Understanding the Oracle Provisioning Event Engine

17 Understanding the Oracle Provisioning Event Engine

The Oracle provisioning event engine sends events, depending on the operation performed on the user entries in back-end directory.

Topics:

17.1 What Are the Oracle Provisioning Events?

The Oracle provisioning event engine sends USER_ADD, USER_MODIFY and USER_DELETE events, depending on the operation performed on the user entries in back-end directory. Because the user will be represented by multiple entries containing base user and application-specific user information, applications can subscribe to all of the attributes in the event.

The user events are also sent when a base entry or application entry is updated. However, no events are sent when an application entry is deleted because when an administrator requests the deprovisioning of a user from an application, a USER_MODIFY event is sent to the application with a provisioning status of DEPROVISIONING_REQUIRED. Once the application acknowledges the event by returning a value of SUCCESS, the application entry is deleted by the Oracle Directory Integration Platform.

To receive notification of provisioning status changes, an application must subscribe to the orclUserApplnProvStatus;Application_Name attribute. For example, to subscribe to the provisioning status change for an application named CORP_EMAIL, an application must subscribe to the orclUserApplnProvStatus;CORP-EMAIL attribute.

17.2 Working with the Oracle Provisioning Event Engine

The Oracle provisioning event engine generates events from add, modify, and delete operations that are performed on well-defined objects in the back-end directory. The Oracle provisioning event engine uses object definitions and event generation rules to generate events. This event generation model is extensible because it enables you to define custom objects and event generation rules.

The Oracle provisioning event-engine, object definitions, and event generation rules are discussed in these topics:

17.2.1 Create Custom Event Object Definitions

The Oracle provisioning event-engine provides properties that you can use to identify objects for which events can be generated.

Table 17-1 lists the properties that you can use to identify objects for which events can be generated.

Table 17-1 Event Object Properties

Property	Description
`ObjectName`	Assigns a unique name to identify the object
`ObjectCriteria`	Identifies the LDAP object class to use for identifying the object
`MustAttributeCriteria`	Provides any additional attributes that are required for identifying the object
`OptionalAttributeCriteria`	Provides any optional attributes that may be required for identifying the object
`FilterAttributeCriteria`	Lists the attributes that should not be sent during event propagation

Table 17-2 lists the predefined objects for which the Oracle provisioning event engine can generate events.

Table 17-2 Predefined Event Objects

Object Name	Valid Object Class Values
`Entry`	`*`
`User`	`orclUserV2`, `inetorgperson`
`Identity`	`orclUserV2`, `inetOrgPerson`
`Group`	`groupOfUniqueNames`, `orclGroup`, `orclPrivilegeGroup`, `groupOfNames`
`Subscription`	`orclServiceSubscriptionDetail`
`Subscriber`	`orclSubscriber`

Note:

The metadata for event objects is stored in the following container: cn=Object Definitions, cn=Directory Integration Platform,cn=Products,cn=OracleContext

17.2.2 Define Custom Event Generation Rules

You specify event generation rules in XML format.

The DTD for event generation rules is as follows:

<?xml version='1.0' ?>
  <!DOCTYPE EventRuleSet [ 
    <!ELEMENT ChangeType (#PCDATA)> 
    <!ELEMENT Rule  (#PCDATA)> 
    <!ELEMENT EventName  (#PCDATA)> 
    <!ELEMENT ResEvent (Rule*, EventName)> 
    <!ELEMENT EventRule (ChangeType, ResEvent*)>
    <!ELEMENT EventRuleSet (EventRule*) >
  ]>

The element definitions in the preceding DTD are as follows:

The EventRuleSet root element identifies a set of event rules for an individual event object
The EventRuleSet root element contains a list of EventRule elements
Each EventRule element depends on the value assigned to the ChangeType element.
The ChangeType and Rule elements determine the event name to be propagated to an application

Table 17-3 lists the event definitions that are supported by the Oracle provisioning event engine.

Table 17-3 Supported Event Definitions

Object Name	Change Type	Rule	Event Name
`USER`	Add	`OrclApplnUserProvStatus=PENDING_UPGRADE`	`USER_ADD`
`USER`	Add	`OrclApplnUserProvStatus=PROVISIONING_REQUIRED`	`USER_ADD`
`USER`	Modify	`OrclApplnUserProvStatus= PENDING_UPGRADE`	`USER_ADD`
`USER`		`OrclApplnUserProvStatus=PROVISIONING_REQUIRED`	`USER_ADD`
`USER`		`OrclApplnUserProvStatus=PROVISIONING_FAILURE`	`USER_ADD`
`USER`		`OrclApplnUserProvStatus=DEPROVISIONING_REQUIRED`	`USER_MODIFY`
`USER`		`OrclApplnUserProvStatus=PROVISIONING_IN_PROGRESS`	`USER_MODIFY`
`USER`		`OrclApplnUserProvStatus=PROVISIONING_SUCCESSFUL`	`USER_MODIFY`
`USER`
`USER`	Delete	`OrclApplnUserProvStatus=PROVISIONING_IN_PROGRESS`	`USER_DELETE`
`USER`		`OrclApplnUserProvStatus=PROVISIONING_SUCCESSFUL`	`USER_DELETE`
`USER`		`OrclApplnUserProvStatus=DEPROVISIONING_REQUIRED`
`GROUP`	Add		`GROUP_ADD`
`GROUP`	Modify		`GROUP_MODIFY`
`GROUP`	Delete		`GROUP_DELETE`
`IDENTITY`	Add		`IDENTITY_ADD`
`IDENTITY`	Modify		`IDENTITY_MODIFY`
`IDENTITY`	Delete		`IDENTITY_DELETE`
`ENTRY`	Add		`ENTRY_ADD`
`IDENTITY`	Modify		`ENTRY_MODIFY`
`IDENTITY`	Delete		`ENTRY_DELETE`
`SUBSCRIPTION`	Add		`SUBSCRIPTION_ADD`
`SUBSCRIPTION`	Modify		`SUBSCRIPTION_MODIFY`
`SUBSCRIPTION`	Delete		`SUBSCRIPTION_DELETE`
`SUBSCRIBER`	Add		`SUBSCRIBER_ADD`
`SUBSCRIBER`	Modify		`SUBSCRIBER_MODIFY`
`SUBSCRIBER`	Delete		`SUBSCRIBER_DELETE`

Note:

The metadata for supported event objects is stored in the following container: cn=Event Definitions, cn=Directory Integration Platform,cn=Products,cn=OracleContext.