1. Configuring the UNIX Application
  2. Extending the Functionality of the UNIX Connector

6 Extending the Functionality of the UNIX Connector

You can extend the functionality of the connector to address your specific business requirements.

6.1 Configuring the Connector for a New Target System

You can configure the connector to support an additional flavor of UNIX.

Note:

Perform this procedure only if you want to configure the connector for an additional flavor of UNIX other than the target systems listed in Certified Components.

By default, the connector uses pre-configured scripts to support Linux, Solaris, AIX, and HP-UX.

The scripts are available in the connector bundle JAR file. You can download the bundle from Oracle Identity Governance database using the DownloadJars utility in OIM_HOME/ bin directory or from the installation media. If you are using Connector Server, then you can copy the bundle from CONNECTOR_SERVER_HOME/ bundles directory.

You can add similar scripts with similar directory structure to support an additional flavor of UNIX. For example, you can add connector support for a target system with BSD/OS flavor of UNIX. To do so:

  1. Create the following directories, which will be packaged into the connector bundle JAR:

    scripts/bsdos/nonsudo/

    scripts/bsdos/sudo/

  2. Create the following scripts for sudo and non-sudo authentication types. Then, drop them in the corresponding directories created in the previous step.

    Note:

    It is recommended that the script files have read-only permissions.

    Table 6-1 Custom Scripts to Support New Flavor of UNIX Target System

    Script Name Description

    CreateNativeUser.txt

    Create a user on target

    DeleteNativeUser.txt

    Delete a user from target

    FetchAllGroupRecords.txt

    For group lookup reconciliation

    FetchAllUserRecords.txt

    For full user reconciliation

    FetchAllShellRecords.txt

    For Shell lookup reconciliation

    FetchSingleUserRecord.txt

    Get one user

    NativeUserIncrementalRecon.txt

    Used by SyncOp for incremental reconciliation

    UpdateNativeUser.txt

    For user updates
  3. Create and update the ScriptProperties.properties file with details of all the scripts.

    The values should be paths to the new scripts. See the scripts/linux/ScriptProperties.properties file for sample values. For example:

    CREATE_USER_SCRIPT=scripts/bsdos/sudo/CreateNativeUser.txt
DELETE_USER_SCRIPT=scripts/bsdos/sudo/DeleteNativeUser.txt
FETCH_SINGLE_USER=scripts/bsdos/sudo/FetchSingleUserRecord.txt
FETCH_FULL_RECON_SCRIPT=scripts/bsdos/sudo/FetchAllUserRecords.txt
INCREMENTAL_RECON_SCRIPT=scripts/bsdos/sudo/NativeUserIncrementalRecon.txt
  4. Ensure that the values returned by the scripts are appropriate format, as expected by the bundle. See scripts/linux/ for sample scripts.
  5. Create and update the ResponseMapping.properties file in the scripts/bsdos directory.

    The ResponseMapping.properties file contains mapping between the message to be expected and the exception class with which the message has to be wrapped and thrown. See the scripts/linux/ResponseMapping.properties file for sample values. For example:

    User already exists=org.identityconnectors.framework.common.exceptions.AlreadyExistsException
Group already exists=org.identityconnectors.framework.common.exceptions.AlreadyExistsException
  6. Run the following command to update the bundle JAR file with the new scripts:
    jar uvf org.identityconnectors.genericunix-1.0.0.jar scripts/bsdos/
  7. In the PropertyFileName basic configuration parameter, specify the value of the path to the properties file.

    For example: scripts/bsdos/nonsudo/ScriptProperties.properties (for non-sudo authentication)

    See Basic Configuration Parameters for more information about the PropertyFileName parameter.

6.2 Configuring the Connector for Multiple Installations of the Target System

You must create copies of configurations of your base application to configure it for multiple installations of the target system.

The following example illustrates this requirement:

The London and New York offices of Example Multinational Inc. have their own installations of the target system, including independent schema for each. The company has recently installed Oracle Identity Governance, and they want to configure it to link all the installations of the target system.

To meet the requirement posed by such a scenario, you must clone your application which copies all configurations of the base application into the cloned application. For more information about cloning applications, see Cloning Applications in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

6.3 Configuring Transformation and Validation of Data

Configure transformation and validation of user account data by writing Groovy script logic while creating your application.

You can configure transformation of reconciled single-valued user data according to your requirements. For example, you can use First Name and Last Name values to create a value for the Full Name field in Oracle Identity Governance.

Similarly, you can configure validation of reconciled and provisioned single-valued data according to your requirements. For example, you can validate data fetched from the First Name attribute to ensure that it does not contain the number sign (#). In addition, you can validate data entered in the First Name field on the process form so that the number sign (#) is not sent to the target system during provisioning operations.

To configure transformation or validation of user account data, you must write Groovy scripts while creating your application. For more information about writing Groovy script-based validation and transformation logic, see Validation and Transformation of Provisioning and Reconciliation Attributes of Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

6.4 Configuring Action Scripts

You can configure Action Scripts by writing your own Groovy scripts while creating your application.

These scripts can be configured to run before or after the create, update, or delete an account provisioning operations. For example, you can configure a script to run before every user creation operation.

For information on adding or editing action scripts, see Updating the Provisioning Configuration in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance.

6.5 Updating the Scripts for Reconciliation After Editing Schema Attributes

The connector provides a default set of attribute mappings that are displayed on the Schema page as described in Attribute Mappings.

If you add to or edit the default attribute mappings for reconciliation, you must make corresponding updates to the attributes in the reconciliation scripts.

To update the reconciliation scripts:

  1. Copy or download the connector bundle JAR file.

    You can download the bundle from Oracle Identity Governance database using the DownloadJars utility in OIM_HOME/bin directory or from the installation media. If you are using Connector Server, then you can copy the bundle from CONNECTOR_SERVER_HOME/bundles directory.

  2. Extract the JAR file to edit the scripts.

    For example, to extract the script for Linux, non-sudo user for reconciliation, run the following command:

    jar xvf org.identityconnectors.genericunix-12.3.0.jar scripts/linux/nonsudo/FetchAllUserRecords.txt

    The FetchAllUserRecords.txt script is called when you run full reconciliation without the equalsTo filter. If you want, you can edit additional reconciliation scripts:

    • FetchSingleUserRecord.txt - this script is called when you run full reconciliation with the equalsTo filter.

    • NativeUserIncrementalRecon.txt - this script is called during incremental reconciliation.

  3. Open the script for editing.

    Note:

    You must have a good knowledge of bash scripts to edit the scripts. Before editing the scripts, you can create a backup of the original scripts.

    For example, if you have added the __GID__ attribute for reconciliation, you can construct a block for the __GID__ attribute similar to other blocks.

    Add the following line after line 9 starting with PGROUP to fetch the __GID__ field:

    __GID__=$( id -G $__NAME__ | cut -d' ' -f1);

    Add an entry to line 32 starting with RESULT as follows:

    RESULT=__NAME__:$__NAME__:__GID__:$__GID__:__ENABLE__:$ENABLE

    Add an entry to line 41 starting with unset as follows:

    unset inputline __NAME__ USID COMMENTS HOME_DIR USER_SHELL PGROUP secgrplist __GID__;

    See Also:

    Sample Scripts for Updating Default Attributes for Reconciliation for the original and updated FetchAllUserRecords.txt script

  4. Save the script and update the bundle as follows:
    jar uvf org.identityconnectors.genericunix-12.3.0.jar scripts/linux/nonsudo/FetchAllUserRecords.txt
  5. Replace the old bundle by using UpdateJars utility in OIM_HOME/bin directory.

    If you are using the Connector Server, stop it. Then, replace the JAR in the CONNECTOR_SERVER_HOME/bundles directory and restart the Connector Server.

6.6 Updating the Scripts for Provisioning After Editing Schema Attributes

The connector provides a default set of attribute mappings that are displayed on the Schema page as described in Attribute Mappings.

If you add to or edit the default attribute mappings for provisioning, you must make corresponding updates to the attributes in the provisioning scripts.

To update the provisioning scripts:

  1. Copy or download the connector bundle JAR file.

    You can download the bundle from Oracle Identity Governance database using the DownloadJars utility in OIM_HOME/bin directory or from the installation media. If you are using Connector Server, then you can copy the bundle from CONNECTOR_SERVER_HOME/bundles directory.

  2. Extract the JAR file to edit the scripts.

    For example, to extract the script for Linux, non-sudo user for provisioning, run the following command:

    jar xvf org.identityconnectors.genericunix-12.3.0.jar scripts/linux/nonsudo/CreateNativeUser.txt

    This script is used to enable create operations on the newly added attribute. Similarly, you can edit the UpdateNativeUser.txt script to enable update operations.

  3. Open the script for editing.

    Note:

    You must have a good knowledge of bash scripts to edit the scripts. Before editing the scripts, you can create a backup of the original scripts.

    For example, if you have added the __GID__ attribute for provisioning, you can construct a block for the __GID__ attribute similar to other blocks, as follows (lines 76 to 78):

        if [ ! -z $__GID__ ] ;then 
        command="$command -g $__GID__";
    fi;

    Add an entry to line 91 starting with unset as follows:

    unset defaultHomeBaseDir homedir checkHomeBaseDir grp defaultPriGroup __GID__;

    See Also:

    Sample Scripts for Updating Default Attributes for Provisioning for the original and updated CreateNativeUser.txt script

  4. Save the script and update the bundle as follows:
    jar uvf org.identityconnectors.genericunix-12.3.0.jar scripts/linux/nonsudo/CreateNativeUser.txt
  5. Replace the old bundle by using UpdateJars utility in OIM_HOME/bin directory.

    If you are using the Connector Server, stop it. Then, replace the JAR in the CONNECTOR_SERVER_HOME/bundles directory and restart the Connector Server.