17 Understanding the Oracle Provisioning Event Engine
The Oracle provisioning event engine sends events, depending on the operation performed on the user entries in back-end directory.
Topics:
17.1 What Are the Oracle Provisioning Events?
The Oracle provisioning event engine sends USER_ADD
, USER_MODIFY
and USER_DELETE
events, depending on the operation performed on the user entries in back-end directory. Because the user will be represented by multiple entries containing base user and application-specific user information, applications can subscribe to all of the attributes in the event.
The user events are also sent when a base entry or application entry is updated. However, no events are sent when an application entry is deleted because when an administrator requests the deprovisioning of a user from an application, a USER_MODIFY
event is sent to the application with a provisioning status of DEPROVISIONING_REQUIRED
. Once the application acknowledges the event by returning a value of SUCCESS
, the application entry is deleted by the Oracle Directory Integration Platform.
To receive notification of provisioning status changes, an application must subscribe to the orclUserApplnProvStatus;
Application_Name
attribute. For example, to subscribe to the provisioning status change for an application named CORP_EMAIL, an application must subscribe to the orclUserApplnProvStatus;CORP-EMAIL
attribute.
17.2 Working with the Oracle Provisioning Event Engine
The Oracle provisioning event engine generates events from add, modify, and delete operations that are performed on well-defined objects in the back-end directory. The Oracle provisioning event engine uses object definitions and event generation rules to generate events. This event generation model is extensible because it enables you to define custom objects and event generation rules.
The Oracle provisioning event-engine, object definitions, and event generation rules are discussed in these topics:
17.2.1 Create Custom Event Object Definitions
The Oracle provisioning event-engine provides properties that you can use to identify objects for which events can be generated.
Table 17-1 lists the properties that you can use to identify objects for which events can be generated.
Table 17-1 Event Object Properties
Property | Description |
---|---|
|
Assigns a unique name to identify the object |
|
Identifies the LDAP object class to use for identifying the object |
|
Provides any additional attributes that are required for identifying the object |
|
Provides any optional attributes that may be required for identifying the object |
|
Lists the attributes that should not be sent during event propagation |
Table 17-2 lists the predefined objects for which the Oracle provisioning event engine can generate events.
Table 17-2 Predefined Event Objects
Object Name | Valid Object Class Values |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
Note:
The metadata for event objects is stored in the following container: cn=Object Definitions, cn=Directory Integration Platform,cn=Products,cn=OracleContext
17.2.2 Define Custom Event Generation Rules
You specify event generation rules in XML format.
The DTD for event generation rules is as follows:
<?xml version='1.0' ?> <!DOCTYPE EventRuleSet [ <!ELEMENT ChangeType (#PCDATA)> <!ELEMENT Rule (#PCDATA)> <!ELEMENT EventName (#PCDATA)> <!ELEMENT ResEvent (Rule*, EventName)> <!ELEMENT EventRule (ChangeType, ResEvent*)> <!ELEMENT EventRuleSet (EventRule*) > ]>
The element definitions in the preceding DTD are as follows:
-
The
EventRuleSet
root element identifies a set of event rules for an individual event object -
The
EventRuleSet
root element contains a list ofEventRule
elements -
Each
EventRule
element depends on the value assigned to theChangeType
element. -
The
ChangeType
andRule
elements determine the event name to be propagated to an application
Table 17-3 lists the event definitions that are supported by the Oracle provisioning event engine.
Table 17-3 Supported Event Definitions
Object Name | Change Type | Rule | Event Name |
---|---|---|---|
|
Add |
|
|
|
Add |
|
|
|
Modify |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
Delete |
|
|
|
|
|
|
|
|
||
|
Add |
|
|
|
Modify |
|
|
|
Delete |
|
|
|
Add |
|
|
|
Modify |
|
|
|
Delete |
|
|
|
Add |
|
|
|
Modify |
|
|
|
Delete |
|
|
|
Add |
|
|
|
Modify |
|
|
|
Delete |
|
|
|
Add |
|
|
|
Modify |
|
|
|
Delete |
|
Note:
The metadata for supported event objects is stored in the following container: cn=Event Definitions, cn=Directory Integration Platform,cn=Products,cn=OracleContext
.