Skip Headers
Oracle® Identity Manager Connector Guide for Oracle Internet Directory
Release 9.0.4
Part Number E10436-08
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

3 Configuring the Connector

After you deploy the connector, you must configure it to meet your requirements. This chapter discusses the following connector configuration procedures:

Note:

These sections provide both conceptual and procedural information about configuring the connector. It is recommended that you read the conceptual information before you perform the procedures.

3.1 Configuring Reconciliation

As mentioned earlier in this guide, reconciliation involves duplicating in Oracle Identity Manager the creation of and modifications to user accounts on the target system. This section discusses the following topics related to configuring reconciliation:

3.1.1 Partial Reconciliation

By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.

For this connector, you create a filter by specifying a value for the SearchFilter attribute while configuring the scheduled task for user, group, or role reconciliation.

The following table lists the Oracle Internet Directory attributes, and the corresponding Oracle Identity Manager attributes, that you can use to build the query condition. You specify this query condition as the value of the SearchFilter attribute.

Oracle Internet Directory Attribute Oracle Identity Manager Attribute
cn Common Name
givenname First Name
sn Last Name
mail Email
middleName Middle Name
departmentNumber Department
l Location
title Title

The following are sample query conditions that can be specified as the value of the SearchFilter attribute:

  • (&(objectClass=inetOrgPerson)(givenname=John))

  • (&(objectClass=inetOrgPerson)(sn=Doe))

  • (&(&(sn=Doe)(givenname=John))(objectClass=inetOrgPerson))

  • (|(|(sn=lastname)(givenname=firstname))(objectClass=inetOrgPerson))

Other target system attributes, such as cn, uid, location, title, department, and mail, can also be used to build the query condition.

When you specify a value for the SearchFilter attribute, then only the records that meet both of the following criteria are reconciled:

  • Records that meet the matching criteria specified by the SearchFilter attribute

  • Records that are added or updated after the time-stamp value specified by the time-stamp IT resource parameter

Note:

As mentioned earlier in the guide, the value of the time-stamp IT resource parameter is automatically updated by Oracle Identity Manager. You must not change the value of this parameter.

The following are guidelines to be followed while specifying a value for the SearchFilter attribute:

  • For the Oracle Internet Directory attributes, you must use the same case (uppercase or lowercase) as given in the target system. This is because attribute names are case-sensitive.

  • You must not include unnecessary blank spaces between operators and values in the query condition.

    A query condition with spaces separating values and operators would yield different results as compared to a query condition that does not contain spaces between values and operators.

  • You must not include special characters other than the equal sign (=), ampersand (&), vertical bar (|), and parentheses (()) in the query condition.

Note:

An exception is thrown if you include special characters other than the ones specified here.

3.1.2 Paged Reconciliation

Note:

This feature is supported only on Oracle Internet Directory 10.1.4.0.1 or later.

During a reconciliation run, all changes in the target system records are reconciled into Oracle Identity Manager. Depending on the number of records to be reconciled, this process may require a large amount of time. In addition, if the connection breaks during reconciliation, then the process would take longer to complete.

You can configure paged reconciliation to avoid these problems.

To configure paged reconciliation, you specify a value for the PageSize user reconciliation scheduled task attribute by following the instructions given in the "User Reconciliation Scheduled Tasks" section.

3.1.3 Configuring Trusted Source Reconciliation

While configuring the connector, the target system can be designated as a trusted source or target resource. If you designate the target system as a trusted source, then during a reconciliation run:

  • For each newly created user on the target system, an OIM User is created.

  • Updates made to each user on the target system are propagated to the corresponding OIM User.

If you designate the target system as a target resource, then during a reconciliation run:

  • For each account created on the target system, a resource is assigned to the corresponding OIM User.

  • Updates made to each account on the target system are propagated to the corresponding resource.

Note:

Skip this section if you do not want to designate the target system as a trusted source for reconciliation.

Configuring trusted source reconciliation involves the following steps:

  1. Import the XML file for trusted source reconciliation, oimUser.xml, by using the Deployment Manager. This section describes the procedure to import the XML file.

    Note:

    Only one target system can be designated as a trusted source. If you import the oimUser.xml file while you have another trusted source configured, then both connector reconciliations would stop working.

  2. Use the OID User Trusted Recon scheduled task to run trusted reconciliation.

    Note:

    The OID Trusted Delete User Recon task is run with the DN value, which is the value for the SearchBase attribute in the User Reconciliation scheduled task. The value of this attribute specifies the organizational unit from where users are reconciled from the target system into Oracle Identity Manager. When you run the OID Trusted Delete User Recon task, all of the users in the other organizational units are deleted in Oracle Identity Manager.

To import the XML file for trusted source reconciliation:

  1. Open the Oracle Identity Manager Administrative and User Console.

  2. Click the Deployment Management link on the left navigation bar.

  3. Click the Import link under Deployment Management. A dialog box for opening files is displayed.

  4. Locate and open the oimUser.xml file, which is in the OIM_HOME/xellerate/OID/xml directory. Details of this XML file are shown on the File Preview page.

  5. Click Add File. The Substitutions page is displayed.

  6. Click Next. The Confirmation page is displayed.

  7. Click Import.

  8. In the message that is displayed, click Import to confirm that you want to import the XML file and then click OK.

After you import the XML file for trusted source reconciliation, you must specify values for the attributes of the OID User Trusted Recon scheduled task. This procedure is described in the "Configuring the Reconciliation Scheduled Tasks" section.

3.1.4 Configuring the Reconciliation Scheduled Tasks

When you perform the procedure described in the "Importing the Connector XML File" section, the scheduled tasks for lookup fields, users, groups, and roles reconciliations are automatically created in Oracle Identity Manager. To configure these scheduled tasks:

  1. Open the Oracle Identity Manager Design Console.

  2. Expand the Xellerate Administration folder.

  3. Select Task Scheduler.

  4. Click Find. The details of the predefined scheduled tasks are displayed on two different tabs.

  5. For the first scheduled task, enter a number in the Max Retries field. This number represents the number of times Oracle Identity Manager must attempt to complete the task before assigning the FAILED status to the task.

  6. Ensure that the Disabled and Stop Execution check boxes are not selected.

  7. In the Start region, double-click the Start Time field. From the date-time editor that is displayed, select the date and time at which you want the task to run.

  8. In the Interval region, set the following schedule parameters:

    • To set the task to run on a recurring basis, select the Daily, Weekly, Recurring Intervals, Monthly, or Yearly option.

      If you select the Recurring Intervals option, then you must also specify the time interval at which you want the task to run on a recurring basis.

    • To set the task to run only once, select the Once option.

  9. Provide values for the attributes of the scheduled task. Refer to the "Specifying Values for the Scheduled Task Attributes" section for information about the values to be specified.

    See Also:

    Oracle Identity Manager Design Console Guide for information about adding and removing task attributes

  10. Click Save. The scheduled task is created. The INACTIVE status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you set in Step 7.

  11. Repeat Steps 5 through 10 to create the second scheduled task.

After you configure both scheduled tasks, proceed to the "Configuring Provisioning" section.

Stopping Reconciliation

Scheduled tasks run at the date and time that is specified while configuring the task. You can stop a scheduled task at any point while the task is running.

Suppose one of the user reconciliation scheduled tasks of the connector is running, and user records are being reconciled. If you want to stop the reconciliation process, then:

  1. Perform Steps 1 through 4 of the procedure to configure reconciliation scheduled tasks. These steps have been described earlier in the "Configuring the Reconciliation Scheduled Tasks" section.

  2. Select the Stop Execution check box in the task scheduler.

  3. Click Save.

3.1.4.1 Specifying Values for the Scheduled Task Attributes

This section provides information about the attribute values to be specified for the following scheduled tasks:

3.1.4.1.1 Lookup Fields Reconciliation Scheduled Tasks

The following scheduled tasks are used for lookup fields reconciliation:

  • Organization Lookup Reconciliation

  • Role Lookup Reconciliation

  • Group Lookup Reconciliation

You must specify values for the attributes of these scheduled tasks. The following table describes the attributes of the scheduled tasks used for lookup fields reconciliation:

Note:

  • Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

  • Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value were left empty, then reconciliation would not be performed.

Attribute Description Default/Sample Value
LookupCodeName Name of the lookup definition to which the master values are to be reconciled The value is one of the following:

  • For groups lookup reconciliation:

    Lookup.OID.Group

  • For roles lookup reconciliation:

    Lookup.OID.Role

  • For organization and organizational unit lookup reconciliation:

    Lookup.OID.Organization
ITResourceName Name of the IT resource for setting up the connection to Oracle Internet Directory OID Server
SearchContext Search context to be used for searching the master values The following are sample values:

  • cn=Groups,dc=mycompany,dc=com

  • cn=Roles,dc=mycompany,dc=com
ObjectClass Object class name of the master value for which lookup fields reconciliation is being performed The following are sample values:

  • For groups lookup reconciliation:

    groupOfUniqueNames

  • For roles lookup reconciliation:

    OrganizationalRole

  • For organization lookup reconciliation:

    Organization

  • For organizational unit lookup reconciliation:

    OrganizationalUnit
CodeKeyLTrimStr The default value of this attribute is [None]. Do not change this value. [NONE]
CodeKeyRTrimStr String value for right-trimming the value obtained from the search

If there is nothing to be trimmed, then specify the value [NONE].

 ,dc=mycompany,dc=com
ReconMode Specify REFRESH to completely refresh the existing lookup.

Specify UPDATE to update the lookup with new values.

 REFRESH or UPDATE
AttrType Attribute type of role, group, or organization The value can be any one of the following:

  • For role lookup reconciliation:

    cn

  • For group lookup reconciliation:

    cn

  • For organization lookup reconciliation:

    ou
ConfigurationLookup Name of the lookup definition that stores configuration information used during connector operations.

Note: Do not change the default value.

 Lookup.OID.Configuration

Note:

The CodeKeyLTrimStr and CodeKeyRTrimStr attributes control the value that becomes the code key of the lookup definition. The description of the value is the cn of the master value.

After you perform the steps required to configure the lookup fields reconciliation scheduled task, proceed to Step 10 of the procedure to create scheduled tasks.

3.1.4.1.2 User Reconciliation Scheduled Tasks

The following scheduled tasks are used for user reconciliation:

  • OID User Trusted Recon Task

  • OID User Target Recon Task

  • OID Target Delete User Recon Task

  • OID Trusted Delete User Recon Task

You must specify values for the attributes of these scheduled tasks. The following table describes the attributes of the user reconciliation scheduled tasks:

Note:

  • Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

  • Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value was left empty, then reconciliation would not be performed.

Attribute Description Default/Sample Value
ITResourceName Name of the IT resource for setting up a connection to Oracle Internet Directory OID IT Resource
TrustedResourceObjectName Name of the OIM User resource object in Oracle Identity Manager on which trusted source user reconciliation or trusted delete user reconciliation is to be performed

Note: This attribute is used only in the OID User Trusted Recon Task and OID Trusted Delete User Recon Task scheduled tasks.

 Xellerate User
TargetResourceObjectName Name of the OIM User resource object in Oracle Identity Manager on which target resource user reconciliation or target delete user reconciliation is to be performed

Note: This attribute is used only in the OID User Target Recon Task and OID Target Delete User Recon Task scheduled tasks.

 OID User
SearchBase DN value from where the users are reconciled from the target system to Oracle Identity Manager 
cn=users,dc=hostname,dc=com
Here, users is the name of the user container and hostname is the host name under which the oracle context is created.
ConfigurationLookup Name of the lookup definition that stores configuration information used during connector operations

Note: Do not change the default value.

 Lookup.OID.Configuration
SearchFilter LDAP search filter used to locate organization accounts

See "Partial Reconciliation" for more information.

 (objectclass=top)(objectclass=person) (objectclass=organizationalPerson)(objectclass=inetOrgPerson) (objectclass=orclUser) (objectclass=orclUserV2)
Recon Attribute Lookup Code Name of the lookup definition that has the target attribute mappings required for reconciliation AttrName.Recon.Map.OID
Organization Default organization of the Xellerate User (OIM User) Xellerate Users
Xellerate Type Default xellerate type for the Xellerate User (OIM User)

This is a configurable value.

 End-User Administrator
Role Default role for the Xellerate User (OIM User) Consultant
PageSize This attribute is used for paged reconciliation. During a reconciliation run, the total set of records to be reconciled is divided into pages and the PageSize attribute specifies the number of records that must constitute one page. It is recommended that you set a page size between 100 and 1000.

See Also: The "Partial Reconciliation" section

 100

After you specify values for these scheduled task attributes, proceed to Step 10 of the procedure to create scheduled tasks.

3.1.4.1.3 Group and Role Reconciliation Scheduled Tasks

The following scheduled tasks are used for group and role reconciliation:

  • OID Group Recon Task

  • OID Role Recon Task

You must specify values for the attributes of these scheduled tasks. The following table describes the attributes of the group and role reconciliation scheduled tasks:

Note:

  • Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

  • Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value was left empty, then reconciliation would not be performed.

Attribute Description Default/Sample Value
ConfigurationLookup Name of the lookup definition that stores configuration information used during connector operations

Note: Do not change the default value.

 Lookup.OID.Configuration
Field Lookup Code Name of the lookup definition that stores reconciliation field mappings for group or role connector operationsProvide the corresponding reconciliation look up mappings The value is one of the following:

  • For group reconciliation: Lookup.OIDGroupReconciliation.FieldMap

  • For role reconciliation: Lookup.OIDRoleReconciliation.FieldMap
isRoleRecon Specifies whether or not Role reconciliation is to be performed

If you want perform role reconciliation, then set the value to yes.

If you want perform group reconciliation, then set the value to no.

 Yes
ITResourceName Name of the IT resource for setting up a connection to Oracle Internet Directory OID IT Resource
MultiValued Attributes Set of multivalued attributes are added here separated by the vertical bar (|) character

You specify only the mutlivalued attributes that you have added. See "Adding New Multivalued Attributes for Target Resource Reconciliation" for more information.

The default value of this attribute is[NONE].

 owner|description
ResourceObjectName Name of the resource object into which groups or roles are to be reconciled The value can be one of the following:

  • For group reconciliation: OID Group

  • For role reconciliation: OID Role
SearchBase DN value from where the groups or roles are reconciled from the target system to Oracle Identity Manager ou=myou,dc=corp,dc=com or dc=corp, dc=com
SearchFilter LDAP search filter used to locate groups or roles

See "Partial Reconciliation" for more information.

 (objectClass=groupOfUniqueNames) or (objectClass=OrganizationalRole)

After you specify values for these scheduled task attributes, proceed to Step 10 of the procedure to create scheduled tasks.

3.1.5 Adding New Attributes for Target Resource Reconciliation

Note:

You must ensure the new attributes that you add for reconciliation contain data in string-format only. Binary attributes must not be introduced into Oracle Identity Manager natively.

By default, the attributes listed in the "Reconciled Resource Object Fields" section are mapped for reconciliation between Oracle Identity Manager and the target system. If required, you can add new attributes for target resource reconciliation.

To add a new attribute for target resource reconciliation, perform the following procedure:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Add the new attribute on the OIM User process form as follows:

    1. Expand Development Tools.

    2. Double-click Form Designer.

    3. Search for and open the OID User.

    4. Click Create New Version.

    5. In the Label field, enter the version name. For example, version#1.

    6. Click the Save icon.

    7. Select the current version created in Step e from the Current Version list.

    8. Click Add to create a new attribute, and provide the values for that attribute.

      For example, if you are adding the organization attribute, then enter the following values in the Additional Columns tab:

      Field Value
      Name organization
      Variant Type String
      Length 100
      Field Label organization
      Order 20

    9. Click the Save icon.

    10. Click Make Version Active.

  3. Add the new attribute to the list of reconciliation fields in the resource object as follows:

    1. Expand Resource Management.

    2. Double-click Resource Objects.

    3. Search for and open the OID User resource object.

    4. On the Object Reconciliation tab, click Add Field, and then enter the following values:

      Field Name: Organization

      Field Type: String

    5. Click the Save icon.

  4. Create a reconciliation field mapping for the new attribute in the process definition form as follows:

    1. Expand Process Management.

    2. Double-click Process Definition.

    3. Search for and open the OID User process definition.

    4. On the Reconciliation Field Mappings tab, click Add Field Map, and then select the following values:

      Field Name: Organization

      Field Type: String

      Process Data Field: Organization

    5. Click the Save icon.

  5. Create an entry for the attribute in the lookup definition for reconciliation as follows:

    1. Expand Administration.

    2. Double-click Lookup Definition.

    3. Search for and open the AttrName.Recon.Map.OID lookup definition.

    4. Click Add and enter the Code Key and Decode values for the attribute. The Code Key value must be the name of the attribute given in the resource object. The Decode value is the name of the attribute in the target system.

      For example, enter organization in the Code Key field and then enter o in the Decode field.

    5. Click the Save icon.

3.1.6 Adding New Attributes for Reconciliation of Groups or Roles

By default, the attributes listed in the "Group Reconciliation" section are mapped for group reconciliation between Oracle Identity Manager and the target system. Similarly, the attributes listed in the "Role Reconciliation" section are mapped for role reconciliation between Oracle Identity Manager and the target system. If required, you can add new attributes for group or role reconciliation.

See Also:

Oracle Identity Manager Design Console for detailed instructions on performing the following procedure

To add a new attribute for group or role reconciliation:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Add the new attribute on the process form as follows:

    1. Expand Development Tools.

    2. Double-click Form Designer.

    3. Perform one of the following steps:

      • If you want to add new attributes for group reconciliation, then search for and open the UD_OID_GR form.

      • If you want to add new attributes for role reconciliation, then search for and open the UD_OID_RL form.

    4. Click Create New Version.

    5. In the Label field, enter the version name. For example, version#1.

    6. Click the Save icon.

    7. Select the current version created in Step e from the Current Version list.

    8. Click Add to create a new attribute, and provide the values for that attribute.

    9. Click the Save icon.

    10. Click Make Version Active.

  3. Create an entry for the new attribute in the lookup definition for reconciliation as follows:

    1. Expand Administration.

    2. Double-click Lookup Definition.

    3. If you are adding new attributes for group reconciliation, then search for and open the Lookup.OIDGroupReconciliation.FieldMap lookup definition.

    4. If you are adding new attributes for role reconciliation, then search for and open the Lookup.OIDRoleReconciliation.FieldMap lookup definition.

    5. In the lookup definition, create an entry for the attribute that you want to add by clicking Add, and then enter the Code Key and Decode values for the attribute.

      The Code Key value must be the name of the attribute given in the resource object. The Decode value is the name of the attribute in the target system.

      For example, enter organization in the Code Key field and then enter o in the Decode field.

    6. Click the Save icon.

  4. Add the new attribute to the list of reconciliation fields in the resource object as follows:

    1. Expand Resource Management.

    2. Double-click Resource Objects.

    3. If you are adding a new attribute for group reconciliation, then search for and open the OID Group resource object.

    4. If you are adding a new attribute for role reconciliation, then search for and open the OID Role resource object

    5. On the Object Reconciliation tab, click Add Field, and then enter the following appropriate values for the Field Name and Field Type fields.

    6. Click the Save icon.

  5. Create a reconciliation field mapping for the new attribute in the process definition form as follows:

    1. Expand Process Management.

    2. Double-click Process Definition.

    3. If you are adding a new attribute for group reconciliation, then search for and open the OID Group process definition.

    4. If you are adding a new attribute for group reconciliation, then search for and open the OID Role process definition.

    5. On the Reconciliation Field Mappings tab, click Add Field Map, and then specify the appropriate values for the Field Name, Field Type, and Process Data Field fields.

    6. Click the Save icon.

3.1.7 Adding New Attributes for Trusted Source Reconciliation

Note:

You must ensure that the new attributes you add for reconciliation contain only string-format data. Binary attributes must not be brought into Oracle Identity Manager natively.

By default, the attributes listed in the "Reconciled Xellerate User (OIM User) Fields" section are mapped for reconciliation between Oracle Identity Manager and the target system. If required, you can add new attributes for trusted resource reconciliation.

To add a new attribute for trusted source reconciliation:

See Also:

Oracle Identity Manager Design Console Guide for detailed information about these steps

  1. Log in to the Oracle Identity Manager Design Console.

  2. Add the new attribute on the Users process form as follows:

    1. Expand Administration.

    2. Double-click User Defined Field Definition.

    3. Search for and open the Users process form.

    4. Click Add.

    5. Enter the details of the attribute.

      For example, if you are adding the Title attribute, then enter Employee ID in the Label field, set the data type to String, enter Title as the column name, and enter a field size value.

    6. Click Save.

  3. Add the new attribute to the list of reconciliation fields in the resource object as follows:

    1. Expand Resource Management.

    2. Double-click Resource Objects.

    3. Search for and open the Xellerate User resource object.

    4. On the Object Reconciliation tab, click Add Field.

    5. Enter the details of the attribute.

      For example, enter Title in the Field Name field and select String from the Field Type list.

      Later in this procedure, you will enter the attribute name as the Decode value of the entry that you create in the lookup definition for reconciliation.

    6. Click Save.

  4. Create a reconciliation field mapping for the new attribute in the process definition as follows:

    1. Expand Process Management.

    2. Double-click Process Definition.

    3. Search for and open the Xellerate User process definition.

    4. On the Reconciliation Field Mappings tab, click Add Field Map.

    5. In the Field Name field, select the value for the attribute that you want to add.

      For example, select Title = Title.

    6. Click Save.

  5. Create an entry for the attribute in the lookup definition for reconciliation as follows:

    1. Expand Administration.

    2. Double-click Lookup Definition.

    3. Search for and open the AttrName.Recon.Map.OID lookup definition.

    4. Click Add and enter the Code Key and Decode values for the attribute. The Code Key value must be the name of the attribute on the target system, which you determined at the start of this procedure. The Decode value is the name that you provide for the reconciliation field in Step 3.e.

      For example, enter Title in the Code Key field and then enter title in the Decode field.

    5. Click Save.

    6. Select Field Type, and then click Save.

3.2 Configuring Provisioning

Note:

The following is a guideline that you must apply during provisioning operations:

Some Asian languages use multibyte character sets. If the character limit for the fields in the target system is specified in bytes, then the number of Asian-language characters that you can enter in a particular field may be less than the number of English-language characters that you can enter in the same field. The following example illustrates this limitation:

Suppose you can enter 50 characters of English in the User Last Name field of the target system. If you have configured the target system for the Japanese language, then you would not be able to enter more than 25 characters in the same field.

As mentioned earlier in this guide, provisioning involves creating or modifying a user's account information on the target system through Oracle Identity Manager.

3.2.1 Compiling Adapters

Note:

You must perform the procedure described in this section if you want to use the provisioning features of Oracle Identity Manager for this target system.

You need not perform the procedure to compile adapters if you have performed the procedure described in "Installing the Connector on Oracle Identity Manager Release 9.1.0 or Later".

Adapters are used to implement provisioning functions. The following adapters are imported into Oracle Identity Manager when you import the connector XML file:

See Also:

The "Supported Functionality" section for a listing of the provisioning functions that are available with this connector

  • OID Create User

  • OID Delete User

  • OID Modify User

  • OID Move User

  • OID Add User to Group

  • OID Remove User from Group

  • OID Add User to Role

  • OID Remove User from Role

  • OID Prepop String

  • Update OID Role Details

  • Update OID Group Details

  • OID Delete Group

  • OID Create Group

  • Chk Process Parent Org

  • OID Create OU

  • OID Create Role

  • OID Delete Role

  • OID Move OU

  • OID Change Org Name

  • OID Delete OU

  • OID Move Group or Role

  • OID Modify Group or Role

  • OID add Multivalue attribute

  • OID remove Multivalue attribute

  • OID Update Multivalue attribute

You must compile these adapters before they can be used in provisioning operations.

To compile adapters by using the Adapter Manager form:

  1. Open the Adapter Manager form.

  2. To compile all the adapters that you import into the current database, select Compile All.

    To compile multiple (but not all) adapters, select the adapters you want to compile. Then, select Compile Selected.

    Note:

    Click Compile Previously Failed to recompile only those adapters that were not compiled successfully. Such adapters do not have an OK compilation status.

  3. Click Start. Oracle Identity Manager compiles the selected adapters.

  4. If Oracle Identity Manager is installed in a clustered environment, then copy the compiled adapters from the OIM_HOME/xellerate/Adapter directory to the same directory on each of the other nodes of the cluster. If required, overwrite the adapter files on the other nodes.

If you want to compile one adapter at a time, then use the Adapter Factory form.

See Also:

Oracle Identity Manager Tools Reference Guide for information about using the Adapter Factory and Adapter Manager forms

To view detailed information about an adapter:

  1. Highlight the adapter in the Adapter Manager form.

  2. Double-click the row header of the adapter, or right-click the adapter.

  3. Select Launch Adapter from the shortcut menu that is displayed. Details of the adapter are displayed.

3.2.2 Adding Object Classes for Provisioning

The ldapUserObjectClassSecondary field is one of the fields defined in the Lookup.OID.Configuration lookup definition.

By default, this field contains a value that you can change to the name of your object class. If required, you can modify the ldapUserObjectClassSecondary field and add more object classes. Use a vertical bar (|) to separate object classes whose names you enter. The following is a sample value that can be assigned to the ldapUserObjectClassSecondary field:

objclass1|objClass2

You must ensure that the attributes in the new object class are optional, and not mandatory attributes.

3.2.3 Enabling Provisioning of Users in Organizations and Organizational Units

Note:

This section describes an optional procedure. You need not perform this procedure if you do not want to enable provisioning of users in organizations.

In the Lookup.OID.Configuration lookup definition, the following are default settings for enabling provisioning of users in organizational units:

  • ldapOrgDNPrefix=ou

  • ldapOrgUnitObjectClass=OrganizationalUnit

See Also:

Appendix A for information about attribute mappings between Oracle Identity Manager and Oracle Internet Directory.

3.2.4 Provisioning Organizational Units, Groups, and Roles

To provision an organizational unit:

  1. Log in to the Oracle Identity Manager Administrative and User Console.

  2. Expand Organizations.

  3. Click Create.

  4. Specify a name and the type for the organization that you want to create, and then click Create Organization.

  5. Select Resource Profile from the list.

  6. Click Provision New Resource.

  7. Select the organizational unit option.

  8. Click Continue, and then click Continue again.

  9. From the IT server lookup field, select the resource object corresponding to the required IT resource.

  10. Click Continue, and then click Continue again on the Verification page.

To provision a group or role:

  1. Log in to the Oracle Identity Manager Administrative and User Console.

  2. Expand Organizations.

  3. Click Manage.

  4. Search for the organizational unit under which you want to provision the group or role.

  5. Select Resource Profile from the list.

  6. Click Provision New Resource.

  7. On this page, the option that must be selected depends on what you want to create:

    • Select the group option if you want to create a group.

      The default settings to enable provisioning of Groups in organizational units in the AttrName.Group.Prov.Map.OID lookup definition are listed in the following table:

      Code Key Decode
      Group Name cn

    • Select the role option if you want to create a group.

      The default settings to enable provisioning of Roles in organizational units in the AttrName.Role.Prov.Map.OID lookup definition are listed in the following table:

      Code Key Decode
      Role Name cn

  8. Click Continue, and then click Continue again on the Verification page.

  9. Enter a name for the group or role.

  10. From the IT server lookup field, select the IT resource.

  11. Click Continue, and then click Continue again on the Verification page.

3.2.5 Adding New Attributes for Provisioning Users

Note:

This section describes an optional procedure. You need not perform this procedure if you do not want to add new attributes for provisioning.

By default, the attributes listed in the "Provisioning Module" section are mapped for provisioning between Oracle Identity Manager and the target system. If required, you can map additional attributes for provisioning.

To add a new attribute for provisioning users, create an entry for the attribute in the lookup definition for provisioning as follows:

  1. Expand Administration.

  2. Double-click Lookup Definition.

  3. Search for and open the AttrName.Prov.Map.OID lookup definition.

  4. Click Add and enter the Code Key and Decode values for the attribute. The Code Key value must be the name of the attribute given in the resource object. The Decode value is the name of the attribute in the target system.

    For example, enter organization in the Code Key field and then enter o in the Decode field.

  5. Click the Save icon.

3.2.5.1 Enabling Update of New Attributes for Provisioning Users

After you add an attribute for provisioning users, you must enable update operations on the attribute. If you do not perform this procedure, then you will not be able to modify the value of the attribute after you set a value for it during the Create User provisioning operation.

To enable the update of a new attribute for provisioning a user:

  1. Expand Process Management.

  2. Double-click Process Definition and open the OID User process definition.

  3. In the process definition, add a new task for updating the field as follows:

    1. Click Add and enter the task name, for example, organization Updated and the task description.

    2. In the Task Properties section, select the following fields:

      • Conditional

      • Required for Completion

      • Allow Cancellation while Pending

      • Allow Multiple Instances

    3. Click on the Save icon.

  4. On the Integration tab, click Add, and then click Adapter.

  5. Select the adpOIDMODIFYUSER adapter, click Save, and then click OK in the message that is displayed.

  6. To map the adapter variables listed in this table, select the adapter, click Map, and then specify the data given in the following table:

    Note:

    Some of the values in this table are specific to Organization (o value in OID target). These values must be replaced with values relevant to the attributes that you require.
    Variable Name Data Type Map To Qualifier IT Asset Type IT Asset Property
    PDataOrg String Process Data Organization DN NA NA
    User ID String Process Data User ID NA NA
    AttrName String Literal String Literal value :Organization NA
    AttrValue String Process Data Organization Note: The name of the attribute in process form NA NA
    ProcessInstKey String Process Data Process Instance NA NA
    Adapter return value Object Response Code NA NA NA
    SSL FLag String IT Resources Server OID Server SSL
    Server Address String IT Resources Server OID Server Server Address
    Server Port String IT Resources Server OID Server Port
    RootContext String IT Resources Server OID Server Root DN
    AdminID String IT Resources Server OID Server Admin ID
    AdminPwd String IT Resources Server OID Server Admin Password
    AttrLookupCode String IT Resources Server OID Server Prov Attribute Lookup Code
    OrganizationDN String Literal String Literal Value:Note: don't specify any value here NA
    XLOrgFlag String IT Resources Server OID Server Use XL Org Structure

  7. Click the Save icon and then close the dialog box.

3.2.6 Adding New Attributes for Provisioning Groups or Roles

By default, the attributes listed in the "Group Provisioning" section are mapped for provisioning of groups between Oracle Identity Manager and the target system. Similarly, by default, the attributes listed in the "Role Provisioning" section are mapped for provisioning of roles between Oracle Identity Manager and the target system. If required, you can map additional attributes for provisioning groups or roles.

To add a new attribute for provisioning a group or role:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Add the new attribute on the process form as follows:

    1. Open the Form Designer form.

    2. Do one of the following:

      Search for and open the UD_OID_GR form.

      Search for and open the UD_OID_RL form.

    3. Create a new version of the form.

    4. Add the new attribute on the form.

    5. Save the form.

    6. Make the version active, and close the form.

  3. In the lookup definition for provisioning, create an entry for the new attribute as follows:

    1. Open the Lookup Definition form.

    2. Do one of the following:

      • Search for and open the AttrName.Group.Prov.Map.OID lookup definition.

      • Search for and open the AttrName.Role.Prov.Map.OID lookup definition.

    3. In the lookup definition, add an entry for the attribute that you want to add:

      • Code Key: Enter the name of the attribute that you add on the process form.

      • Decode Key: Enter the name of the attribute displayed on the target system, which you recorded earlier in this procedure.

  4. To test whether or not you can use the newly added attribute for provisioning, log in to the Oracle Identity Manager Administrative and User Console and perform a provisioning operation in which you specify a value for the newly added attribute.

3.2.6.1 Enabling Update of New Attributes for Provisioning Groups or Roles

After you add an attribute for provisioning a Group or Role, you must enable update operations on the attribute. If you do not perform this procedure, then you will not be able to modify the value of the attribute after you set a value for it during the Create User provisioning operation.

To enable the update of a new multivalued attribute for provisioning a group or role:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Process Management.

  3. Do one of the following:

    • Double-click Process Definition and open the OID Group process definition.

    • Double-click Process Definition and open the OID Role process definition.

  4. In the process definition, add a task for setting a value for the attribute:

    1. Click Add, enter the name of the task for adding multivalued attributes, and enter the task description.

    2. In the Task Properties section, select the following fields:

      • Conditional

      • Required for Completion

      • Allow Cancellation while Pending

      • Allow Multiple Instances

      • Select the child table from the list.

        For the example described earlier, select Mailing Address from the list.

    3. On the Integration tab, click Add, and then click Adapter.

    4. Select the adpOIDMODIFYGROUPORROLE adapter, click Save, and then click OK in the message.

    5. To map the adapter variables listed in this table, select the adapter, click Map, and then specify the data given in the following table:

      Variable Name Data Type Map To Qualifier IT Asset Type IT Asset Property
      SSLFlag String IT Resource Server OID Server SSL
      Adapter return value Object Response Code NA NA NA
      UserID String Process Data User ID NA NA
      userPassword String Process Data Password NA NA
      rootContext String IT Resources Server OID Server Root DN
      port String IT Resources Server OID Server Port
      LDAPServer String IT Resources Server OID Server Server Address
      AttrLookupCode String IT Resources Server OID Server The value can be any one of the following:

      • For group: AttrName.Group.Prov.Map.OID

      • For Role: AttrName.Role.Prov.Map.OID
      PropertyName String Literal String homePostalAddress

      Note: This is a sample (literal) value.

      		 NA
      PropertyValue String Select Process Data and then select (for example) OID User Role. Address

      Note: This is a sample value.

      		 NA NA
      Admin ID String IT Resources Server OID Server Admin Id
      AdminPwd String IT Resources Server OID Server Admin Password
      organizationDN String Literal String Note: Do not enter a value in the Literal field. NA
      ProcessInstKey String Process data Process Instance NA NA
      PDataOrg String Process data Organization DN NA NA

    6. Click the Save icon and then close the dialog box.

3.3 Adding New Multivalued Attributes for Target Resource Reconciliation

Note:

This section describes an optional procedure. Perform this procedure only if you want to add new multivalued fields for reconciliation. This procedure can be applied to add either user, group, or role attributes.

You must ensure that new attributes you add for reconciliation contain only string-format data. Binary attributes must not be brought into Oracle Identity Manager natively.

By default, only the UserGroup and UserRole multivalued attributes (listed in the "Reconciled Resource Object Fields" section) are mapped for user reconciliation between Oracle Identity Manager and the target system. If required, you can add new multivalued attributes for target system reconciliation.

By default, no multivalued attributes are mapped for reconciliation between Oracle Identity Manager and the target system for groups and roles. If required, you can add new multivalued attributes for reconciliation of groups or roles.

To add a new multivalued attribute for target resource reconciliation:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Create a form for the multivalued attribute as follows:

    1. Expand Development Tools.

    2. Double-click Form Designer.

    3. Create a form by specifying a table name and description, and then click Save.

    4. Click Add and enter the details of the attribute.

    5. Click Save and then click Make Version Active.

  3. Add the form created for the multivalued attribute as a child form of the process form as follows:

    1. Perform one of the following steps:

      • For users, search for and open the UD_OID_USR process form.

      • For groups, Search for and open the UD_OID_GR process form.

      • For roles, search for and open the UD_OID_RL process form.

    2. Click Create New Version.

    3. Click the Child Table(s) tab.

    4. Click Assign.

    5. In the Assign Child Tables dialog box, select the newly created child form, click the right arrow, and then click OK.

    6. Click Save and then click Make Version Active.

  4. Add the new attribute to the list of reconciliation fields in the resource object as follows:

    1. Expand Resource Management.

    2. Double-click Resource Objects.

    3. Perform one of the following steps:

      • For users, search for and open the OID User resource object.

      • For groups, search for and open the OID Group resource object.

      • For roles, search for and open the OID Role resource object.

    4. On the Object Reconciliation tab, click Add Field.

    5. In the Add Reconciliation Fields dialog box, enter the details of the attribute.

      For example, enter Address in the Field Name field and select Multi Valued Attribute from the Field Type list.

    6. Click Save and then close the dialog box.

    7. Right-click the newly created attribute.

    8. Select Define Property Fields.

    9. In the Add Reconciliation Fields dialog box, enter the details of the newly created field.

      For example, enter Mailing Address in the Field Name field and select String from the Field Type list.

    10. Click Save, and then close the dialog box.

  5. Create a reconciliation field mapping for the new attribute as follows:

    1. Expand Process Management.

    2. Double-click Process Definition.

    3. Perform one of the following steps:

      • For users, search for and open the OID User process form.

      • For groups, search for and open the OID Group process form.

      • For roles, search for and open the OID Role process form.

    4. On the Reconciliation Field Mappings tab of the process definition, click Add Table Map.

    5. In the Add Reconciliation Table Mapping dialog box, select the field name and table name from the list, click Save, and then close the dialog box.

    6. Right-click the newly created field, and select Define Property Field Map.

    7. In the Field Name field, select the value for the field that you want to add.

    8. Double-click the Process Data Field field, and then select the required data field.

    9. Select the Key Field for Reconciliation Mapping check box, and then click Save.

  6. Create an entry for the attribute in the lookup definition for reconciliation as follows:

    1. Expand Administration.

    2. Double-click Lookup Definition.

    3. For a user attribute, search for and open the AttrName.Recon.Map.OID lookup definition. Then, search for the ldapUserMultiValAttr Code Key value.

      If you do not want to reconcile multivalued attributes, then accept the default Decode value [NONE].

      If you want to reconcile a multivalued attribute, then enter a value in the following format:

      RECONCILIATION FIELD NAME OF ATTRIBUTE,PROPERTY NAME OF THE RECONCILIATION FIELD

      For example: Address,MailingAddress

      If you want to reconcile more than one multivalued attribute, then enter values in the following format:

      RECONCILIATION FIELD NAME OF ATTRIBUTE 1,PROPERTY NAME OF THE RECONCILIATION FIELD 1| RECONCILIATION FIELD NAME OF ATTRIBUTE 2,PROPERTY NAME OF THE RECONCILIATION FIELD 2| . . .

      For example: Address,MailingAddress|group,groupname

    4. Perform one of the following steps:

      • For groups, search for and open the Lookup.OIDGroupReconciliation.FieldMap lookup definition.

      • For roles, search for and open the Lookup.OIDRoleReconciliation.FieldMap lookup definition.

    5. In the lookup definition, add an entry for the attribute that you want to add:

      • Code Key: Enter the name of the attribute that you add on the process form.

      • Decode Key: Enter the name of the attribute displayed on the target system, which you recorded earlier in this procedure.

    6. Perform one of the following steps:

      • For users, search for and open the Attrname.Prov.Map.OID lookup definition.

      • For groups, search for and open the AttrName.Group.Prov.Map.OID lookup definition.

      • For roles, search for and open the AttrName.Role.Prov.Map.OID lookup definition.

    7. In the lookup definition, add an entry for the attribute that you want to add:

      • Code Key: Enter the name of the attribute that you add on the process form.

      • Decode Key: Enter the name of the attribute displayed on the target system, which you recorded earlier in this procedure.

If you have added new multivalued for groups or roles, then you must specify the decode key values of the newly added attributes as a value of the Multivalue Attribute attribute that is discussed in the "Group and Role Reconciliation Scheduled Tasks" section.

3.4 Adding New Multivalued Attributes for Provisioning

Note:

This section describes an optional procedure. Perform this procedure only if you want to add new multivalued fields for provisioning. This procedure can be applied to add either user, group, or role attributes.

By default, only the UserGroup and UserRole multivalued attributes (listed in the "User Provisioning" section) are mapped for provisioning between Oracle Identity Manager and the target system. If required, you can add new multivalued attributes for target system reconciliation.

By default, no multivalued attributes are mapped for provisioning between Oracle Identity Manager and the target system for groups and roles. If required, you can add new multivalued attributes for reconciliation and provisioning of groups or roles.

To add a new multivalued attribute for provisioning:

Note:

If you have already performed Steps 1 through 3 of the "Adding New Multivalued Attributes for Target Resource Reconciliation" section, then you need not repeat the steps in the following procedure, and directly proceed to the "Enabling Update of New Multivalued Attributes for Provisioning" section.

  1. Log in to the Oracle Identity Manager Design Console.

  2. Create a form for the multivalued attribute as follows:

    1. Expand Development Tools.

    2. Double-click Form Designer.

    3. Create a form by specifying a table name and description, and then click Save.

    4. Click Add and enter the details of the attribute.

    5. Click Save and then click Make Version Active.

  3. Add the form created for the multivalued attribute as a child form of the process form as follows:

    1. Perform one of the following steps:

      • For users, search for and open the UD_OID_USR process form.

      • For groups, search for and open the UD_OID_GR process form.

      • For roles, search for and open the UD_OID_RL process form.

    2. Click Create New Version.

    3. Click the Child Table(s) tab.

    4. Click Assign.

    5. In the Assign Child Tables dialog box, select the newly created child form, click the right arrow, and then click OK.

    6. Click Save and then click Make Version Active.

3.4.1 Enabling Update of New Multivalued Attributes for Provisioning

After you add a multivalued attribute for provisioning, you must enable update operations on the attribute. If you do not perform this procedure, then you will not be able to modify the value of the attribute after you set a value for it during the Create provisioning operations.

To enable the update of a new multivalued attribute for provisioning:

See Also:

Oracle Identity Manager Design Console Guide for detailed information about these steps

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Process Management.

  3. Double-click Process Definition, and then perform one of the following steps:

    • For users, open the OID User process definition.

    • For groups, open the OID Group process definition.

    • For roles, open the OID Role process definition.

  4. In the process definition, add a task for setting a value for the attribute:

    1. Click Add, enter the name of the task for adding multivalued attributes, and enter the task description.

    2. In the Task Properties section, select the following fields:

      • Conditional

      • Required for Completion

      • Allow Cancellation while Pending

      • Allow Multiple Instances

      • Select the child table from the list.

        For the example described earlier, select Mailing Address from the list.

      • Select Insert as the trigger type for adding multivalued data. Alternatively, select Delete as the trigger type for removing multivalued data.

    3. On the Integration tab, click Add, and then click Adapter.

    4. Select the adpOIDADDMULTIVALUEATTRIBUTE adapter, click Save, and then click OK in the message.

    5. To map the adapter variables listed in this table, select the adapter, click Map, and then specify the data given in the following table:

      Note:

      Some of the values in this table are specific to the Mailing Address/Postal Address example. These values must be replaced with values relevant to the multivalued attributes that you require.
      Variable Name Data Type Map To Qualifier IT Asset Type IT Asset Property
      SSLFlag String IT Resource Server OID Server SSL
      Adapter return value Object Response Code NA NA NA
      UserID String Process Data User ID NA NA
      userPassword String Process Data Password NA NA
      rootContext String IT Resources Server OID Server Root DN
      port String IT Resources Server OID Server Port
      LDAPServer String IT Resources Server OID Server Server Address
      AttrLookupCode String IT Resources Server OID Server Prov Attribute Lookup Code

      Note: While mapping for either group or role process definition, select the corresponding lookup definitions:

      • For group: AttrName.Group.Prov.Map.OID

      • For Role: AttrName.Role.Prov.Map.OID
      PropertyName String Literal String homePostalAddress

      Note: This is a sample (literal) value.

      		 NA
      PropertyValue String Select Process Data and then select (for example) OID User Role. Address

      Note: This is a sample value.

      		 NA NA
      Admin ID String IT Resources Server OID Server Admin Id
      AdminPwd String IT Resources Server OID Server Admin Password
      organizationDN String Literal String Note: Do not enter a value in the Literal field. NA
      ProcessInstKey String Process data Process Instance NA NA
      PDataOrg String Process data Organization DN NA NA

    6. Click the Save icon and then close the dialog box.

  5. In the process definition, add a task for removing the value of the attribute by performing Step 4. While performing Step 4.d, select the adpOIDREMOVEMULTIVALUEATTRIBUTE adapter.

  6. In the process definition, add a task for updating the value of the attribute by performing Step 4.

    While performing Step 4.d select the adpOIDUPDATEMULTIVALUEATTRIBUTE adapter. Map the Adapter return Value attribute for this update task by providing the values described in the preceding table.

3.5 Adding New Object Classes for Provisioning and Reconciliation

To add a new object class for provisioning and reconciliation:

3.5.1 Adding the Attributes of the Object Class to the Process Form

To add the attributes of the object class to the process form:

  1. Open the Oracle Identity Manager Design Console.

  2. Expand the Development Tools folder.

  3. Double-click Form Designer.

  4. Search for and open the UD_OID_USR process form.

  5. Click Create New Version, and then click Add.

  6. Enter the details of the attribute.

    For example, if you are adding the Associated Domain attribute, enter UD_OID_USR_ASSOCIATEDDOMAIN in the Name field and then enter the other details of this attribute.

  7. Click Save, and then click Make Version Active.

3.5.2 Adding the Object Class and its Attributes to the Lookup Definition for Provisioning

To add the object class and its attributes to the lookup definition for provisioning:

  1. Expand the Administration folder.

  2. Double-click Lookup Definition.

  3. Search for and open the Lookup.OID.Configuration lookup definition.

  4. Add the object class name to the Decode value of the ldapUserObjectClass Code Key.

    Note:

    In the Decode column, use the vertical bar (|) as a delimiter when you add the object class name to the existing list of object class names.

    For example, if you want to add domainRelatedObject in the Decode column then enter the value as follows:

    top|inetorgperson|orclUserV2|domainRelatedObject

  5. Click Add and then enter the Code Key and Decode values for an attribute of the object class. The Code Key value must be the name of the field on the process form and Decode value must be the name of the field on the target system.

    For example, enter Associated Domain in the Code Key field and then enter associatedDomain in the Decode field.

    Note:

    You must perform this step for all the mandatory attributes of the object class. You can also perform this step for the optional attributes.

  6. Click Save.

3.5.3 Adding the Attributes of the Object Class to the Resource Object

To add the attributes of the object class to the resource object:

Note:

You must perform this step for all the mandatory attributes of the object class. You can also perform this step for the optional attributes.

  1. Expand the Resource Management folder.

  2. Double-click Resource Objects.

  3. Search for and open the OID User resource object.

  4. For each attribute of the object class:

    1. On the Object Reconciliation tab, click Add Field.

    2. Enter the details of the field.

    For example, enter Associated Domain in the Field Name field and select String from the Field Type list.

  5. Click the save icon.

3.5.4 Adding Attributes of the Object Class to the Provisioning Process

To add the attributes of the object class to the provisioning process:

Note:

You must perform this step for all the mandatory attributes of the object class. You can also perform this step for the optional attributes.

  1. Expand the Process Management folder.

  2. Double-click Process Definition.

  3. Search for and open the OID User provisioning process.

  4. On the Reconciliation Field Mappings tab, click Add Field Map.

  5. In the Field Name field, select the value for the field that you want to add.

    For example, select Associated Domain = UD_OID_USR_ASSOCIATEDDOMAIN

  6. In the Field Type field, select the field type.

  7. Click the save icon.

3.6 Configuring the Mapping of the User ID Field

Note:

The procedure described in this section is not part of the deployment procedure. You must perform this procedure only if you want to customize the mapping between the user ID fields of Oracle Internet Directory and Oracle Identity Manager.

While creating a user account on Oracle Internet Directory through Oracle Identity Manager, the user ID that you specify is assigned to the uid field of Oracle Internet Directory. If required, you can customize the mapping so that the user ID is assigned to the cn field of Oracle Internet Directory.

See Also:

Oracle Identity Manager Design Console Guide for information about modifying lookup definitions

  1. In the Design Console, open the AttrName.Prov.Map.OID lookup definition.

  2. Change the decode value of the User ID code key to cn.

  3. Save the changes.

  4. In the Design Console, open the Lookup.OID.Configuration lookup definition.

  5. Change the decode value of the ldapUserDNPrefix code key to cn.

  6. Save the changes.

Now, when you create a user account on Oracle Internet Directory through Oracle Identity Manager, the user ID assigned in Oracle Identity Manager will be assigned to the cn field of Oracle Internet Directory.

After you map for provisioning, the User ID field of Oracle Identity Manager to the cn field of the target system, you must customize the mapping for reconciliation. By default, during reconciliation, the uid field of Oracle Internet Directory is mapped to the User ID field of Oracle Identity Manager. To customize mapping so that the value in the cn field in Oracle Internet Directory is assigned to the User ID field in Oracle Identity Manager:

  1. In the Design Console, open the AttrName.Recon.Map.OID lookup definition.

  2. Change the decode value of the User ID code key to cn.

  3. Save the changes.

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us