5 Using the UNIX Connector

You can use the UNIX connector for performing reconciliation and provisioning operations after configuring your application to meet your requirements.

• Configuring Reconciliation

• Configuring Reconciliation Jobs

• Performing Provisioning Operations

• Uninstalling the Connector

5.1 Configuring Reconciliation

Reconciliation involves duplicating in Oracle Identity Governance the creation of and modifications to user accounts on the target system.

This section provides details on the following topics related to configuring reconciliation:

• Performing Full Reconciliation

• Performing Limited Reconciliation

• Performing Batched Reconciliation

• Performing Incremental Reconciliation

5.1.1 Performing Full Reconciliation

Full reconciliation involves reconciling all existing user records from the target system into Oracle Identity Governance. After you create the application, you must first perform full reconciliation.

To perform a full reconciliation run, remove (delete) any value currently assigned to the Filter attribute of the Full User Reconciliation job. See Reconciliation Jobs for information about this reconciliation job.

During a full reconciliation run, if you provide both batching parameters and filters, the connector processes the data in batches. Then, filters are applied to the processed data.

5.1.2 Performing Limited Reconciliation

You can perform limited reconciliation by creating filters for the reconciliation module, and reconcile records from the target system based on a specified filter criterion.

By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled.

This connector provides a Filter attribute (a scheduled task attribute) that allows you to use any of the UNIX resource attributes to filter the target system records.

For detailed information about ICF Filters, see ICF Filter Syntax in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.

While creating the application, follow the instructions in Configuring Reconciliation Jobs to specify attribute values.

5.1.3 Performing Batched Reconciliation

You can perform batched reconciliation to reconcile a specific number of records from the target system into Oracle Identity Governance.

During a reconciliation run, all changes in the target system records are reconciled into Oracle Identity Governance. Depending on the number of records to be reconciled, this process may require a large amount of time. In addition, if the connection breaks during reconciliation, then the process would take longer to complete.

You can configure batched reconciliation to avoid these problems.

To configure batched reconciliation, you must specify values for the following user reconciliation scheduled task attributes:

• Batch Size: Use this attribute to specify the number of records that must be included in each batch.

• Batch Start Index: Use this attribute to specify the position from which the records will be included in each batch.

• No. of Batches: Use this attribute to specify the total number of batches that must be reconciled.

By default, the values of all attributes is 0, indicating that all records will be included (no batched reconciliation). The following example illustrates this:

Suppose that of a total 314 records, only 200 records were processed before encountering an exception or an error. During the next reconciliation run, you can set Batch Start Index to 200 to process the records from 200 to 314.

You specify values for these attributes by following the instructions described in Configuring Reconciliation Jobs.

5.1.4 Performing Incremental Reconciliation

During incremental reconciliation, only records that are added or modified after the last reconciliation run are fetched into Oracle Identity Governance.

You can perform incremental recon by running the UNIX Target Incremental Resource User Reconciliation or UNIX User Trusted Incremental Recon jobs described in Reconciliation Jobs.

The following is the behavior of incremental reconciliation scheduled tasks:

• Incremental reconciliation scheduled tasks do not support filtering of records.

• Incremental reconciliation scheduled tasks fetch data from the target system in alphabetical order.

• If you run an incremental reconciliation scheduled task for the first time, or if you run the task after removing the value of Sync Token parameter, then the following directories (or the directory specified in the configuration lookup definition) must be empty:

  connector_mirror_files

  connector_mirror_files_trusted

• After an incremental reconciliation scheduled task completes, the following files will be generated in the connector_mirror_files or connector_mirror_files_trusted directory (or in the directory specified in the configuration lookup definition). Here, SYNC_TOKEN refers to the value of the Sync Token parameter.

  • SYNC_TOKEN.passwd file contains previous copy of the password file in the /etc directory, for example, /etc/passwd.

  • SYNC_TOKEN.shadow file contains previous copy of the shadow file in the /etc directory, for example, /etc/shadow.

  • SYNC_TOKEN.group file contains previous copy of the group file in the /etc directory, for example, /etc/group.

  • passwd_difference_incr file contains differences between the /etc/passwd and the SYNC_TOKEN.passwd files.

  • shadow_difference_incr file contains differences between the /etc/shadow and SYNC_TOKEN.shadow files.

  • group_difference_incr file contains differences between the /etc/group and SYNC_TOKEN.group files.

  • record file contains the actual records that will be sent back to Oracle Identity Governance in alphabetically sorted order.

5.2 Configuring Reconciliation Jobs

Configure reconciliation jobs to perform reconciliation runs that check for new information on your target system periodically and replicates the data in Oracle Identity Governance.

You can apply this procedure to configure the reconciliation jobs for users and entitlements.

To configure a reconciliation job:

1. Log in to Identity System Administration.
2. In the left pane, under System Management, click Scheduler.
3. Search for and open the scheduled job as follows:
   1. In the Search field, enter the name of the scheduled job as the search criterion. Alternatively, you can click Advanced Search and specify the search criterion.
   2. In the search results table on the left pane, click the scheduled job in the Job Name column.
4. On the Job Details tab, you can modify the parameters of the scheduled task:
   • Retries: Enter an integer value in this field. This number represents the number of times the scheduler tries to start the job before assigning the Stopped status to the job.
   • Schedule Type: Depending on the frequency at which you want the job to run, select the appropriate schedule type. See Creating Jobs in Oracle Fusion Middleware Administering Oracle Identity Governance.

   In addition to modifying the job details, you can enable or disable a job.

5. On the Job Details tab, in the Parameters region, specify values for the attributes of the scheduled task.

   Note:

   Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value is left empty, then reconciliation is not performed.

6. Click Apply to save the changes.

   Note:

   You can use the Scheduler Status page in Identity System Administration to either start, stop, or reinitialize the scheduler.

5.3 Performing Provisioning Operations

You create a new user in Identity Self Service by using the Create User page. You provision or request for accounts on the Accounts tab of the User Details page.

To perform provisioning operations in Oracle Identity Governance:

1. Log in to Identity Self Service.
2. Create a user as follows:
   1. In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
   2. From the Actions menu, select Create. Alternatively, you can click Create on the toolbar. The Create User page is displayed with input fields for user profile attributes.
   3. Enter details of the user in the Create User page.
3. On the Account tab, click Request Accounts.
4. In the Catalog page, search for and add to cart the application instance for the connector that you configured earlier, and then click Checkout.
5. Specify value for fields in the application form and then click Ready to Submit.
6. Click Submit.

See Also:

Creating a User in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance for details about the fields on the Create User page

5.4 Uninstalling the Connector

Uninstalling the UNIX connector deletes all the account-related data associated with its resource objects.

If you want to uninstall the connector for any reason, then run the Uninstall Connector utility. Before you run this utility, ensure that you set values for ObjectType and ObjectValues properties in the ConnectorUninstall.properties file. For example, if you want to delete resource objects, scheduled tasks, and scheduled jobs associated with the connector, then enter "ResourceObject", "ScheduleTask", "ScheduleJob" as the value of the ObjectType property and a semicolon-separated list of object values corresponding to your connector as the value of the ObjectValues property.

For example: UNIX User; UNIX Group

Note:

If you set values for the ConnectorName and Release properties along with the ObjectType and ObjectValue properties, then the deletion of objects listed in the ObjectValues property is performed by the utility and the Connector information is skipped.

For more information, see Uninstalling Connectors in Oracle Fusion Middleware Administering Oracle Identity Governance.