Oracle® Identity Manager Connector Guide for Microsoft Active Directory Release 9.0.3 Part Number B32355-01 |
|
|
View PDF |
This chapter provides an overview of the updates made to the connector and documentation for Microsoft Active Directory in release 9.0.3 of the Oracle Identity Manager connector pack.
See Also:
The 9.0.2 release of this guide for information about updates that were new for the 9.0.2 releaseThe updates discussed in this chapter are divided into the following categories:
These include updates made to the connector software.
Documentation-Specific Updates
These include major changes made to the connector documentation. These changes are not related to software updates.
See Also:
Oracle Identity Manager Release NotesThis section discusses updates made to this release of the connector software.
Enhancement in the Multilanguage Support Feature
In addition to the three languages supported by the earlier release, this release of the connector supports seven new languages. All the supported languages are listed in the "Multilanguage Support" section.
Query-Based Reconciliation
In reconciliation performed by using the earlier release of the connector, all target system records that have been added or updated after the last reconciliation run are reconciled during the current reconciliation run. This release of the connector provides features that enable you to specify the subset of records to be reconciled.
You can specify an LDAP query that the reconciliation engine must use while fetching records from the target system. You specify this LDAP query as the value of the CustomizedReconQuery
IT resource parameter, which is listed in the table in the "Defining IT Resources" section.
You can also specify whether the query that you provide must be run on records for all user groups or only on the user group specified in the LDAP query. To do this, you use the GroupObject
attribute defined in the "User Reconciliation Scheduled Task" section.
No Limit on the Number of Users That Can Be Reconciled During a Single Reconciliation Run
With the earlier release of this connector, you could not reconcile more than 1000 users during any particular reconciliation run. This release of the connector can reconcile any number of users during a reconciliation run.
Display of the Group Name Values
In the earlier release of this connector, group ID (objectGUID)
values were displayed in the Design Console and Administrative and User Console after group lookup reconciliation. From this release onward, the group names (sAMAccountName)
of the reconciled groups are displayed. This makes it easier to identify the groups that have been reconciled.
Determining the Release Number of the Connector
Instructions to determine the release number of the connector are given in the "Determining the Release Number of the Connector" section.
Support for OC4J
Earlier releases of the connector supported the following application servers:
JBoss Application Server
BEA WebLogic
IBM WebSphere
This release of the connector also supports Oracle Containers for J2EE (OC4J). Instructions pertaining to OC4J have been added at the required places in the guide.
Setting Non-Mandatory User Attributes to NULL During a Disable User Provisioning Operation
This release of the connector provides a feature that enables you to automatically set to NULL
the value of nonmandatory user attributes while performing a Disable User provisioning operation. To enable this feature, you use the following new parameters of the IT resource definition:
ADDisableAttr Lookup Definition
Use Disable Attr
These parameters are discussed in the "Defining IT Resources" section.
New Field in the Lookup.ADReconciliation.FieldMap Field Map
In the "Specifying the Fields to Be Reconciled" section, the password
field has been added to the list of fields provided by default in the Lookup.ADReconciliation.FieldMap
field map.
Changes in the Known Issues
The following issues have been added to the Known Issues list in Chapter 4:
A limitation of Microsoft Active Directory that restricts the number of characters in the user ID field to 20 characters.
In this release of the connector, a problem involving the use of the connector and the password synchronization module has been resolved. The procedure to address this problem is described in the "Configuring the Connector and Password Synchronization Module" section.
As part of the solution, you must also specify values for the following parameters that have been added to the IT resource definition in the "Defining IT Resources" section:
AD Sync installed (yes/no)
OIM User UDF
Custom Attribute Name
The following documentation-specific updates have been made in this release of the guide:
The ldapbp.jar
has been added in the following sections:
In Steps 1 and 2 of the procedure in the "Importing the Microsoft Active Directory Certificate" section, information has been added about what needs to be done for nonclustered and clustered configurations of IBM WebSphere.
In the "Step 7: Compiling Adapters" section, the instruction about restarting the node has been removed from Step 4 of the procedure to compile adapters.
In the "Testing and Troubleshooting" chapter, the "Troubleshooting" section has been added. The content for this section is the same as the procedure described in the Known Issues chapter about the limitation that is observed when you set the Use SSL
IT resource parameter to false
.
Instructions to enable logging have been moved from the "Testing and Troubleshooting" chapter to the "Deploying the Connector" chapter. In the revised "Enabling Logging" section, instructions have been added for each of the application servers that are supported by this release of the connector.
Appendix A provides information about attribute mappings between Oracle Identity Manager and Microsoft Active Directory.