About the Connector

1.1 Certified Components

Table 1-1 lists the certified components for this connector.

Table 1-1 Certified Components

Item	Requirement
Oracle Identity Governance or Oracle Identity Manager	You can use one of the following releases of Oracle Identity Governance or Oracle Identity Manager: Oracle Identity Governance 12c (12.2.1.4.0) Oracle Identity Governance 12c (12.2.1.3.0) Oracle Identity Manager 11g Release 1 Patch Set 1 (11.1.1.5.4) and any later BP in this release track Oracle Identity Manager 11g Release 2 (11.1.2.0.0) and any later BP in this release track Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0)
Target systems	IBM Lotus Notes/Domino 8, 8.5, 8.5.x, 9.0, 9.0.1 Note: You must install IBM Lotus Notes on the same computer as the connector.
Connector Server	11.1.2.1.0
Connector Server JDK	For Oracle Identity Manager 11g Release 2 (11.1.2.0) and any later BP in this release track, use JDK 1.6 or later Note: Use compatible JDK version as per the Lotus Notes/Domino target's JDK supported version.
External code	`Notes.jar` See Using External Code Files for more information about these files.

1.2 Usage Recommendations

Deploy and use one of these connector versions on the basis of the Oracle Identity Manager and target system versions.

Depending on the Oracle Identity Manager version that you are using, you must deploy and use one of the following connectors:
- If you are using an Oracle Identity Manager release 9.1.0.1 or later and earlier than Oracle Identity Manager 11g Release 1 (11.1.1.5.0), then use the 9.0.4.x version of this connector.
- If you are using Oracle Identity Manager 11g Release 1 (11.1.1.5.0) or later, Oracle Identity Manager 11g Release 2 BP04 (11.1.2.0.4) or later, or Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0), then use the latest 11.1.1.x version of this connector.
Depending on the target system that you are using, you must deploy and use one of the following connectors:
- If you are using the following target systems, then use the 9.0.4.x version of this connector:
  
  Oracle Enterprise Linux 5.2
  
  Solaris 8
- If you are using the following target systems, then use the latest 11.1.1.x version of this connector:
  - Exadata V2, ExaLogic X2-2
  - Oracle Enterprise Linux later than 5.2+x86 (32-bit) and x64 (64-bit)
  - Solaris 11

1.3 Certified Languages

These are the languages that the connector supports.

Arabic
Chinese (Simplified)
Chinese (Traditional)
Danish
English
French
German
Italian
Japanese
Korean
Portuguese (Brazilian)
Spanish

1.4 Connector Architecture

The Lotus Notes/Domino connector enables you to manage user accounts through Oracle Identity Manager.

Figure 1-1 shows the architecture of the connector for IBM Lotus Notes and Domino.

Figure 1-1 Connector Architecture

Description of "Figure 1-1 Connector Architecture "

You can configure the connector to run in one of the following modes:

Identity Reconciliation

Identity reconciliation is also known as authoritative or trusted source reconciliation. In this form of reconciliation, OIM users are created or updated corresponding to the creation of, and updates to, users on the target system.

After an update, you must run trusted source reconciliation again so only that user is updated.
Account Management

Account management is also known as target resource management. This mode of the connector enables the following operations:
- Provisioning
  
  Provisioning involves creating or updating users on the target system through Oracle Identity Manager. When you allocate (or provision) a Lotus Notes resource to an OIM User, the operation results in the creation of an account on IBM Lotus Notes and Domino for that user. In the Oracle Identity Manager context, the term provisioning also covers updates made to the target system account through Oracle Identity Manager.
- Target resource reconciliation
  
  In target resource reconciliation, data related to newly created and modified target system accounts can be reconciled and linked with existing OIM Users and provisioned resources. A scheduled job is used for reconciliation.

Note:

See Understanding the Identity Connector Framework in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for more information.

1.5 Features of the Connector

The features of the connector include full and incremental reconciliation, limited reconciliation, support for adding new attributes for reconciliation and provisioning and so on.

1.5.1 Support for Both Target Resource and Trusted Source Reconciliation

You can use the connector to configure Oracle Internet Directory as either a target resource or trusted source of Oracle Identity Manager.

See Configuring Reconciliation for more information.

1.5.2 Support for Limited Reconciliation

For a reconciliation run, you can specify the subset of added or modified target system records that must be reconciled.

See Performing Limited Reconciliation for more information.

1.5.3 Support for Both Full and Incremental Reconciliation

After you deploy the connector, you can perform full reconciliation to bring all existing user data from the target system to Oracle Identity Manager. After the first full reconciliation run, change-based or incremental reconciliation is automatically enabled from the next run of the user reconciliation.

You can perform a full reconciliation run at any time. See Performing Full Reconciliation and Incremental Reconciliation for more information.

1.5.4 Support for Adding Attributes for Reconciliation and Provisioning

You can add to the standard set of attributes for reconciliation and provisioning. Extending the Functionality of the Connector describes the procedure.

1.6 Lookup Definitions Used During Reconciliation and Provisioning

Lookup definitions used during reconciliation and provisioning can be divided into the following categories:

1.6.1 Lookup Definitions Synchronized with the Target System

The Domino Connector Lookup Reconciliation scheduled job synchronizes the Lookup.Domino.Group lookup definition with the target system. The Lookup.Domino.Group lookup definition holds values for the Group lookup field on the process form.

Running this scheduled job populates the Lookup.Domino.Group lookup definition with group names fetched from the target system. For more information about the Domino Connector Lookup Reconciliation scheduled job, see Scheduled Job for Lookup Field Synchronization.

1.6.2 Other Lookup Definitions

Table 1-2 describes the other lookup definitions that are created in Oracle Identity Manager when you deploy the connector. Some of these lookup definitions are pre-populated with values. You must manually enter values for other definitions after the connector has been deployed.

In these Lookups, the Code Key column stores the process form field labels and the Decode column stores the Domino Attribute name.

Table 1-2 Other Lookup Definitions

Lookup Definition	Description of Values	Method to Specify Values for the Lookup Definition
Combo.Domino.Security.Type	This definition holds information about security types that you can select for a target system account created through OIM. Code Key and Decode values in this definition are: CODE: 0 DECODE: International CODE: 1 DECODE: North American These values are used in the License Type combo box. License Type determines which type of ID file is created, and affects encryption when sending or receiving mail and when encrypting data.	This lookup definition is preconfigured. Do not add or modify entries in this lookup definition.
Lookup.Domino.UM.Configuration	This lookup definition holds information about the user attribute maps that you can select for a target system account created through OIM. The Code Key and Decode values in this definition are: CODE: Provisioning Attribute Map DECODE: Lookup.Domino.UM.ProvAttrMap CODE: Recon Attribute Map DECODE: Lookup.Domino.UM.ReconAttrMap
Lookup.Domino.UM.Configuration.Trusted	This lookup definition holds information about the trusted configuration for the Domino User object. The Code Key and Decode values in this definition are: CODE: Recon Attribute DECODE: Lookup.Domino.UM.TrustedDefaults CODE: Recon Attribute Map DECODE: Lookup.Domino.UM.ReconAttrMap.Trusted
Lookup.Configuration.Domino	This lookup definition holds connector configuration entries that are used during reconciliation and provisioning. The Code Key and Decode values in this definition are: CODE: Bundle Name DECODE: org.identityconnectors.domino CODE: Bundle Version DECODE: 2.0.1 CODE: Connector Name DECODE: org.identityconnectors.domino.DominoConnector CODE: createIdFile DECODE: true CODE: createMailDB DECODE: true CODE: createMailDBInBackground DECODE: false CODE: defaultPasswordExp DECODE: 720 CODE: formatUid DECODE: false CODE: mailFileAction DECODE: 2 CODE: minPWLength DECODE: 5 CODE: northAmerican DECODE: false CODE: storeIdInAddrBook DECODE: true CODE: syncInetPassword DECODE: false CODE: useIDVault DECODE: false CODE: User Configuration Lookup DECODE: Lookup.Domino.UM.Configuration This lookup definition uses the `User Configuration Lookup` code key, which is an object type for a related lookup containing all information related to user type.	The entries in this lookup definition are preconfigured and should not require modification. To add entries, see Setting Up the Lookup.Configuration.Domino Lookup Definition for instructions.
Lookup.Domino.NotesCertifiers	This lookup definition holds information for the NotesCertifier object type. The Code Key and Decode value in this definition is: CODE: Shortname DECODE: ShortName You can configure Domino Connector Lookup Reconciliation to reconcile values into this lookup.
Lookup.Configuration.Domino.Trusted	This lookup definition is the main configuration lookup for trusted reconciliation. The Code Key and Decode values in this definition are: CODE: Bundle Name DECODE: org.identityconnectors.domino CODE: Bundle Version DECODE: 2.0.1 CODE: Connector Name DECODE: org.identityconnectors.domino.DominoConnector CODE: createIdFile DECODE: true CODE: createMailDB DECODE: true CODE: createMailDBInBackground DECODE: false CODE: defaultPasswordExp DECODE: 720 CODE: formatUid DECODE: false CODE: mailFileAction DECODE: 2 CODE: minPWLength DECODE: 5 CODE: northAmerican DECODE: false CODE: storeIdInAddrBook DECODE: true CODE: syncInetPassword DECODE: false CODE: useIDVault DECODE: false CODE: User Configuration Lookup DECODE: Lookup.Domino.UM.Configuration.Trusted This lookup definition should be referenced in ITResource, and configured as Trusted ITResource.	The entries in this lookup definition are preconfigured and should not require modification.
Lookup.Domino.UM.TrustedDefaults	This lookup definition holds mapping for all trusted reconciliation default values. These default values are used when a value is not received from the target resource. The Code Key and Decode values in this definition are: CODE: User Type DECODE: End-User CODE: Employee Type DECODE: Full-Time CODE: Organization DECODE: Xellerate Users
Lookup.Domino.UM.ReconAttrMap	This lookup definition holds mapping for all reconciliation operations between resource object fields and the target system attributes. The Code Key and Decode values in this definition are: CODE: Status DECODE: __ENABLE__ CODE: Mail File DECODE: MailFile CODE: Universal Id DECODE: __UID__ CODE: Comment DECODE: Comment CODE: Group List~Group [LOOKUP] DECODE: GroupList Note: From this release onwards, Grouplist is not a mandatory attribute for performing status reconciliation of a user. Hence, you can ignore or remove this attribute if you do not want to reconcile the groups of the user. CODE: Mail Internet Address DECODE: InternetAddress CODE: First Name DECODE: FirstName CODE: Mail Server DECODE: MailServer CODE: Mail Quota Limit DECODE: MailQuotaSizeLimit CODE: Short Name DECODE: ShortName CODE: Location DECODE: Location CODE: Forwarding Domain DECODE: forwardingAddress CODE: Organization Unit DECODE: OrgUnit CODE: Middle Name DECODE: MiddleInitial CODE: Mail Quota Warning DECODE: MailQuotaWarningThreshold CODE: Last Name DECODE: LastName	This lookup definition is preconfigured. Table 1-3 describes the default entries in this lookup definition. You can add entries to this lookup definition if you want to map new target system attributes for reconciliation. For more information, see Adding Target System Attributes for Reconciliation.
Lookup.Domino.UM.ReconAttrMap.Trusted	This lookup definition holds mapping for all trusted reconciliation attributes. The Code Key and Decode values in this definition are: CODE: Status[TRUSTED] DECODE: __ENABLE__ CODE: User Login DECODE: ShortName CODE: First Name DECODE: FirstName CODE: Email DECODE: InternetAddress CODE: Middle Name DECODE: MiddleInitial CODE: Last Name DECODE: LastName	This lookup definition is preconfigured. Table 1-3 describes the default entries in this lookup definition. You can add entries to this lookup definition if you want to map new target system attributes for reconciliation. For more information, see Adding Target System Attributes for Reconciliation.
Lookup.Domino.UM.ProvAttrMap	This lookup definition holds mapping for all provisioning operations between resource object fields and target system attributes. The Code Key and Decode values in this definition are: CODE: License Type DECODE: NorthAmerican CODE: Last Name DECODE: LastName CODE: Old Password DECODE: __CURRENT_PASSWORD__ CODE: Certifier Password DECODE: credentials CODE: Middle Name DECODE: MiddleInitial CODE: Short Name DECODE: ShortName CODE: End Date[DATE] DECODE: EndDate CODE: Mail File Name DECODE: MailFile CODE: Mail Server DECODE: MailServer CODE: UD_LNGRP~Group Name[LOOKUP] DECODE: GroupList CODE: Certifier Org Hierarchy[LOOKUP] DECODE: CertifierOrgHierarchy CODE: Mail Quota Limit DECODE: MailQuotaSizeLimit CODE: Recertify DECODE: Recertify CODE: IDFile Name[PROVIDEONPSWDCHANGE] DECODE: idFile CODE: Certifier ID File Path DECODE: certifierIDFile CODE: Comment DECODE: Comment CODE: Password DECODE: __PASSWORD__ CODE: Mail Replica Servers DECODE: MailReplicaServers CODE: Location DECODE: Location CODE: Mail Quota Warning DECODE: MailQuotaWarningThreshold CODE: Organization Unit DECODE: OrgUnit CODE: Forward Domain DECODE: forwardingAddress CODE: First Name DECODE: FirstName CODE: Universal Id DECODE: __UID__ CODE: Full Name DECODE: __NAME__="${First_Name} ${Middle_Name} ${Last_Name}${Certifier_Org_Hierarchy}" CODE: Mail Internet Address DECODE: InternetAddress	This lookup definition is preconfigured. Table 1-3 lists the default entries in this lookup definition. You can add entries to this lookup definition if you want to map new target system attributes for provisioning. For more information, see Adding Target System Attributes for Provisioning.

1.7 Connector Objects Used During Target Resource Provisioning and Reconciliation

This section describes the different connector objects that you use for target provisioning and reconciliation.

This information is organized into the following topics:

1.7.1 User Attributes

The Process Form contains fields for Domino attributes that are supported "out-of-the-box." You must map these process form fields to Lotus Notes/Domino attributes for both provisioning and reconciliation, as follows:

For provisioning, map the form fields to attributes in Lookup.Domino.UM.ProvAttrMap
For reconciliation, map the form fields to attributes in Lookup.Domino.UM.ReconAttrMap

In these Lookups, the Code Key column stores the process form field labels and the Decode column stores the Domino Attribute name.

Table 1-3 describes the form fields used for target resource provisioning and reconciliation.

Table 1-3 Process Form Fields Used for Target Provisioning and Reconciliation

Process Form Field Label	Field Type	Description
Certifier ID File Path	TextField	Fully qualified path to the Certifier ID file
Certifier Org Hierarchy	LookupField	Canonical or abbreviated name of the certifier. For example, if the certifier is: The organization certifier for the ACME organization, then the value should be `/ACME` The organization unit, then the value should be similar to, `/SomOU/ACME` This value is provided in the Lookup.Domino.NotesCertifiers lookup. You can configure this lookup to reconcile values from a target resource by using the `Domino Connector Lookup Reconciliation` task. You must provide this value to ensure correct functionality.
Certifier Password	PasswordField	Password for the specified Certifier ID file
Comment	TextField	Comment
End Date	DateFieldDlg	End date
First Name	TextField	First name
Forwarding Domain	TextField	Forwarding e-mail address
Last Name	TextField	Last name
License Type	ComboBox	Type of ID file used to encrypt incoming or outgoing email and to encrypt data
Location	TextField	Location
Mail File Name	TextField	Mail file name Note: A mail file is created only when you register a new user. Although, you can change the name in OIM, the file will not be renamed.
Mail Internet Address	TextField	E-mail address
Mail Quota Limit	TextField	Maximum amount of emails permitted
Mail Quota Warning	TextField	Amount of mail is about to exceed or exceeds threshold
Mail Replica Servers	TextField	List of replica mail servers
Mail Server	TextField	Default mail server to use when creating users
Middle Name	TextField	Middle name
Organization Unit	TextField	Organization to which user belongs
Password	PasswordField	Password
Recertify	CheckBox	Recertify
Server Name	ITResourceLo	Server name
Short Name	TextField	Short name
Universal Id	DOField	Universal ID
CA Certifier	Mention the hierarchical CA Certifier name here. Example: `/ca/org1` In this example, CA is the CA Certifier under org1 organization.	CA Certifier
RoamSubDir	roamingsub directory name. Example: `roaming\roamuser`	RoamSubDir
MoveCertifer	If you check this check box moving a user name in the name hierarchy. See Moving the User Name in the Name Hierarchy for more information.	MoveCertifer

Table 1-4 describes the mapping between the form fields and user attributes for target resource provisioning and reconciliation.

Table 1-4 Mapping Form Fields to User Attributes for Target Resource Provisioning and Reconciliation

Process Form Field	IBM Lotus Notes and Domino Attribute
Certifier ID File Path	certifierIDFile
Certifier Org Hierarchy[LOOKUP]	CertifierOrgHierarchy
Certifier Password	credentials
Comment	Comment
End Date	GroupList
First Name	FirstName
Forward Domain (for provisioning) Forwarding Domain (for reconciliation)	forwardingAddress
Full Name	__NAME__="${First_Name} ${Middle_Name}${Last_Name}${Certifier_Org_Hierarchy}"
Group List~Group[LOOKUP] (for reconciliation) UD_LNGRP~Group Name[LOOKUP] (for provisioning)	GroupList
IDFile Name[PROVIDEONPSWDCHANGE]	idFile
Last Name	LastName
License Type	NorthAmerican
Location	Location
Mail File (for reconciliation)	MailFile
Mail File Name (for provisioning)	MailFile
Mail Internet Address	InternetAddress
Mail Quota Limit	MailQuotaSizeLimit
Mail Quota Warning	MailQuotaWarningThreshold
Mail Replica Servers	MailReplicaServers
Mail Server	MailServer
Middle Name	MiddleInitial
Old Password	_CURRENT_PASSWORD_
Organization Unit	OrgUnit
Password	_PASSWORD_
Recertify	Recertify
Short Name	ShortName
Status (for reconciliation)	_Enable_
Universal Id	_UID_

1.7.2 Provisioning Functions

Provisioning functions are basically provisioning process tasks that use adapters to perform provisioning operations.

Table 1-5 lists the provisioning functions that are available with this connector.

Table 1-5 Provisioning Functions

Function	Adapter	Description
`Create User`	`LNCreateUser`	Use this function to create users. Parameters include: objectType: Defined as a constant String, set to the `User` value. itResourceFieldValue: Defined as a String, set to `UD_LOTUS_SERVERNAME`. processInstanceKey: Defined as a Long, set to `Process Instance`.
`Delete User`	`LNDeleteUser`	Use this function to delete users. Parameters include: objectType: Defined as a String, set to `User`. itResourceFieldValue: Defined as a String, set to `UD_LOTUS_SERVERNAME`. processInstanceKey: Defined as a Long, set to `Process Instance`.
`* Updated` Where `*` is the form field label (except Password)	`LNUpdateUserInfo`	Use this function to update the User field. Parameters include: objectType: Defined as a String, set to `User`. itResourceFieldValue: Defined as a String, set to `UD_LOTUS_SERVERNAME`. processInstanceKey: Defined as a Long, set to `Process Instance`. attrName: Defined as the label of the form field to be updated.
`Password Updated`	`LNUpdatePassword`	Use this function to update passwords. Parameters include: objectType: Defined as a String, set to `User`. itResourceFieldValue: Defined as a String, set to `UD_LOTUS_SERVERNAME`. processInstanceKey: Defined as a Long, set to `Process Instance`. attrName: Defined as the field to update `Password`. oldPassword: Defined as the old password value.
`Disable User`	`LNDisableUser`	Use this function to set a user's status to disabled. Parameters include: itResourceFieldValue: Defined as a String, set to `UD_LOTUS_SERVERNAME`. processInstanceKey: Defined as a Long, set to `Process Instance`.
`Enable User`	`LNEnableUser`	Use this function to set a user's status to enabled. Parameters include: itResourceFieldValue: Defined as a String, set to `UD_LOTUS_SERVERNAME`. processInstanceKey: Defined as a Long, set to `Process Instance`.

1.7.3 Reconciliation Rule for Target Resource Reconciliation

Learn about the reconciliation rule for this connector and how to view it.

1.7.3.1 Target Resource Reconciliation Rule

The following is the process matching rule:

Rule name: Reconcile Lotus User

Rule element: (Last Name Equals Last Name) AND (First Name Equals First Name)

In the first rule component:

Last Name to the left of the Equals is the LastName field on the OIM User form.
LastName to the right of the Equals is the LastName field of the target system.

In the second rule component:

First Name to the left of the Equals is the FirstName field on the OIM User form.
First Name to the right of the Equals is the FirstName field of the target system.

1.7.3.2 Viewing Target Resource Reconciliation Rules

After you deploy the connector, you can view the reconciliation rule for target resource reconciliation by performing the following steps:

Note:

Perform the following procedure only after the connector is deployed.

Log in to the Oracle Identity Manager Design Console.
Expand Development Tools.
Double-click Reconciliation Rules.
Search for Reconcile Lotus User. Figure 1-2 shows the reconciliation rule for target resource reconciliation.

Figure 1-2 Reconciliation Rule for Target Resource Reconciliation

Description of "Figure 1-2 Reconciliation Rule for Target Resource Reconciliation"

1.7.4 Reconciliation Action Rules for Target Resource Reconciliation

Learn about the reconciliation action rules for this connector and how to view them.

1.7.4.1 Target Resource Reconciliation Action Rules

Table 1-6 lists the action rules for target resource reconciliation.

Table 1-6 Action Rules for Target Resource Reconciliation

Rule Condition	Action
No Matches Found	Assign to Administrator With Least Load
One Entity Match Found	Establish Link
One Process Match Found	Establish Link

Note:

No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. See the following sections in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about modifying or creating reconciliation action rules:

1.7.4.2 Viewing Target Resource Reconciliation Action Rules

After you deploy the connector, you can view the reconciliation action rules for target resource reconciliation by performing the following steps:

Log in to the Oracle Identity Manager Design Console.
Expand Resource Management.
Double-click Resource Objects.
Search for and open the Lotus User resource object.
Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-3 shows the reconciliation action rule for target resource reconciliation.

Figure 1-3 Reconciliation Action Rules for Target Resource Reconciliation

Description of "Figure 1-3 Reconciliation Action Rules for Target Resource Reconciliation"

1.8 Connector Objects Used in the Trusted Source Mode

Trusted source reconciliation involves fetching data about newly created or modified accounts on the target system and using that data to create or update OIM Users.

This section discusses the following topics:

1.8.1 User Attributes for Trusted Source Reconciliation

The Lookup.Domino.UM.ReconAttrMap.Trusted lookup definition (see Table 1-2) maps resource object fields and target system attributes. The Code Key column stores the names of resource object fields. The Decode column:

Table 1-7 provides information about the form fields used for trusted source reconciliation.

Table 1-7 OIM User Fields Used for Trusted Source Reconciliation

Process Form Field	Field Type	Description
Email	TextField	E-mail address
First Name	TextField	First name
Last Name	TextField	Last name
Middle Name	TextField	Middle name
Status	TextField	Reconciliation status
User Login	TextField	16-bit alphanumeric ID that uniquely identifies a user

Table 1-8 lists the form field and user attribute mappings for trusted source reconciliation.

Table 1-8 Mapping Form Fields to User Attributes for Trusted Source Reconciliation

OIM User Form Field	IBM Lotus Notes and Domino Attribute
Status[TRUSTED]	_ENABLE_
User Login	ShortName
First Name	FirstName
Email	InternetAddress
Middle Name	MiddleInitial
Last Name	LastName

1.8.2 Reconciliation Rule for Trusted Source Reconciliation

Learn about the reconciliation rule for trusted source reconciliation and how to view it.

1.8.2.1 Trusted Source Reconciliation Rule

The following is the process matching rule:

Rule name: Lotus Trusted User

Rule element: User Login equals User Login

1.8.2.2 Viewing Trusted Source Reconciliation Rule

After you deploy the connector, you can view the reconciliation rule for target resource reconciliation by performing the following steps:

Note:

Perform the following procedure only after the connector is deployed.

Log in to the Oracle Identity Manager Design Console.
Expand Development Tools.
Double-click Reconciliation Rules.
Search for Lotus Trusted User.

Figure 1-4 Reconciliation Rule for Trusted Source Reconciliation

Description of "Figure 1-4 Reconciliation Rule for Trusted Source Reconciliation"

1.8.3 Reconciliation Action Rules for Trusted Source Reconciliation

Learn about the reconciliation action rules for trusted source reconciliation and how to view them.

1.8.3.1 Trusted Source Reconciliation Action Rules

Table 1-9 lists the action rules for trusted source reconciliation.

Table 1-9 Action Rules for Trusted Source Reconciliation

Rule Condition	Action
No Matches Found	Create User
One Entity Match Found	Establish Link
One Process Match Found	Establish Link

Note:

No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. See the following sections in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about modifying or creating reconciliation action rules:

1.8.3.2 Viewing Trusted Source Reconciliation Action Rules

After you deploy the connector, you can view the reconciliation action rules for target resource reconciliation by performing the following steps:

Log in to the Oracle Identity Manager Design Console.
Expand Resource Management.
Double-click Resource Objects.
Search for and open the Lotus Trusted User resource object.
Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-5 shows the reconciliation action rule for target resource reconciliation.

Figure 1-5 Reconciliation Action Rules for Trusted Source Reconciliation

Description of "Figure 1-5 Reconciliation Action Rules for Trusted Source Reconciliation"