Configure a Database Adaptor
Follow these steps to configure a database adaptor to make the database appear like an LDAP server. This enables the virtualized identity store provider to retrieve user profile information from a database using the database adapter.
This task shows how to edit and apply adapter templates that specify how to use your database tables as an identity store. The example given here is for the sample schema that is used throughout Configure a Database as the Authentication Provider.
When customizing the adapter_template_usergroup1.xml file, map the elements by matching the classes and attributes used in a virtual LDAP schema with the columns in your database. The virtual schema is the same as that of WebLogic Embedded LDAP, you can map database columns to any of the attributes shown in the table.
The following is the schema file example:
<?xml version = '1.0' encoding = 'UTF-8'?>
<adapters schvers="303" version="1" xmlns="http://www.octetstring.com/schemas/Adapters" xmlns:adapters="http://www.w3.org/2001/XMLSchema-instance">
<dataBase id="directoryType" version="0">
<root>%ROOT%</root>
<active>true</active>
<serverType>directoryType</serverType>
<routing>
<critical>true</critical>
<priority>50</priority>
<inclusionFilter/>
<exclusionFilter/>
<plugin/>
<retrieve/>
<store/>
<visible>Yes</visible>
<levels>-1</levels>
<bind>true</bind>
<bind-adapters/>
<views/>
<dnpattern/>
</routing>
<pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins">
<plugins>
<plugin>
<name>DBGUID</name>
<class>oracle.ods.virtualization.engine.chain.plugins.dbguid.DBGuidPlugin</class>
<initParams>
<param name="guidAtribute" value="orclguid"/>
</initParams>
</plugin>
</plugins>
<default>
<plugin name="DBGUID"/>
</default>
<add/>
<bind/>
<delete/>
<get/>
<modify/>
<rename/>
</pluginChains>
<driver>oracle.jdbc.driver.OracleDriver</driver>
<url>%URL%</url>
<user>%USER%</user>
<password>%PASSWORD%</password>
<ignoreObjectClassOnModify>false</ignoreObjectClassOnModify>
<includeInheritedObjectClasses>true</includeInheritedObjectClasses>
<maxConnections>10</maxConnections>
<mapping>
<joins/>
<objectClass name="person" rdn="cn">
<attribute ldap="cn" table="USER_VW" field="U_NAME" type=""/>
<attribute ldap="uid" table="USER_VW" field="U_NAME" type=""/>
<attribute ldap="usernameattr" table="USER_VW" field="U_NAME" type=""/>
<attribute ldap="loginid" table="USER_VW" field="U_NAME" type=""/>
<attribute ldap="description" table="USER_VW" field="U_NAME" type=""/>
<attribute ldap="orclguid" table="USER_VW" field="GUID" type=""/>
</objectClass>
</mapping>
<useCaseInsensitiveSearch>true</useCaseInsensitiveSearch>
<connectionWaitTimeout>10</connectionWaitTimeout>
<oracleNetConnectTimeout>0</oracleNetConnectTimeout>
<validateConnection>false</validateConnection>
</dataBase>
</adapters>In the <objectClass> element:
-
The
name="person"andrdn="cn"values declare the mapping of the LDAPpersonobject class. -
The
cnattribute is used as its Relative Distinguished Name (RDN). -
The child elements declare the LDAP attributes mapping to tables and columns in the database, for example:
The line
<attribute ldap="uid" table="USER_VW" field="USER_ID" type=""/>maps theUSER_IDfield of theUSER_VWtable to the standard LDAP attributeuid, a unique user id for each user. -
The
USER_VWview should have aGUIDcolumn to match theorclguidattribute mapped toGUIDcolumn inadapter_template_usergroup1.xml, for example:You could CREATE or REPLACE VIEW USER_VW as the following:
SELECT U_NAME, MAIL_ADDRESS, U_PASSWORD, U_DESCRIPTION, RPAD(U_NAME, 16, '0') AS GUID FROM USERS;
| Attribute | Example |
|---|---|
|
description |
John Doe |
|
cn |
john.doe |
|
uid |
john.doe |
|
sn |
Doe |
|
userpassword |
password |
|
displayName |
John Doe |
|
employeeNumber |
12345 |
|
employeeType |
Regular |
|
givenName |
John |
|
homePhone |
650-555-1212 |
|
|
john.doe@example.com |
|
title |
Manager |
|
manager |
uid=mary.jones,ou=people,ou=myrealm,dc=wc_domain |
|
preferredLanguage |
en |
|
departmentNumber |
tools |
|
facsimiletelephonenumber |
650-555-1200 |
|
mobile |
650-500-1200 |
|
pager |
650-400-1200 |
|
telephoneNumber |
650-506-1212 |
|
postaladdress |
200 Oracle Parkway |
|
l |
Redwood Shores |
|
homepostaladdress |
123 Main St., Anytown 12345 |
You map groups using the same method as you used for mapping a person. When mapping groups, in the <objectClass name="groupofuniquenames" ...> element, define the unique member for a group. The %uniquemember% value is a placeholder for a value that is passed in at runtime during the look up to determine if the user is a member of a group. The only aspect of this element you might want to change is the specification of the root for your users. The %uniquemember% value matches the root of your user population when you run the libovdadapterconfig script.
The groupofuniquenames object class specifies how group attributes are mapped to database fields and as with the user, the attributes correspond to the defaults in WebLogic Embedded LDAP. You must map the following attributes:
-
cnmaps to a unique name for your group. -
uniquemembermaps to the unique name for your user in the user/group mapping table in your database schema. -
orclguidmaps to a unique id, if available in your database schema.
Mapping the description attribute is optional.