return information about the database entry. The following expression illustrates this feature:

lastMod > ’$(lastmod)’

The value specified between the parentheses must be an Identity Manager User Attribute defined on the schema map page. The $(lastmod) token will be replaced with the value returned on the previous poll. An example value might be 2004-06-20 6:23:00.

Note –

The first time the adapter polls, the Last Fetched Filter is not applied, because there are no previously fetched values. The filter will be run in all subsequent polls.

The Database Table adapter concatenates the Static Search Predicate, Last Fetched Conjunction, and Last Fetched Predicate resource parameters and sends a search expression similar to the following:

syncState = ’P’ AND lastMod > ’2004-06-20 6:23:00’

The ORDER BY parameter allows you to provide a native SQL ORDER BY clause to force the poll to process the rows in the specified order. Do not include the words ORDER BY in the value. For example, if you specify a value of lastMod, the rows are sorted based on the lastMod column, in an ascending order.

The optional Process to run with changes parameter, if specified, identifies the Identity Manager workflow to launch with each qualified account returned from the database. The map of values passed to the workflow is keyed by the attributes on the left-hand side of the schema map. If this value is not specified, then the update will be performed by the standard Active Sync user form processing.

Security Notes

The proxy user that connects to the database table must have the following characteristics:

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.



Enable/disable account 


Rename account 


Pass-through authentication 


Before/after actions 


Data loading methods 

  • Import from resource

  • Active Sync

  • Reconciliation

Account Attributes

The Resource User Attributes are populated by the wizard during the creation or editing of the resource. The values of these columns for selected users are then mapped with their corresponding attribute names found in the Identity Manager User Attributes.

This adapter supports binary datatypes, including BLOBs, in Oracle. The corresponding attributes must be marked as binary on the schema map. Sample binary attributes include graphics files, audio files, and certificates.

The sources.ResourceName.hosts property in the file can be used to control which host or hosts in a cluster will be used to execute the synchronization portion of an Active Sync adapter. ResourceName must be replaced with the name of the Resource object.

Resource Object Management


Identity Template


Sample Forms



Use the Identity Manager debug pages to set trace options on the following class:


Additionally, you can set the following Identity Manager Active Sync logging parameters for the resource instance: