A Policies for OS/400 Accounts Migration
The AS400 connector has extended a number of supported attributes, as compared to previous releases of the OS/400 Oracle Identity Manager connector. Some of the new attributes (for example, First Name and Last Name) are stored in an OS/400 Directory Entry object. Directory Entries were not used by previous releases of the connector.
Sources of OS/400 accounts without Directory Entries include:
-
An account provisioned by the legacy OS/400 Oracle Identity Manager connector
-
An account created manually by an OS/400 administrator
The AS400 connector has the following policy for the creation of a Directory Entry:
-
A new OS/400 account is provisioned.
-
An OS/400 account attribute is updated.
The AS400 connector does not create a Directory Entry if a search or reconciliation operation is performed.
The AS400 connector uses two objects to save OS/400 account attributes: User Profile and Directory Entry. These entities are mapped as follows on connector operations:
-
Create operation: New users created by the connector will have both a Directory Entry and a User Profile.
-
Delete operation: Legacy users without a Directory Entry will be logged in with a warning for a delete operation.
-
Search operation: For legacy users without a Directory Entry, empty attribute values will be returned (if attributes of a Directory Entry are requested by the search operation).
-
Update operation: If the Directory Entry is missing for an account, the connector will create an empty Directory Entry for the OS/400 account.