1. Integration Guide for Oracle Identity Management Suite
  2. Appendices
  3. Verifying Adapters for Multiple Directory Identity Stores by Using ODSM
  4. Verifying Adapters for Distinct User and Group Populations in Multiple Directories by Using ODSM

A.2 Verifying Adapters for Distinct User and Group Populations in Multiple Directories by Using ODSM

This section describes how to view the adapters created in Configuring Oracle Virtual Directory Adapters for Distinct User and Group Populations in Multiple Directories.

This section contains the following topics:

A.2.1 Verifying the User Adapter on the Oracle Virtual Directory Instances

Verify the user adapter on the Oracle Virtual Directory instances running on LDAPHOST1 and LDAPHOST2 individually. Follow these steps to verify the User Adapter in Oracle Virtual Directory using Oracle Directory Services Manager:

  1. If they are not already running, start the Administration Server and the WLS_ODSM Managed Servers.
  2. In a web browser, go to Oracle Directory Services Manager (ODSM) at:

    http://admin.mycompany.com/odsm

  3. Verify connections to each of the Oracle Virtual Directory instances running on LDAPHOST1 and LDAPHOST2, if they do not already exist.
  4. Connect to each Oracle Virtual Directory instance by using the appropriate connection entry.
  5. On the Home page, click the Adapter tab.
  6. Click the name of each adapter. Verify that it has the parameters shown in the following tables.

A.2.2 Verifying the Plug-In of the User/Role Adapter A1

Verify the plug-in of the User/Role Adapter A1, as follows:

  1. Select the OIM User Adapter.
  2. Click the Plug-ins tab.
  3. Click the User Management Plug-in, then click Edit in the plug-ins table. The plug-in editing window appears.
  4. Verify that the parameter values are as follows:
    Parameter Value Default

    directoryType

    activedirectory

    Yes

    exclusionMapping

    orclappiduser,uid=samaccountname

    mapAttribute

    orclguid=objectGuid

    mapAttribute

    uniquemember=member

    addAttribute

    user,samaccountname=%uid%,%orclshortuid%

    mapAttribute

    mail=userPrincipalName

    mapAttribute

    ntgrouptype=grouptype

    mapObjectclass

    groupofUniqueNames=group

    mapObjectclass

    orclidxperson=user

    pwdMaxFailure

    10

    Yes

    oamEnabled

    TrueFoot 1

    mapObjectClass

    inetorgperson=user

    Yes

    mapPassword

    True

    Yes

    oimLanguages

    Comma separated list of language codes, such as en,fr,ja

    Footnote 1

    Set oamEnabled to true only if you are using Oracle Access Management Access Manager.

A.2.3 Verifying the Plug-In of the User/Role Adapter A2

Verify the plug-in of the User/Role Adapter A2 as follows:

  1. Select the User Adapter.
  2. Click the Plug-ins tab.
  3. Click the User Management Plug-in in the plug-ins table, then click Edit. The plug-in editing window appears.
  4. Verify that the parameter values are as follows:
    Parameter Value Default

    directoryType

    oid

    Yes

    pwdMaxFailure

    10

    Yes

    oamEnabled

    trueFoot 2

    mapObjectclass

    container=orclContainer

    Yes

    Footnote 2

    Set oamEnabled to true only if you are using Oracle Access Management Access Manager.

A.2.4 Verifying the Changelog Adapter C1 Plug-In

To verify the Changelog Adapter C1 plug-in, follow these steps:

  1. Select the OIM changelog adapter Changelog_Adapter_C1.
  2. Click the Plug-ins tab.
  3. In the Deployed Plus-ins table, click the changelog plug-in, then click Edit in the plug-ins table. The plug-in editing window appears.
  4. In the Parameters table, verify that the values are as shown.

    Table A-1 Values in Parameters Table

    Parameter Value Comments

    modifierDNFilter

    A bind DN that has administrative rights on the directory server, in the format:

    "!(modifiersname=cn=BindDN)"

    For example:

    "!(modifiersname=cn=orcladmin,cn=systemids,dc=mycompany,dc=com)"

    Create

    sizeLimit

    1000

    Create

    targetDNFilter

    dc=us,dc=mycompany,dc=com

    Create

    mapUserState

    true

    Update

    oamEnabled

    true

    Update

    virtualDITAdapterName

    The adapter name of User/Role Adapter A1: User_Adapter_A1

    Create

A.2.5 Verifying the Changelog Adapter for Active Directory

Verify the plug-in as follows.

  1. Select the OIM Changelog Adapter.
  2. Click the Plug-ins tab.
  3. In the Deployed Plus-ins table, click the changelog plug-in, then click "Edit in the plug-ins table. The plug-in editing window appears.
  4. In the Parameters table, verify that the parameters are as follows:
    Parameter Value

    directoryType

    activedirectory

    mapAttribute

    targetGUID=objectGUID

    requiredAttribute

    samaccountname

    sizeLimit

    1000

    targetDNFilter

    dc=mycompany,dc=com

    Search base from which reconciliation must happen. This value must be the same as the LDAP SearchDN that is specified during Oracle Identity Governance installation.

    mapUserState

    true

    oamEnabled

    trueFoot 3

    virtualDITAdapterName

    The name of the User adapter's name

    Footnote 3

    Set oamEnabled to true only if you are using Oracle Access Management Access Manager.

    Note:

    virtualDITAdapterName identifies the corresponding user profile adapter name. For example, in a single-directory deployment, you can set this parameter value to User Adapter, which is the user adapter name. In a split-user profile scenario, you can set this parameter to J1;A2, where J1 is the JoinView adapter name, and A2 is the corresponding user adapter in the J1.

A.2.6 Verifying Changelog Adapter C2

Verify the plug-in as follows:

  1. Select the OIM changelog adapter Changelog_Adapter_C2.
  2. Click the Plug-ins tab.
  3. In the Deployed Plus-ins table, click the changelog plug-in, then click Edit in the plug-ins table. The plug-in editing window appears.
  4. In the Parameters table, verify that the parameters are as follows:

    Table A-2 Values in Parameters Table

    Parameter Value Comments

    modifierDNFilter

    A bind DN that has administrative rights on the directory server, in the format:

    "!(modifiersname=cn=BindDN)"

    For example:

    "!(modifiersname=cn=orcladmin,dc=mycompany,dc=com)"

    Create

    sizeLimit

    1000

    Create

    targetDNFilter

    dc=uk,dc=mycompany,dc=com

    Create

    mapUserState

    true

    Update

    oamEnabled

    true

    Update

    virtualDITAdapterName

    The adapter name of User/Role adapter A2: User_Adapter_A2

    Create

A.2.7 Verifying Oracle Virtual Directory Global Plug-in

To verify the Global Oracle Virtual Directory plug-in, proceed as follows

  1. In a web browser, go to Oracle Directory Services Manager (ODSM) at:

    http://admin.mycompany.com/odsm

  2. Verify connections to each of the Oracle Virtual Directory instances running on LDAPHOST1 and LDAPHOST2, if they do not already exist.
  3. Connect to each Oracle Virtual Directory instance by using the appropriate connection entry.
  4. On the Home page, click the Adapter tab.
  5. Click the Plug-ins tab.
  6. Verify that the Global Consolidated Changelog Plug-in exists.

    Click OK when finished.

A.2.8 Configuring a Global Consolidated Changelog Plug-in

Verify the global level consolidated changelog plug-in as follows

  1. In a web browser, go to Oracle Directory Services Manager (ODSM).
  2. Connect to an Oracle Virtual Directory instance.
  3. On the Home page, click the Advanced tab. The Advanced navigation tree appears.
  4. Expand Global Plugins
  5. Click the ConsolidatedChglogPlugin. The plug-in editing window appears.