Sun[TM] Identity Manager 8.0 Resources Reference |
Microsoft SQL ServerThe MIcrosoft SQL Server resource adapter is defined in the com.waveset.adapter.MSSQLServerResourceAdapter class.
Use this adapter to manage multiple databases on the SQL server. Logins can be managed to the server itself as well as the managed databases.
If you have a custom SQL table, see Database Table for information about using the Resource Adapter Wizard to create a custom Microsoft SQL table resource.
Resource Configuration Notes
None
Identity Manager Installation Notes
The Microsoft SQL Server resource adapter is a custom adapter. You must perform the following steps to complete the installation process:
- To add this resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page.
com.waveset.adapter.MSSQLServerResourceAdapter
- If you connect to the resource with the Microsoft SQL Server 2005 Driver for JDBC, copy the mssqlserver.jar file to the InstallDir\idm\WEB-INF\lib directory.
If you connect to the resource with the Microsoft SQL Server 2000 Driver for JDBC, copy the following jar files from the Program Files\2000 Microsoft SQL Server 2000 Driver for JDBC\lib directory to the InstallDir\idm\WEB-INF\lib directory.
- msbase.jar
- mssqlserver.jar
- msutil.jar
Usage Notes
You can use two types of authentication with SQL Server:
- Windows authentication. SQL Server relies on Windows for all authentication and security mechanisms. When a user access SQL Server, it obtains the user and password information from the user’s network security attributes. If the user has been granted access to SQL Server from within Windows, the user is logged in to SQL Server automatically. Account IDs passed in to the adapter must be in the form of Domain\accountID. Pass-through authentication is not supported for Windows authentication.
- Mixed mode authentication. In this scenario, both Windows authentication and SQL Server authentication are enabled. When a user connects with a specified login name and password from a non-trusted connection, SQL Server performs the authentication itself by checking to see if a SQL Server login account has been set up and if the specified password matches the one previously recorded. If SQL Server does not have a login account set, authentication fails and the user receives an error message.
Windows authentication mode for the SQL Server resource adapter can only be configured on the Microsoft SQL Server adapter if the Identity Manager server is running on a Windows machine that is included in the same Windows security/authentication framework as the SQL Server server instance.
The JDBC driver supports the use of Type 2 integrated authentication on Windows operating systems through the integratedSecurity connection string property. To use integrated authentication, copy the sqljdbc_auth.dll file to a directory on the Windows system path on the computer where the JDBC driver is installed.
The sqljdbc_auth.dll files are installed in the following location:
InstallationDirectory\sqljdbc_Version\Language\auth\
On a 32-bit processor, use the sqljdbc_auth.dll file in the x86 folder. On a 64-bit processor, use the sqljdbc_auth.dll file in the x64 folder.
For more information, see the following article:
http://msdn2.microsoft.com/en-us/library/ms378428.aspx
The SQL Server resource adapter uses the following system procedures to manage user accounts:
Security Notes
This section provides information about supported connections and privilege requirements.
Supported Connections
Identity Manager uses JDBC over SSL to communicate with SQL Server.
Required Administrative Privileges
The following table indicates who can execute the system procedures:
Provisioning Notes
The following table summarizes the provisioning capabilities of this adapter.
Feature
Supported?
Enable/disable account
Yes
Rename account
No
Pass-through authentication
Before/after actions
No
Data loading methods
Account Attributes
The following table lists the default account attributes (all strings).
Because multiple databases can be managed, the Identity Manager administrator must add account attributes for each database to be managed. These attributes must include the database name as part of the attribute name in order to differentiate them from attributes for other managed databases:
Resource Object Management
None
Identity Template
$domain$ $accountId$
Sample Forms
MSSQLServerUserForm.xml
Troubleshooting
Use the Identity Manager debug pages to set trace options on the following classes: