Go to main content
1/18
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Documentation Updates
Conventions
What's New in Oracle Identity Manager Connector for OID?
Software Updates
Software Updates in Release 11.1.1.6.0
Software Updates in Release 11.1.1.5.0
Documentation-Specific Updates
Documentation-Specific Updates in Release 11.1.1.6.0
Documentation-Specific Updates in Release 11.1.1.5.0
1
About the Connector
1.1
Introduction to the OID Connector
1.2
Certified Components
1.3
Usage Recommendations for the OID Connector
1.4
Certified Languages for the OID Connector
1.5
Architecture of the OID Connector
1.6
Features of the OID Connector
1.6.1
Dependent Lookup Fields
1.6.2
Full and Incremental Reconciliation
1.6.3
Limited Reconciliation
1.6.4
Transformation and Validation of Account Data
1.6.5
Support for the Connector Server
1.6.6
Support for High-Availability Configuration of the Target System
1.6.7
Support for Bulk Update of Attributes
1.6.8
Reconciliation of Deleted User Records
1.6.9
Reconciliation of Deleted Groups, Roles, and Organizations
1.6.10
Connection Pooling
1.6.11
Support for Groovy Scripts
1.7
Security Considerations for the Connector
1.7.1
Secure Communication to the Target System
1.7.2
Administrator Account for the Target System
1.8
Lookup Definitions Used During Reconciliation and Provisioning
1.8.1
Lookup Definitions Synchronized with the Target System
1.8.2
Preconfigured Lookup Definitions for Languages
1.9
Connector Objects Used During Target Resource Reconciliation
1.9.1
User Fields for Target Resource Reconciliation
1.9.2
Group Fields for Reconciliation
1.9.3
Role Fields for Reconciliation
1.9.4
Organizational Unit (OU) Fields for Reconciliation
1.9.5
Reconciliation Rules for Target Resource Reconciliation
1.9.5.1
About Reconciliation Rules for Target Resource Reconciliation
1.9.5.2
Viewing the Reconciliation Rule for Target Resource Reconciliation
1.9.6
Reconciliation Action Rules for Target Resource Reconciliation
1.9.6.1
About Reconciliation Actions Rules for Target Resource Reconciliation
1.9.6.2
Viewing Reconciliation Actions Rules for Target Resource Reconciliation
1.10
Connector Objects Used During Provisioning
1.10.1
Provisioning Functions
1.10.2
User Fields for Provisioning
1.10.2.1
User Fields for Provisioning an ODSEE Target System
1.10.2.2
User Fields for Provisioning an OUD Target System
1.10.2.3
User Fields for Provisioning an OID Target System
1.10.2.4
User Fields for Provisioning an eDirectory Target System
1.10.3
Group Fields for Provisioning
1.10.4
Role Fields for Provisioning
1.10.5
Organizational Unit Fields for Provisioning
1.11
Connector Objects Used During Trusted Source Reconciliation
1.11.1
User Fields for Trusted Source Reconciliation
1.11.2
Reconciliation Rule for Trusted Source Reconciliation
1.11.2.1
About Reconciliation Rule for Trusted Source Reconciliation
1.11.2.2
Viewing Reconciliation Rules for Trusted Source Reconciliation
1.11.3
Reconciliation Action Rules for Trusted Source Reconciliation
1.11.3.1
About Reconciliation Action Rules for Trusted Source Reconciliation
1.11.3.2
Viewing Reconciliation Action Rules for Trusted Source Reconciliation
1.12
Roadmap for Deploying and Using the Connector
2
Deploying the Connector
2.1
Preinstallation
2.1.1
Preinstallation on the Target System
2.1.2
Installing and Configuring the Connector Server
2.1.2.1
About Installing and Configuring the Connector Server
2.1.2.2
Installing and Configuring the Java Connector Server
2.1.3
Running the Connector Server
2.1.3.1
Running the Connector Server on UNIX and Linux Systems
2.1.3.2
Running the Connector Server on Microsoft Windows Systems
2.1.4
Configuring SSL for the Connector
2.1.4.1
Configuring SSL on the Target System
2.1.4.2
Configuring the Connector Server for SSL
2.1.4.3
Configuring Oracle Identity Manager for SSL
2.1.5
Enabling Logging for the Connector
2.1.5.1
Enabling Logging on Oracle Identity Manager
2.1.5.1.1
About Enabling Logging on Oracle Identity Manager
2.1.5.1.2
Enabling Logging on Oracle WebLogic Server
2.1.5.2
Enabling Logging on the Connector Server
2.1.5.2.1
About Enabling Logging on the Connector Server
2.1.5.2.2
Enabling Logging for the Connector Server
2.2
Installation
2.2.1
Installing the Connector in Oracle Identity Manager
2.2.1.1
Running the Connector Installer
2.2.1.2
Configuring the IT Resource for the Target System
2.2.2
Installing the Connector in the Connector Server
2.3
Postinstallation
2.3.1
Postinstallation on Oracle Identity Manager
2.3.1.1
Configuring Oracle Identity Manager 11.1.2 or Later
2.3.1.1.1
Creating and Activating a Sandbox
2.3.1.1.2
Creating a New UI Form
2.3.1.1.3
Creating an Application Instance
2.3.1.1.4
Publishing a Sandbox
2.3.1.1.5
Harvesting Entitlements and Sync Catalog
2.3.1.2
Localizing Field Labels in UI Forms
2.3.1.3
Clearing Content Related to Connector Resource Bundles from the Server Cache
2.3.1.4
Setting up the Lookup Definition for Connection Pooling
2.3.1.4.1
Connection Pooling Properties
2.3.1.4.2
Modifying the Connection Pooling Properties
2.3.1.5
Setting Up the OID Configuration Lookup Definition for LDAP Operation Timeouts
2.3.1.6
Configuring Oracle Identity Manager for Request-Based Provisioning
2.3.1.6.1
About Request-Based Provisioning
2.3.1.6.2
Copying Predefined Request Datasets
2.3.1.6.3
Importing Request Datasets
2.3.1.6.4
Enabling the Auto Save Form Feature
2.3.1.6.5
Running the PurgeCache Utility
2.3.2
Creating the IT Resource for the Connector Server
2.4
Uninstalling the Connector
2.5
Upgrading the Connector
2.5.1
Preupgrade Steps
2.5.2
Upgrade Steps
2.5.3
Postupgrade Steps
2.5.4
Running the Form Version Control (FVC) Utility to Migrate eDirectory Forms
2.6
Postcloning Steps
2.6.1
About Postcloning Steps
2.6.2
Postcloning Configuration for User Accounts
3
Using the Connector
3.1
Guidelines on Using the Connector
3.1.1
Guidelines on Configuring Reconciliation
3.1.2
Guidelines on Performing Provisioning Operations
3.2
Scheduled Jobs for Lookup Field Synchronization
3.2.1
Scheduled Jobs for Lookup Field Synchronization for ODSEE
3.2.2
Scheduled Jobs for Lookup Field Synchronization for Oracle Internet Directory
3.2.3
Scheduled Jobs for Lookup Field Synchronization for Novell eDirectory
3.2.4
Scheduled Job Attributes
3.3
Configuring Reconciliation
3.3.1
Full Reconciliation and Incremental Reconciliation
3.3.2
Limited Reconciliation
3.3.2.1
Limited Reconciliation By Using Filters
3.3.2.2
Limited Reconciliation Based on Group Membership
3.3.3
Reconciliation Scheduled Jobs
3.3.3.1
Scheduled Jobs for Reconciliation of User Records
3.3.3.1.1
About Scheduled Jobs for Reconciliation of User Records
3.3.3.1.2
LDAP Connector User Search Reconciliation
3.3.3.1.3
LDAP Connector User Sync Reconciliation
3.3.3.1.4
LDAP Connector Trusted User Reconciliation
3.3.3.2
Scheduled Jobs for Reconciliation of Deleted User Records
3.3.3.3
Scheduled Jobs for Reconciliation of Groups, OUs, and Roles
3.3.3.3.1
About Scheduled Jobs for Reconciliation of Groups, OUs, and Roles
3.3.3.3.2
LDAP Connector Group Search Reconciliation, LDAP Connector OU Search Reconciliation, and LDAP Connector Role Search Reconciliation Scheduled Jobs
3.3.3.3.3
LDAP Connector Group Sync Reconciliation, LDAP Connector OU Sync Reconciliation, and LDAP Connector Role Sync Reconciliation Scheduled Jobs
3.3.3.4
Scheduled Jobs for Reconciliation of Deleted Groups, OUs, and Roles
3.4
Configuring Scheduled Jobs
3.4.1
Configuring a Scheduled Job
3.4.2
Configuring the Search Base and Search Scope in Scheduled Jobs and Tasks
3.4.2.1
Exporting the Scheduled Job and Task
3.4.2.2
Adding Additional Parameters to the Job and Task
3.4.2.3
Importing the Updated XML
3.5
Performing Provisioning Operations in Oracle Identity Manager Release 11.1.1.
x
3.5.1
About Provisioning Operation in Oracle Identity Manager
3.5.2
Direct Provisioning
3.5.3
Direct Provisioning for Groups, Roles, and Organizations
3.5.4
Request-Based Provisioning
3.5.4.1
End User's Role in Request-Based Provisioning
3.5.4.2
Approver's Role in Request-Based Provisioning
3.5.5
Switching Between Request-Based Provisioning and Direct Provisioning
3.5.5.1
Switching From Request-Based to Direct Provisioning
3.5.5.2
Switching From DIrect to Request-Based Provisioning
3.6
Performing Provisioning Operations in Oracle Identity Manager Release 11.1.2 or Later
3.7
Uninstalling the Connector
4
Using the Connector with Oracle Directory Server Enterprise Edition
4.1
Configuring Secure Communications
4.2
Preconfigured Lookup Definitions for an ODSEE Target System
4.2.1
Lookup.LDAP.Configuration
4.2.2
Lookup.LDAP.Configuration.Trusted
4.2.3
Preconfigured Lookup Definitions for User Operations
4.2.3.1
Lookup.LDAP.UM.Configuration
4.2.3.2
Lookup.LDAP.UM.Configuration.Trusted
4.2.3.3
Lookup.LDAP.UM.ProvAttrMap
4.2.3.4
Lookup.LDAP.UM.ReconAttrMap
4.2.3.5
Lookup.LDAP.UM.ProvValidation
4.2.3.6
Lookup.LDAP.UM.ReconTransformation
4.2.3.7
Lookup.LDAP.UM.ReconValidation
4.2.3.8
Lookup.LDAP.UM.ReconAttrMap.Trusted
4.2.3.9
Lookup.LDAP.UM.TrustedDefaults
4.2.4
Preconfigured Lookup Definitions for Group Operations
4.2.4.1
Lookup.LDAP.Group.Configuration
4.2.4.2
Lookup.LDAP.Group.ProvAttrMap
4.2.4.3
Lookup.LDAP.Group.ReconAttrMap
4.2.5
Preconfigured Lookup Definitions for Organizational Unit Operations
4.2.5.1
Lookup.LDAP.OU.Configuration
4.2.5.2
Lookup.LDAP.OU.ProvAttrMap
4.2.5.3
Lookup.LDAP.OU.ReconAttrMap
4.2.6
Preconfigured Lookup Definitions for Role Operations
4.2.6.1
Lookup.LDAP.Role.Configuration
4.2.6.2
Lookup.LDAP.Role.ProvAttrMap
4.2.6.3
Lookup.LDAP.Role.ReconAttrMap
4.3
Reconciling ODSEE Users Under Their Corresponding Organizations in Oracle Identity Manager
4.4
Reconciling ODSEE Groups and Roles Under One Organization in Oracle Identity Manager
4.4.1
Reconciling ODSEE Groups Under One Organization
4.4.2
Reconciling ODSEE Roles Under One Organization
5
Using the Connector with Oracle Unified Directory
5.1
Configuring Secure Communications
5.2
Preconfigured Lookup Definitions for an OUD Target System
5.2.1
Lookup.LDAP.OUD.Configuration
5.2.2
Lookup.LDAP.OUD.Configuration.Trusted
5.2.3
Preconfigured Lookup Definitions for User Operations
5.2.3.1
Lookup.LDAP.UM.Configuration
5.2.3.2
Lookup.LDAP.UM.Configuration.Trusted
5.2.3.3
Lookup.LDAP.UM.ProvAttrMap
5.2.3.4
Lookup.LDAP.UM.ReconAttrMap
5.2.3.5
Lookup.LDAP.UM.ProvValidation
5.2.3.6
Lookup.LDAP.UM.ReconTransformation
5.2.3.7
Lookup.LDAP.UM.ReconValidation
5.2.3.8
Lookup.LDAP.UM.ReconAttrMap.Trusted
5.2.3.9
Lookup.LDAP.UM.TrustedDefaults
5.2.4
Preconfigured Lookup Definitions for Group Operations
5.2.4.1
Lookup.LDAP.Group.Configuration
5.2.4.2
Lookup.LDAP.Group.ProvAttrMap
5.2.4.3
Lookup.LDAP.Group.ReconAttrMap
5.2.5
Preconfigured Lookup Definitions for Organizational Unit Operations
5.2.5.1
Lookup.LDAP.OU.Configuration
5.2.5.2
Lookup.LDAP.OU.ProvAttrMap
5.2.5.3
Lookup.LDAP.OU.ReconAttrMap
5.3
Reconciling OUD Users Under Their Corresponding Organizations in Oracle Identity Manager
5.4
Reconciling OUD Groups Under One Organization in Oracle Identity Manager
5.5
Reconciling Newly Created Objects for an OUD Target System
5.6
Guidelines on Using the Connector for Dynamic and Virtual Static Groups
6
Using the Connector with Oracle Internet Directory
6.1
Configuring Secure Communication
6.2
Preconfigured Lookup Definitions for an OID Target System
6.2.1
Lookup.OID.Configuration
6.2.2
Lookup.OID.Configuration.Trusted
6.2.3
Preconfigured Lookup Definitions for User Operations
6.2.3.1
Lookup.OID.UM.Configuration
6.2.3.2
Lookup.OID.UM.Configuration.Trusted
6.2.3.3
Lookup.OID.UM.ProvAttrMap
6.2.3.4
Lookup.OID.UM.ReconAttrMap
6.2.3.5
Lookup.OID.UM.ReconAttrMap.Trusted
6.2.3.6
Lookup.OID.UM.TrustedDefaults
6.2.4
Preconfigured Lookup Definitions for Group Operations
6.2.4.1
Lookup.OID.Group.Configuration
6.2.4.2
Lookup.OID.Group.ProvAttrMap
6.2.4.3
Lookup.OID.Group.ReconAttrMap
6.2.5
Preconfigured Lookup Definitions for Organizational Unit Operations
6.2.5.1
Lookup.OID.OU.Configuration
6.2.5.2
Lookup.OID.OU.ProvAttrMap
6.2.5.3
Lookup.OID.OU.ReconAttrMap
6.3
Reconciling OID Users Under Their Corresponding Organizations in Oracle Identity Manager
6.4
Reconciling OID Groups Under One Organization in Oracle Identity Manager
7
Using the Connector with Novell eDirectory
7.1
Configuring Secure Communications
7.2
Provisioning an eDirectory Target System
7.2.1
User Fields for Provisioning an eDirectory Target System
7.2.2
Group Fields for Provisioning an eDirectory Target System
7.2.3
Role Fields for Provisioning an eDirectory Target System
7.2.4
Organizational Unit (OU) Fields for Provisioning an eDirectory Target System
7.3
Performing Reconciliation for an eDirectory Target System
7.3.1
Trusted Reconciliation Fields for an eDirectory Target System
7.3.2
Reconciliation Rules for Target Resource Reconciliation
7.3.2.1
About Rules for Target Resource Reconciliation
7.3.2.2
Viewing the Reconciliation Rule for Target Resource Reconciliation
7.3.3
Reconciling eDirectory Users Under Their Corresponding Organizations in Oracle Identity Manager
7.3.4
Reconciling eDirectory Groups and Roles Under One Organization in Oracle Identity Manager
7.3.4.1
Reconciling eDirectory Groups Under One Organization
7.3.4.2
Reconciling eDirectory Roles Under One Organization
7.4
Preconfigured Lookup Definitions for an eDirectory Target System
7.4.1
Lookup.EDIR.Configuration
7.4.2
Lookup.EDIR.CommLang
7.4.3
Preconfigured Lookup Definitions for User Operations
7.4.3.1
Lookup.EDIR.UM.Configuration
7.4.3.2
Lookup.EDIR.UM.ProvAttrMap
7.4.3.3
Lookup.EDIR.UM.ReconAttrMap
7.4.3.4
Other Lookup Definitions
7.4.4
Preconfigured Lookup Definitions for Group Operations
7.4.4.1
Lookup.EDIR.Group.Configuration
7.4.4.2
Lookup.EDIR.Group.ProvAttrMap
7.4.4.3
Lookup.EDIR.Group.ReconAttrMap
7.4.5
Preconfigured Lookup Definitions for Role Operations
7.4.5.1
Lookup.EDIR.Role.Configuration
7.4.5.2
Lookup.EDIR.Role.ProvAttrMap
7.4.5.3
Lookup.EDIR.Role.ReconAttrMap
7.4.6
Preconfigured Lookup Definitions for Organizational Unit Operations
7.4.6.1
Lookup.EDIR.OU.Configuration
7.4.6.2
Lookup.EDIR.OU.ProvAttrMap
7.4.6.3
Lookup.EDIR.OU.ReconAttrMap
7.4.7
Preconfigured Lookup Definitions for Trusted Configuration Operations
7.4.7.1
Lookup.EDIR.Configuration.Trusted
7.4.7.2
Lookup.EDIR.UM.Configuration.Trusted
7.4.7.3
Lookup.EDIR.UM.ExclusionList.Trusted
7.4.7.4
Lookup.EDIR.UM.ReconAttrMap.Trusted
7.4.7.5
Lookup.EDIR.UM.ReconTransformations.Trusted
7.4.7.6
Lookup.EDIR.UM.ReconDefaults.Trusted
8
Using the Connector with an LDAPv3 Compliant Directory
8.1
Configuring Secure Communication
8.2
Creating a New IT Resource Instance
8.3
Configuring the Connector for OpenLDAP Server
8.3.1
Main Configuration Lookup
8.3.1.1
Organizational Unit (OU) Lookup Reconciliation
8.3.1.2
Group Lookup Reconciliation
8.3.2
User Provisioning
8.3.2.1
About User Provisioning With OpenLDAP
8.3.2.2
Using the Enable/Disable Feature with OpenLDAP
8.3.3
Group Provisioning
8.3.4
Organizational Unit (OU) Provisioning
8.3.5
User Search Reconciliation
8.3.5.1
About User Search Reconciliation
8.3.5.2
User Search Delete Reconciliation
8.3.5.3
Trusted User Reconciliation
8.3.5.4
Trusted User Delete Reconciliation
8.3.5.5
Group Search Reconciliation
8.3.5.6
Group Search Delete Reconciliation
8.3.5.7
OU Search Reconciliation
8.3.5.8
OU Search Delete Reconciliation
8.3.5.9
Unused Reconciliation Jobs
9
Extending the Functionality of the Connector
9.1
Adding Custom Fields for Target Resource Reconciliation
9.1.1
Adding the Custom Field to Resource Object Reconciliation Fields
9.1.2
Creating an Entry for the Custom Field in the Lookup Definition for Reconciliation
9.1.3
Adding the Custom Field on the Process Form
9.1.4
Associating a New Form With the Application Instance
9.1.5
Creating a Reconciliation Field Mapping for the Custom Field in the Provisioning Process
9.1.6
Creating the Reconciliation Profile
9.2
Adding New Multivalued Fields for Target Resource Reconciliation
9.2.1
Creating a Form for the Multivalued Field
9.2.2
Adding the Form as a Child Form of the Process Form
9.2.3
Associating a New Form With the Application Instance
9.2.4
Adding the New Multivalued Field to the Resource Object Reconciliation Fields
9.2.5
Creating an Entry for the Field in the Lookup Definition for Reconciliation
9.2.6
Creating a Reconciliation Field Mapping for the New Field
9.3
Adding Custom Fields for Provisioning
9.3.1
Adding the new Field to the Process Form
9.3.2
Associating a New Form With the Application Instance
9.3.3
Creating an Entry for the Field in the Lookup Definition for Provisioning
9.3.4
Enabling Update Provisioning Operations on the Custom Field
9.3.5
Updating the Request Dataset
9.3.6
Running the PurgeCache Utility and Importing the Request Dataset Definition to MDS
9.4
Adding New Multivalued Fields for Provisioning
9.4.1
Creating an Entry for the Field in the Lookup Definition for Provisioning
9.4.2
Adding the Task for Provisioning Multivalued Attributes in the Process Definition
9.4.2.1
Updating the Process Definition
9.4.2.2
Selecting the Adapter
9.4.2.3
Creating the Adapter Variables Mapping
9.4.2.4
Updating the Process Tasks
9.4.3
Updating the Request Dataset
9.4.4
Running the PurgeCache Utility and Importing the Request Dataset Definition to MDS
9.5
Adding New Fields for Trusted Source Reconciliation
9.5.1
Adding the New Field on the OIM User Process Form
9.5.2
Adding the New Field to the Resource Object Reconciliation Fields
9.5.3
Creating a Reconciliation Field Mapping
9.5.4
Creating an Entry for the Field in the Lookup Definition for Reconciliation
9.6
Configuring Transformation of Data During Reconciliation
9.7
Configuring Validation of Data During Reconciliation and Provisioning
9.8
Configuring the Connector for User-Defined Object Classes
9.9
Configuring the Connector to Use Custom Object Classes
9.10
Configuring the Connector for Multiple Trusted Source Reconciliation
9.11
Configuring the Connector to Support POSIX Groups and Accounts
9.12
Configuring the Connector to Support Provisioning of Custom Object Classes while Provisioning Organizational Unit
9.12.1
Modifying the Configuration Lookup Definition
9.12.2
About Adding Custom Object Classes
10
Troubleshooting
11
Known Issues and Workarounds
11.1
Failure in Provisioning a User with a Backslash
11.2
Incremental User Sync Reconciliation Does not Function as Expected
A
Files and Directories on the OID Connector Installation Media
Scripting on this page enhances content navigation, but does not change the content in any way.