The procedure to deploy the connector is divided across three stages namely preinstallation, installation, and postinstallation.
Note:
Some of the procedures described in this chapter are meant to be performed on the target system. The minimum permissions required to perform the target system procedure are those assigned to members of the Domain Admins group. To perform the target system-specific procedures, you can use the same user account that you create for deploying the Microsoft Active Directory User Management connector.
See Creating a Target System User Account for Connector Operations of Oracle Identity Manager Connector Guide for Microsoft Active Directory User Management for information about creating that user account.
Preinstallation involves installing, configuring, and running the connector server, enabling logging and so on.
Preinstallation on the target system involves creating a target system user account with appropriate permissions for connector operations. Oracle Identity Manager requires this account to connect to the target system during reconciliation and provisioning operations.
Depending on the Exchange Server version you are using, ensure the account meets the following requirements:
The following are the minimum privileges required for an Exchange 2007 service account to manage recipients (UserMailbox and MailUser):
The service account must be a member of Exchange Recipient Administrators group.
For more information, see http://technet.microsoft.com/en-us/library/aa996881%28v=exchg.80%29.aspx
.
If you want to add a recipient to a distribution group or remove a recipient from a distribution group, then the service account must also be a member of Account Operators group in the domain where the distribution group exists.
For more information, see http://technet.microsoft.com/en-us/library/bb124340%28v=exchg.80%29.aspx
and http://technet.microsoft.com/en-us/library/aa997627%28v=exchg.80%29.aspx
.
This following is the minimum privilege required for an Exchange 2010 service account to manage recipients (UserMailbox and MailUser):
The service account must be a member of Recipient Management group.
For more information, see http://technet.microsoft.com/en-us/library/dd298028%28v=exchg.141%29.aspx
.
This following is the minimum privilege required for an Exchange 2013 service account to manage recipients (UserMailbox and MailUser):
The service account must be a member of Recipient Management group.
For more information, see https://technet.microsoft.com/en-us/library/dd298028%28v=exchg.150%29.aspx
.
The following is the minimum privilege required for an Exchange 2016 service account to manage recipients (UserMailbox and MailUser):
The service account must be a member of Recipient Management group.
For more information, see https://docs.microsoft.com/en-us/Exchange/permissions/permissions?view=exchserver-2016.
The connector server is an application that enables remote execution of the Exchange connector. As the Exchange connector is implemented in .NET, it requires a .NET connector server. The connector server can either be installed on the same computer as that of the Exchange Server or on a different computer in the same domain as that of the Exchange Server.
For more information, see Connector Architecture.
This section contains the following topics:
The following prerequisites and requirements must be met for the connector server:
The computer hosting the connector server must have Intel Dual-Core Processor, 2 GHz with 4 GB RAM or a computer with similar configuration.
If you have a computer dedicated to the connector server, then 2 GB RAM is sufficient.
Before you install the connector server, ensure that you have installed .NET Framework 3.5 SP1 on the same computer where you are installing the connector server.
In addition, you must install the following patch:
http://support.microsoft.com/kb/981575
The .NET connector server need not be installed on the Exchange server target system. It can be installed either on the Exchange server or on a system that belongs to the same domain as that of the Exchange server.
If you are using Exchange Server 2007, then you must install Exchange Management Tools on the computer hosting the connector server. This is a mandatory requirement.
If you are using Exchange Server 2010, then TCP port 80 must be open between the computer hosting the connector server and the remote Exchange 2010 server, and the port must be allowed through Windows Firewall on the Exchange 2010 server. In addition, ensure other prerequisites are met for remote Shell as mentioned in the Remote Exchange Management page at:
http://technet.microsoft.com/en-in/library/dd297932%28v=exchg.141%29.aspx
To install the connector server:
Note:
If you have already installed Connector Server 11.1.1.5.0, then you can skip this procedure.
To configure the connector server:
Open the connectorserver.exe.config file located in the CONNECTOR_SERVER_HOME directory. In the connectorserver.exe.config file, set the following properties, as required by your deployment.
Property | Description |
---|---|
connectorserver.port |
Port on which the connector server listens for requests. Default value: |
connectorserver.usessl |
If set to Default value: |
Certificatestorename |
If the connectorserver.usessl property is set to true, then this property should point to your certificate store name. |
connectorserver.key |
Connector server key. See Step 2 for information about setting this value. |
Set The connector server key in the connectorserver.exe.config file, as follows:
Note:
This key value must be mentioned in the Exchange connector server IT resource property.
Open a command prompt and navigate to CONNECTOR_SERVER_HOME directory.
Run the ConnectorServer.exe /setKey command.
This displays the prompt Enter Key:
Enter an appropriate key and press Enter.
This displays the prompt Confirm Key:
Enter the same key to confirm and press Enter.
This displays the message Key Updated.
The Exchange connector uses the built-in logging mechanism of the .NET framework. Logging for the Exchange connector is not integrated with Oracle Identity Manager. The log level is set in the .NET connector server configuration file (ConnectorServer.exe.config).
By default, logging is not enabled for the connector. To enable logging:
Information about events that occur during the course of reconciliation and provisioning operations are stored in a log file. As you use the connector over a period time, the amount of information written to a log file increases. If no rotation is performed, then log files become huge.
To avoid such a scenario, perform the procedure described in this section to configure rotation of the log file.
To configure rotation of a log file on a daily basis:
See Also:
The following URL for more information about configuring log file rotation:
http://msdn.microsoft.com/en-us/library/microsoft.visualbasic.logging.filelogtracelistener.aspx
To run the connector server, perform one of the following steps depending on the Exchange Server version:
If you are using Exchange Server 2007:
Login to computer hosting the connector server.
The login user must have permissions to perform the following steps.
Open Windows services explorer. To do so:
Click the Start button, then click to Run... Enter Services.msc
and click OK.
Locate the Connector Server service.
Right-click on the service and click Properties.
Click the Log On tab and select This Account.
Click Browse to choose the service account having minimum privileges as described in Privileges for Exchange 2007 Service Account. Then, enter password for this service account.
Click OK.
With this service selected, click Run.
After the above steps are completed successfully, the connector server runs with the service account that has the minimum privileges to perform recipient management tasks on Exchange Server 2007.
Note:
The above steps are mandatory and must be completed successfully. This is because the Exchange connector uses the credentials of the user who starts the connector server to communicate with Exchange Server 2007. The user name and password information provided in the IT resource is not used.
If you are using Exchange Server 2010:
Login to computer hosting the connector server.
The login user must have permissions to perform the following steps.
Open Windows services explorer. To do so:
Click the Start button, then click to Run... Then, enter Services.msc
and click OK.
Locate the Connector Server service and click Run.
Note:
The Exchange connector uses the user credentials provided in the Exchange IT Resource. For more information, see Configuring the IT Resource for the Target System. As the connector uses credentials provided in the IT resource to communicate with Exchange Server, any user can start the connector server.
Alternatively, the connector server can be started by the service account having minimum privileges as described in Privileges for Exchange 2010 Service Account.
You must install the connector in Oracle Identity Manager and in the connector server.
The following sections provide information about installation:
Installation on Oracle Identity Manager involves running the connector installer and configuring the IT resource.
Note:
In this guide, the term Connector Installer has been used to refer to the Connector Installer feature of the Oracle Identity Manager Administrative and User Console.
Ensure that the Microsoft Active Directory User Management connector is installed before you proceed to install the connector.
To run the Connector Installer:
Copy the contents of the connector installation media directory into the following directory:
OIM_HOME/server/ConnectorDefaultDirectory
Note:
In an Oracle Identity Manager cluster, perform this step on each node of the cluster.
If you are using Oracle Identity Manager release 11.1.1., then:
Log in to the Administrative and User Console.
On the Welcome to Identity Manager Advanced Administration page, in the System Management region, click Manage Connector.
If you are using Oracle Identity Manager release 11.1.2.x, then:
Log in to Oracle Identity System Administration.
In the left pane, under System Management, click Manage Connector.
In the Manage Connector page, click Install.
From the Connector List list, select Exchange Connector 11.1.1.6.0. This list displays the names and release numbers of connectors whose installation files you copy into the default connector installation in Step 1.
If you have copied the installation files into a different directory, then:
In the Alternative Directory field, enter the full path and name of that directory.
To repopulate the list of connectors in the Connector List list, click Refresh.
From the Connector List list, select Exchange Connector 11.1.1.6.0.
Click Load.
To start the installation process, click Continue.
The following tasks are performed, in sequence:
Configuration of connector libraries
Import of the connector XML files (by using the Deployment Manager)
Compilation of adapters
On successful completion of a task, a check mark is displayed for the task. If a task fails, then an X mark and a message stating the reason for failure are displayed. Depending on the reason for the failure, make the required correction and then perform one of the following steps:
Retry the installation by clicking Retry.
Cancel the installation and begin again from Step 1.
If all three tasks of the connector installation process are successful, then a message indicating successful installation is displayed. In addition, a list of the steps that you must perform after the installation is displayed. These steps are as follows:
Ensuring that the prerequisites for using the connector are addressed
Note:
At this stage, run the Oracle Identity Manager PurgeCache utility to load the server cache with content from the connector resource bundle in order to view the list of prerequisites. See Clearing Content Related to Connector Resource Bundles from the Server Cache for information about running the PurgeCache utility.
There are no prerequisites for some predefined connectors.
Configuring the IT resource for the connector
Record the name of the IT resource displayed on this page. The procedure to configure the IT resource is described later in this guide.
Configuring the scheduled tasks
Record the names of the scheduled tasks displayed on this page. The procedure to configure these scheduled tasks is described later in this guide.
When you run the Connector Installer, it copies the connector files and external code files to destination directories on the Oracle Identity Manager host computer. These files are listed in Table A-1.
The IT resource for the target system contains connection information about the target system. Oracle Identity Manager uses this information for reconciliation and provisioning.
For both provisioning and reconciliation, the Microsoft Exchange connector uses Exchange IT Resource. This IT resource is created with default parameter values as part of the connector installation. You must update the IT resource parameters with information about the target system.
To configure the Microsoft Exchange Server IT resource:
Depending on the Oracle Identity Manager release you are using, perform one of the following steps:
For Oracle Identity Manager release 11.1.1:
Log in to the Administrative and User Console.
For Oracle Identity Manager release 11.1.2.x:
Log in to Oracle Identity System Administration.
If you are using Oracle Identity Manager release 11.1.1, then:
On the Welcome page, click Advanced in the upper-right corner of the page.
On the Welcome to Oracle Identity Manager Advanced Administration page, in the Configuration region, click Manage IT Resource.
If you are using Oracle Identity Manager release 11.1.2.x, then in the left pane under Configuration, click IT Resource.
In the IT Resource Name field on the Manage IT Resource page, enter Exchange IT Resource
and then click Search.
Click the edit icon corresponding to the Exchange IT resource.
From the list at the top of the page, select Details and Parameters.
Specify values for the parameters of the Exchange IT resource.
The following screenshot shows the Edit IT Resource Details and Parameters page for Exchange 2007:
Note:
The ExchangeUser, ExchangeServerHost, and ExchangeUserPassword properties are not required if Exchange Server version is 2007. The connector uses the credentials of the user who started the connector server to connect to Exchange Server. This user is the service account having minimum privileges described in Privileges for Exchange 2007 Service Account.
As the Exchange Management Tools are installed on connector server host computer, the connector knows to which Exchange Server it should connect to.
The following screenshot shows the Edit IT Resource Details and Parameters page for Exchange 2010:
Note:
The ExchangeUser, ExchangeServerHost, and ExchangeUserPassword properties are required. The connector uses these properties to connect remotely to Exchange Server.
The ExchangeUser specified is the service account having minimum privileges described in Privileges for Exchange 2010 Service Account.
Table 2-2 describes each parameter of the Exchange IT resource.
Table 2-2 Parameters of the Exchange IT Resource for the Target System
Parameter | Description |
---|---|
Configuration Lookup |
This parameter holds the name of the lookup definition that stores configuration information used during reconciliation and provisioning. Default value: |
Connector Server Name |
Name of the IT resource of the type "Connector Server." A default IT resource for the connector server is created during the connector installation. See Configuring the IT Resource for the Connector Server for information about modifying the default IT resource. Default value: |
ExchangeServerType |
Enter the type of Microsoft Exchange Server. For Exchange 2007, set the value to For Exchange 2010, set the value to For Exchange 2013, set the value to For Exchange 2016, set the value to Default value: |
ExchangeServerHost |
Hostname of the computer hosting Exchange Server 2010, 2013, or 2016. This is required only if ExchangeServerType is set to |
ExchangeUser |
User name of the service account having minimum privileges described in Privileges for Exchange 2010 Service Account. Format: DomainName\UserName This is required only if ExchangeServerType is set to |
ExchangeUserPassword |
Valid password for user specified for the ExchangeUser parameter. This is required only if ExchangeServerType is set to |
To save the values, click Update.
To deploy the connector bundle on the connector server, you must copy and extract the connector bundle to the connector server and then configure the IT resource for the connector server.
To copy and extract the connector bundle to the connector server:
Note:
If a single connector server is used for both Active Directory and Exchange connectors, and if the connector server already has the Active Directory connector DLL, do not update connector server with Active Directory connector DLL provided as part of the Exchange connector bundle ZIP file.
During the installation of the connector, a default IT resource for the connector server for Microsoft Exchange is created with the name, Exchange connector server.
To configure or modify the IT resource for the connector server:
Depending on the Oracle Identity Manager release you are using, perform one of the following steps:
For Oracle Identity Manager release 11.1.1:
Log in to the Administrative and User Console.
For Oracle Identity Manager release 11.1.2.x:
Log in to Oracle Identity System Administration.
If you are using Oracle Identity Manager release 11.1.1, then:
On the Welcome page, click Advanced in the upper-right corner of the page.
On the Welcome to Oracle Identity Manager Advanced Administration page, in the Configuration region, click Manage IT Resource.
If you are using Oracle Identity Manager release 11.1.2.x, then in the left pane under Configuration, click IT Resource.
In the IT Resource Name field on the Manage IT Resource page, enter Exchange Connector Server
and then click Search.
Click the edit icon corresponding to the Exchange connector server IT resource.
From the list at the top of the page, select Details and Parameters.
Specify values for the parameters of the Exchange connector server IT resource. Figure 2-1 shows the Edit IT Resource Details and Parameters page.
Figure 2-1 Edit IT Resource Details and Parameters Page for the Exchange Connector Server IT Resource
Table 2-3 provides information about the parameters of the Exchange connector server IT resource.
Table 2-3 Parameters of the Exchange Connector Server IT Resource
Parameter | Description |
---|---|
Host |
Enter the host name or IP address of the computer hosting the connector server. Sample value: |
Key |
Enter the key for the connector server. |
Port |
Enter the number of the port at which the connector server is listening. Default value: |
Timeout |
Enter an integer value which specifies the number of milliseconds after which the connection between the connector server and Oracle Identity Manager times out. If the value is zero or if no value is specified, the timeout is unlimited. Sample value: |
UseSSL |
Enter Default value: See Also: Configuring SSL Between Oracle Identity Manager and Connector Server for information about enabling SSL |
To save the values, click Update.
Postinstallation involves configuring Oracle Identity Manager, localizing field labels, clearing server cache, configuring SSL, and so on.
If you are using Oracle Identity Manager release 11.1.2 or later, you must create additional metadata such as a UI form and an application instance. In addition, you must run entitlement and catalog synchronization jobs.
These procedures are described in the following sections:
Create and activate a sandbox as follows. For detailed instructions, see Managing Sandboxes in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.
Create a new UI form as follows. For detailed instructions, see Managing Forms in Oracle Fusion Middleware Administering Oracle Identity Manager.
Create an application instance as follows. For detailed instructions, see Managing Application Instances in Oracle Fusion Middleware Administering Oracle Identity Manager.
Note:
If you are using access policy-based provisioning, then specify the Active Directory connector application instance as the value for the Parent AppInstance attribute.
To publish the sandbox that you created in Creating and Activating a Sandbox:
To harvest entitlements and sync catalog:
For any changes you do in the Form Designer, you must create a new UI form and update the changes in an application instance. To update an existing application instance with a new form:
You can localize UI form field labels by using the resource bundle corresponding to the language you want to use. Resource bundles are available in the connector installation media.
Note:
Perform the procedure described in this section only if you are using Oracle Identity Manager release 11.1.2.x or later and you want to localize UI form field labels.
To localize field label that you add to in UI forms:
Log in to Oracle Enterprise Manager.
In the left pane, expand Application Deployments and then select oracle.iam.console.identity.sysadmin.ear.
In the right pane, from the Application Deployment list, select MDS Configuration.
On the MDS Configuration page, click Export and save the archive to the local computer.
Extract the contents of the archive, and open the following file in a text editor:
For Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0) or later:
SAVED_LOCATION\xliffBundles\oracle\iam\ui\runtime\BizEditorBundle_en.xlf
For releases prior to Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0):
SAVED_LOCATION\xliffBundles\oracle\iam\ui\runtime\BizEditorBundle.xlf
Edit the BizEditorBundle.xlf file in the following manner:
Search for the following text:
<file source-language="en" original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf" datatype="x-oracle-adf">
Replace with the following text:
<file source-language="en" target-language="LANG_CODE"
original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf"
datatype="x-oracle-adf">
In this text, replace LANG_CODE with the code of the language that you want to localize the form field labels. The following is a sample value for localizing the form field labels in French:
<file source-language="en" target-language="fr" original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf" datatype="x-oracle-adf">
Search for the application instance code. This procedure shows a sample edit for Exchange application instance. The original code is:
<trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_EXCHANGE_DISPLAYNAME__c_description']}"> <source>Display Name</source> <target/> </trans-unit> <trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.ExchUserForm.entity.ExchUserFormEO.UD_EXCHANGE_DISPLAYNAME__c_LABEL"> <source>Display Name</source> <target/> </trans-unit>
Open the resource file from the connector package, for example Exchange_fr.properties, and get the value of the attribute from the file, for example, global.udf.UD_EXCHANGE_DISPLAYNAME=Nom d'affichage.
Replace the original code shown in Step 6.c with the following:
<trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_EXCHANGE_DISPLAYNAME__c_description']}"> <source>Display Name</source> <target>Nom d'affichage</target> </trans-unit> <trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.ExchUserForm.entity.ExchUserFormEO.UD_EXCHANGE_DISPLAYNAME__c_LABEL"> <source>Display Name</source> <target>Nom d'affichage</target> </trans-unit>
Repeat Steps 6.a through 6.d for all attributes of the process form.
Save the file as BizEditorBundle_LANG_CODE.xlf. In this file name, replace LANG_CODE with the code of the language to which you are localizing.
Sample file name: BizEditorBundle_fr.xlf.
Repackage the ZIP file and import it into MDS.
See Also:
Deploying and Undeploying Customizations in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager, for more information about exporting and importing metadata files
Log out of and log in to Oracle Identity Manager.
When you deploy the connector, the resource bundles are copied from the resources directory on the installation media into the Oracle Identity Manager database. Whenever you add a new resource bundle to the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.
Note:
In an Oracle Identity Manager cluster, you must perform this step on each node of the cluster. Then, restart each node.
To clear content related to connector resource bundles from the server cache:
To link the Exchange resource object with the AD User resource object:
In request-based provisioning, an end user creates a request for a resource by using the Administrative and User Console. Administrators or other users can also create requests for a particular user. Requests for a particular resource on the resource can be viewed and approved by approvers designated in Oracle Identity Manager.
Note:
Perform the procedure described in this section only if both the conditions are true:
You are using Oracle Identity Manager release 11.1.1.
You want to perform request-based provisioning operations.
The following are features of request-based provisioning:
A user can be provisioned only one resource (account) on the target system.
Note:
Direct provisioning allows the provisioning of multiple Microsoft Exchange accounts on the target system.
Direct provisioning cannot be used if you enable request-based provisioning.
To configure request-based provisioning, perform the following procedures:
Note:
You can perform this procedure instead of the procedures described in Copying Predefined Request Datasets and Importing Request Datasets into MDS.
A request dataset is an XML file that specifies the information to be submitted by the requester during a provisioning operation. These request datasets specify information about the default set of attributes for which the requester must submit information during a request-based provisioning operation.
To import a request dataset XML file by using the Deployment Manager:
Predefined request datasets are shipped with this connector. The following is list of predefined request datasets available in the DataSet directory on the installation media:
ModifyResourceExchange.xml
ProvisionResourceExchange.xml
Copy these files from the installation media to any directory on the Oracle Identity Manager host computer. It is recommended that you create a directory structure as follows:
/custom/connector/RESOURCE_NAME
For example:
E:\MyDatasets\custom\connector\Exchng
Note:
Until you complete the procedure to configure request-based provisioning, ensure that there are no other files or directories inside the parent directory in which you create the directory structure. In the preceding example, ensure that there are no other files or directories inside the E:\MyDatasets directory.
The directory structure to which you copy the dataset files is the MDS location into which these files are imported after you run the Oracle Identity Manager MDS Import utility. The procedure to import dataset files is described in the next section.
Depending on your requirement, you can modify the file names of the request datasets. In addition, you can modify the information in the request datasets.
All request datasets must be imported into the metadata store (MDS), which can be done by using the Oracle Identity Manager MDS Import utility.
To import a request dataset definition into MDS:
Set up the environment for running the MDS Import utility as follows:
Set Environment Variable: Set the OIM_ORACLE_HOME
environment variable to the Oracle Identity Management Oracle home directory inside the Middleware home directory. For example, for Microsoft Windows, set the OIM_ORACLE_HOME
environment variable to C:\Oracle\Middleware\Oracle_IDM1\ directory.
Set Up the Properties File: Set the necessary properties in the weblogic.properties
file, which is located in the same folder as the utilities.
Note:
While setting up the properties in the weblogic.properties file, ensure that the value of the metadata_from_loc property is the parent directory of the /custom/connector/RESOURCE_NAME directory. For example, while performing the procedure in Copying Predefined Request Datasets, if you copy the files to the E:\MyDatasets\custom\connector\Exchng directory, then set the value of the metada_from_loc property to E:\MyDatasets.
Table 2-4 Parameters in the Properties File
Property Name | Description | Notes |
---|---|---|
wls_servername |
Name of the Oracle WebLogic Server on which Oracle Identity Manager is deployed |
|
application_name |
The application name |
Value is:
If importing or exporting custom data, set application_name to OIMMetadata. |
metadata_from_loc |
Directory location from which an XML file should be imported. This property is used by weblogicImportMetadata.sh script. |
Microsoft Windows paths include // as file or directory separator. |
metadata_to_loc |
Directory location from which an XML file should be imported. This property is used by weblogicExportMetadata.sh script. |
Microsoft Windows paths include // as file or directory separator. |
metadata_files |
Full path and name of an XML file. This property is used by weblogicExportMetadata.sh and weblogicDeleteMetadata.sh scripts. |
For example, you may specify /file/User.xml to export a user entity definition. You can indicate multiple xml files as comma-separated values. |
In a command window, change to the OIM_HOME\server\bin directory.
Run one of the following commands:
On Microsoft Windows
weblogicImportMetadata.bat
On UNIX
weblogicImportMetadata.sh
When prompted, enter the following values:
Please enter your username [weblogic]
Enter the username used to log in to WebLogic server
Sample value: WL_User
Please enter your password [weblogic]
Enter the password used to log in to WebLogic server
Please enter your server URL [t3://localhost:7001]
Enter the URL of the application server in the following format:
t3://
HOST_NAME_IP_ADDRESS
:
PORT
In this format, replace:
HOST_NAME_IP_ADDRESS with the host name or IP address of the computer on which Oracle Identity Manager is installed.
PORT with the port on which Oracle Identity Manager is listening.
The request dataset is imported into MDS at the following location:
/custom/connector/RESOURCE_NAME
To enable the Auto Save Form feature:
Run the PurgeCache utility to clear content belonging to the Metadata category from the server cache. See Clearing Content Related to Connector Resource Bundles from the Server Cache for instructions.
The procedure to configure request-based provisioning ends with this step.
You must configure SSL to secure communication between Oracle Identity Manager and Connector Server.
This procedure is mandatory if the connector server and the Exchange bundle are installed on the target system.
The following sections provide information about configuring SSL between Oracle Identity manager and connector server:
Before you configure SSL, you must install Certificate Services on the target system host computer:
To install Certificate Services on the target system host computer:
Note:
Before you begin installing Certificate Services, you must ensure that Internet Information Services (IIS) is installed on the target system host computer.
To install Certificate Services on the target system host computer:
By default, this connector uses the ICF connection pooling. Learn about the connection pooling properties for this connector, their description, and default values set in ICF:
Table 2-5 Connection Pooling Properties
Property | Description |
---|---|
Pool Max Idle |
Maximum number of idle objects in a pool. Default value: |
Pool Max Size |
Maximum number of connections that the pool can create. Default value: |
Pool Max Wait |
Maximum time, in milliseconds, the pool must wait for a free object to make itself available to be consumed for an operation. Default value: |
Pool Min Evict Idle Time |
Minimum time, in milliseconds, the connector must wait before evicting an idle object. Default value: |
Pool Min Idle |
Minimum number of idle objects in a pool. Default value: |
If you want to modify the connection pooling properties to use values that suit requirements in your environment, then:
If you have already deployed an earlier release of this connector, then upgrade the connector to the current release.
The following sections discuss the procedure to upgrade the connector:
Note:
Before you perform the upgrade procedure:
It is strongly recommended that you create a backup of the Oracle Identity Manager database. Refer to the database documentation for information about creating a backup.
Upgrade the Microsoft Active Directory connector.
As a best practice, first perform the upgrade procedure in a test environment.
Preupgrade involves performing certain procedures such as performing a reconciliation run to fetch all the latest updates to Oracle Identity Manager and then disabling the scheduled tasks, defining the source connector and so on.
Perform the following preupgrade steps:
This is a summary of the procedure to upgrade the connector for both staging and production environments.
Depending on the environment in which you are upgrading the connector, perform one of the following steps:
Staging Environment
Perform the upgrade procedure by using the wizard mode.
Production Environment
Perform the upgrade procedure by using the silent mode.
See Managing Connector Lifecycle in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about the wizard and silent modes.
Postupgrade involves copying connector code files, configuring the IT resource and scheduled tasks, running the FVC utility and so on.
Perform the following procedure:
Perform the postupgrade procedure documented in Managing Connector Lifecycle of Oracle Fusion Middleware Administering Oracle Identity Manager.
If you are using Oracle Identity Manager release 11.1.2.x or later, then all changes made to the Form Designer of the Design Console must be done in a new UI form as follows:
Log in to Oracle Identity System Administration.
Create and activate a sandbox. See Creating and Activating a Sandbox for more information.
Create a new UI form to view the upgraded fields. See Creating a New UI Form for more information about creating a UI form.
Associate the newly created UI form with the application instance of your target system. To do so, open the existing application instance for your resource, from the Form field, select the form (created in Step 2.c), and then save the application instance.
Publish the sandbox. See Publishing a Sandbox for more information.
Run the Form Version Control (FVC) utility to manage data changes on a form after an upgrade operation. To do so:
In a text editor, open the fvc.properties file located in the OIM_DC_HOME directory and include the following entries:
ResourceObject;Exchange User FormName;UD_MSEXCHG FromVersion;v1 ToVersion;v_11.1.1.6.0 Parent;UD_MSEXCHG_RECIPIENTTYPE;UserMailbox ParentParent;UD_MSEXCHG_EXCHANGEITRESOURCE;UD_MSEXCHG_SERVER
Run the FVC utility. This utility is copied into the following directory when you install the design console:
For Microsoft Windows:
OIM_DC_HOME/fvcutil.bat
For UNIX:
OIM_DC_HOME/fvcutil.sh
When you run this utility, you are prompted to enter the login credentials of the Oracle Identity Manager administrator, and the logger level and log file location.
If you are upgrading the connector from release 9.x to 11.x, then run the PostUpgradeScript.sql script as follows:
Note:
Skip performing this step if you are upgrading the connector from release 11.1.1.5.0 to 11.1.1.6.0.
Connect to the Oracle Identity Manager database by using the OIM User credentials.
Run the PostUpgradeScript.sql located in the OIM_HOME/server/ConnectorDefaultDirectory/EXCHANGE_PACKAGE/upgrade directory.
Deploy the connector server. See Installing, Configuring, and Running the Connector Server for more information.
Re-configure the IT resource of the source connector (an earlier release of the connector that must be upgraded). See Configuring the IT Resource for the Target System for information about configuring the IT resource.
You can clone the Exchange connector by setting new names for some of the objects that comprise the connector.
The outcome of the process is a new connector XML file. Most of the connector objects, such as Resource Object, Process Definition, Process Form, IT Resource Type Definition, IT Resource Instances, Lookup Definitions, Adapters, Reconciliation Rules and so on in the new connector XML file have new names.
See Also:
Managing Connector Lifecycle in Oracle Fusion Middleware Administering Oracle Identity Manager for detailed information about cloning connectors and the steps mentioned in this section
After a copy of the connector is created by setting new names for connector objects, some objects might contain the details of the old connector objects. Therefore, you must modify the following Oracle Identity Manager objects to replace the base connector artifacts or attribute references with the corresponding cloned artifacts or attributes:
Lookup Definition
If the lookup definition contains the old lookup definition details, then you must modify it to provide the new cloned lookup definition names. If the Code Key and Decode values are referring the base connector attribute references, then replace these with new cloned attributes.
Scheduled Task
You must replace the base connector resource object name in the scheduled task with the cloned resource object name. If the scheduled task parameter has any data referring to the base connector artifacts or attributes, then these must be replaced with the new cloned connector artifacts or attributes.
Child Table
You must reassign the adapter and add a new literal value to the childTableName variable of a child table after cloning the connector.
To update a child table, such as Distribution Group Insert and Distribution Group Update process tasks of the Exchange connector:
Log in to Design Console.
Open the process task and click Integrations tab.
Click Remove to unassign the adapter to the process task.
Click Add to assign the same adapter to the process task.
Assign a new literal value to the childTableName variable.
Map the other adapter variables as per the previous mappings.
Localization Properties
You must update the resource bundle of a user locale with new names of the process form attributes for proper translations after cloning the connector. You can modify the properties file of your locale in the resources directory of the connector bundle.
For example, the process form attributes are referenced in the Japanese properties file, Exchange_ja.properties, as global.udf.UD_EXCHANGE_ALIASNAME.
During cloning, if you change the process form name from UD_EXCHANGE
to UD_EXCHANG1,
then you must update the process form attributes to global.udf.UD_EXCHANG1_ALIASNAME.