Integrating Oracle Identity Manager with Sun Java System Directory Server: Performing User Management and Provisioning

Purpose

This OBE tutorial describes and shows you how to use Oracle Identity Manager to provision a user with a resource. For this tutorial, Robert La Vallie is the user and Sun Java System Directory Server is the resource.

Time to Complete

Approximately 2 hours

Topics

This OBE tutorial covers the following topics:

 Overview
 Scenario
 Prerequisites
 Copying Connector and External Code Files
 Configuring Oracle Identity Manager Server
 Importing a Connector
 Making the Connector Operable
 Assigning the Connector to the User
 Accessing the Resource
 Summary
 Related Information

Viewing Screenshots

 Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: Because this action loads all screenshots simultaneously, response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.

The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in Oracle Identity Manager.

Overview

Oracle Identity Manager is a component of the suite of Oracle Identity and Access Management products. It administers and selectively automates tasks to manage user access privileges across a company’s resources throughout the identity management life cycle. Specifically, Oracle Identity Manager handles tasks for creating user access privileges, modifying these privileges dynamically (based on changes to user and business requirements), and removing user access privileges. As a result, Oracle Identity Manager handles user identity information across multiple identity data stores to maintain data accuracy.

Features and benefits of Oracle Identity Manager include identity and role administration (user and group management, self-service functionalities for users, and delegated administration), provisioning (approval and request management, and configurable workflow models), policy-based entitlements, reconciliation, and attestation support (for audit, regulatory, and compliance purposes).

Back to Topic List

Scenario

Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, she performs identity and access management tasks on users within the company. To perform these tasks, she uses Oracle Identity Manager to assign connectors to them. These connectors represent resources to be provisioned to them.

Robert works for Mydo Main Corporation. Because all company employees have access rights to Sun Java System Directory Server, Linda must assign the connector, which represents this resource, to Robert. When this occurs, Linda fills out the electronic form associated with the connector. After she populates the fields of this form, Oracle Identity Manager saves the corresponding values to its database, and uses these values to provision Robert with the resource (that is, Sun Java System Directory Server).

 

Back to Topic List

Prerequisites

Before starting this tutorial, you should:

1.

Install and configure Sun Java System Directory Server 5.2.

2.

Complete the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

3.

Complete the OBE titled Preparing to Customize the Administrative and User Console.

4.

Complete the OBE titled Branding the Administrative and User Console.

5.

Complete the OBE titled Changing the Functionality of the Administrative and User Console.

6.

Complete the OBE titled Branding the Oracle Identity Manager Design Console.

7.

Complete the OBE titled Using the Generic Technology Connector (GTC) Framework: Performing Flat-File Reconciliation.

 

Back to Topic List

Copying Connector and External Code Files

Linda is ready to transfer Oracle Identity Manager connector files and external code files for Sun Java System Directory Server to folders on Oracle Identity Manager Server. By doing so, the associated connector can function with Oracle Identity Manager, and Linda can use it to provision Robert with the corresponding resource (that is, Sun Java System Directory Server).

To copy connector and external code files, perform the following steps:

1.

Shut down Oracle Identity Manager Server, the Administrative and User Console, and the Design Console.

Note: For more information about starting and stopping Oracle Identity Manager, refer to the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

 

2.

Unzip this file into a temporary directory.

 

3.

Copy the ldap.jar, ldapbp.jar, and ldapsdk-4.1.jar files, which reside in the temporary directory.

 

4.

Paste these files into the C:\OIM91_server\xellerate\ThirdParty directory.

Note: C:\OIM91_server is the base directory for Oracle Identity Manager Server. Linda created this directory in the OBE titled Installing, Configuring, and Launching Oracle Identity Manager.

 

5.

Copy the SJSDSProv.jar file, located in the C:\stage\Oracle Identity Manager Connector Pack 9.1.0\Directory Servers\Sun Java System Directory Server\lib directory.

Note: C:\stage\Oracle Identity Manager Connector Pack 9.1.0 is the base directory for all Oracle Identity Manager connector files.

 

6.

Paste this file into the C:\OIM91_server\xellerate\JavaTasks directory.

 

7.

Copy the xlScheduler.jar file, located in the temporary directory Linda created in step 2 of this procedure.

 

8.

Paste this file into the C:\OIM91_server\xellerate\ScheduleTask directory.

 

9.

Copy the SJSDSRecon.jar file, located in the C:\stage\Oracle Identity Manager Connector Pack 9.1.0\Directory Servers\Sun Java System Directory Server\lib directory.

 

10.

Paste this file into the C:\OIM91_server\xellerate\ScheduleTask directory.

 

11.

Copy all files in the C:\stage\Oracle Identity Manager Connector Pack 9.1.0\Directory Servers\Sun Java System Directory Server\resources directory.

 

12.

Paste these files into the C:\OIM91_server\xellerate\connectorResources directory.

 

13.

Create the SJSDS subdirectory within the C:\OIM91_server\xellerate directory.

 

14.

Copy the C:\stage\Oracle Identity Manager Connector Pack 9.1.0\Directory Servers\Sun Java System Directory Server\test directory.

 

15.

Paste this directory into the C:\OIM91_server\xellerate\SJSDS directory.

As a result, the test directory and all of its files and subdirectories are nested in the C:\OIM91_server\xellerate\SJSDS directory.

 

16.

Copy the C:\stage\Oracle Identity Manager Connector Pack 9.1.0\Directory Servers\Sun Java System Directory Server\xml directory.

 

17.

Paste this directory into the C:\OIM91_server\xellerate\SJSDS directory.

As a result, the xml directory and all of its files are nested in the C:\OIM91_server\xellerate\SJSDS directory.

Linda copied Oracle Identity Manager connector files and external code files for Sun Java System Directory Server to folders on Oracle Identity Manager Server. She is ready to configure Oracle Identity Manager Server so that the associated connector can function with Oracle Identity Manager, and Linda can use it to provision Robert with the corresponding resource (that is, Sun Java System Directory Server).

 

Back to Topic List

Configuring Oracle Identity Manager Server

In the previous section of this OBE, Linda transferred Oracle Identity Manager connector files and external code files for Sun Java System Directory Server to folders on Oracle Identity Manager Server. S he is ready to configure Oracle Identity Manager Server so that the associated connector can function with Oracle Identity Manager, and Linda can use it to provision Robert with the corresponding resource (that is, Sun Java System Directory Server).

Linda must perform the following actions to configure Oracle Identity Manager Server:

To configure Oracle Identity Manager Server, perform the following steps:

1.

Open a DOS window. To do so, from the Windows Start Menu, select Run

 

2.

On the Run window, enter cmd in the Open field and click OK.

 

3.

On the DOS window, navigate to the C:\OIM91_server\xellerate\bin directory.

 

4.

Enter PurgeCache.bat ConnectorResourceBundle at the DOS prompt.

 

5.

Press Enter. Oracle Identity Manager empties the content from its Server cache. After the cache is cleared, a DOS prompt appears.

Note: The java.lang.NullPointerException message appears because the cache is being purged, along with the cache’s reference point.

Linda cleared content related to connector files from the Server cache. She is ready to enable logging for Oracle Identity Manager Server.

 

6.

In Windows Explorer, navigate to the C:\OIM91_server\xellerate\config directory.

 

7.

Using Microsoft Notepad, open the log.properties file.

 

8.

Locate the log4j.logger.XELLERATE=WARN line of code.

 

9.

Add the following line of code to this file:

log4j.logger.XL_INTG.SJSDS=WARN

Note: By setting the log level for Sun Java System Directory Server (SJSDS), Oracle Identity Manager logs information about events with that level that occur during provisioning and reconciliation with this resource.

 

10.

Save and close the log.properties file.

Linda configured Oracle Identity Manager Server by clearing content related to connector files from the Server cache and setting the log level for the Server.

She is ready to import an XML file, which represents a connector for Sun Java System Directory Server, into her company's Oracle Identity Manager environment. As a result, she can assign this connector to Robert to provision him with the associated resource (that is, a Sun Java System Directory Server).

 

Back to Topic List

Importing a Connector

In the OBE titled Using the Generic Technology Connector (GTC) Framework: Performing Flat-File Reconciliation, Linda created and managed a trusted source reconciliation workflow. As a result, Oracle Identity Manager received a user record for Robert La Vallie from an authoritative source (a flat file).

Because Robert works for Mydo Main Corporation, he must have access rights to Sun Java System Directory Server. For Robert to receive this resource, Linda must import an XML file, which represents a connector for Sun Java System Directory Server, into her company's Oracle Identity Manager environment. Then, she can assign this connector to Robert to provision him with the resource.

To import a connector, perform the following steps:

1.

Restart Oracle Identity Manager Server, and the Administrative and User Console. 

 

2.

Populate the fields of the Oracle Identity Manager Administrative and User Console login page, as follows (and click Login):

Field Value
User ID xelsysadm
Password abcd1234

 

3.

Open the Import form (found in the Deployment Management folder of the Oracle Identity Manager Explorer).

Note: If a Popup Blocker message appears, enable pop-ups for the Web browser. Then, repeat steps 2-3.

 

4.

On the Warning – Security window, click Yes.

 

5.

On the “Select a file for import” window, select the folder path where the import file resides, along with the name of the XML file. For this OBE, select the iPlanetResourceObject.xml file, found in the C:\OIM91_server\xellerate\SJSDS\xml directory.

Note: The iPlanetResourceObject.xml file represents the connector for Sun Java System Directory Server Linda is importing into her company's Oracle Identity Manager environment.

 

6.

After selecting the iPlanetResourceObject.xml file, click Open.

 

7.

On the Deployment Manager window, click Add File.

 

8.

On the Deployment Manager – Import window, click Next.

 

9.

On the Confirmation window, click Next.

 

10.

On the Deployment Manager window, click Skip.

 

11.

On the Deployment Manager window, click Skip.

Note: In the section of this OBE titled Making the Connector Operable, Linda specifies values Oracle Identity Manager uses to access Sun Java System Directory Server as an administrator for provisioning purposes. Therefore, she does not have to provide parameter values for either Deployment Manager window at this time.

 

12.

On the Confirmation window, click View Selections.

 

13.

On the Deployment Manager – Import window, click Import.

 

14.

On the Confirmation window, click Import.

 

15.

On the Success window, click OK.

Important: Based on the RAM of the computer that houses Mydo Main's Oracle Identity Manager environment, this step may take up to five minutes to occur.

Note: The Success window indicates the XML file is imported successfully (that is, the iPlanetResourceObject.xml file). As a result, the corresponding connector for Sun Java System Directory Server, represented by this file, is also imported.

 

16.

Close the Deployment Manager – Import window.

Now that Linda imported a connector for Sun Java System Directory Server, she is ready to configure this connector to operate it in her company's Oracle Identity Manager environment.

 

Back to Topic List

Making the Connector Operable

In the previous section of this OBE, Linda imported a connector for Sun Java System Directory Server into her company's Oracle Identity Manager environment. Now, she must configure this connector so that it is operable within the environment.

This includes the following:

To make the connector operable, perform the following steps:

1.

Restart the Oracle Identity Manager Design Console. 

 

2.

Populate the fields of the Oracle Identity Manager Design Console login window, as follows (and click Login):

Field Value
User ID xelsysadm
Password abcd1234

The Oracle Identity Manager Design Console appears:

 

3.

Double-click the Adapter Manager form (found in the Development Tools folder of the Oracle Identity Manager Explorer).

A list of adapters appears.

Note: Linda imported these adapters in the section of this OBE titled Importing a Connector.

 

4.

Select the Compile All option. Click Start.

Oracle Identity Manager begins to recompile the adapters.

After all adapters are recompiled, an OK message appears in the Status column for each adapter. The adapters are recompiled successfully, and can be used in Mydo Main's Oracle Identity Manager environment.

Important: If any adapters have a status of Recompile (instead of OK), repeat step 4. This should ensure each imported adapter has an OK status.

 

5.

Double-click the IT Resources form (found in the Resource Management folder of the Oracle Identity Manager Explorer).

 

6.

In the Name field, enter iPlanet IT Resource.

 

7.

Double-click the Type lookup field (in the Type text field). From the Lookup window that appears, select LDAP Server. Click OK.

 

8.

Click Save. The parameters for the IT resource appear.

 

9.

Enter values for the parameters of the IT resource, as follows (double-click each Value field to enter the value):

Parameter Value
Admin Id cn=Directory Manager
Admin Password dead_line
CustomizedReconQuery [leave empty]
Last Recon TimeStamp 20070801170000Z
Port 53016
Prov Attribute Lookup Code AttrName.Prov.Map.iPlanet
Recon Attribute Lookup Code AttrName.Recon.Map.iPlanet
Root DN dc=oracle,dc=com
SSL false
Server Address localhost
Use XL Org Structure false

Note: For security purposes, the password appears as a series of asterisks. Also, for more information about parameters and values for the iPlanet IT Resource, refer to the Oracle Identity Manager Connector Guide for Sun Java System Directory Server.

 

10.

Click Save.

Linda defined an IT resource for Sun Java System Directory Server.

Important: Before Linda can proceed further, she must start this application. To do so:

  1. Within Windows Explorer, double-click the startconsole.exe file (found in the C:\Program Files\Sun\MPS directory). Linda created this directory when she installed Sun Java System Directory Server.


  2. Populate the Sun ONE Server Console Login window, as follows (and click OK):


  3. Field Value
    User ID admin
    Password dead_line
    Administration URL http://localhost:53017

    Note: For security purposes, the password appears as a series of asterisks.

    Sun ONE Server Console appears.

    Linda started Sun Java System Directory Server.

Linda configured the connector for Sun Java System Directory Server so that it is operable within her company's Oracle Identity Manager environment. She is ready to assign this connector to Robert, the user transferred into Oracle Identity Manager in the OBE titled Using the Generic Technology Connector (GTC) Framework: Performing Flat-File Reconciliation.

After Linda assigns the connector to Robert, she fills out the electronic form associated with the connector. Then, Oracle Identity Manager saves the corresponding values to its database, and uses these values to provision Robert with the resource (that is, Sun Java System Directory Server).

 

Back to Topic List

Assigning the Connector to the User

In the previous section of this OBE, Linda configured the connector for Sun Java System Directory Server so that it is operable within Mydo Main's Oracle Identity Manager environment. She is ready to assign this connector to Robert, the user transferred into Oracle Identity Manager in the OBE titled Using the Generic Technology Connector (GTC) Framework: Performing Flat-File Reconciliation.

After Linda assigns the connector to Robert, she fills out the electronic form associated with the connector. Then, Oracle Identity Manager saves the corresponding values to its database, and uses these values to provision Robert with the resource (that is, Sun Java System Directory Server).

To assign the connector to the user, perform the following steps:

1.

Open the Manage User form of the Administrative and User Console (found in the Users folder of the Oracle Identity Manager Explorer).

 

2.

Query for RLAVALLI, the user transferred into Oracle Identity Manager in the OBE titled Using the Generic Technology Connector (GTC) Framework: Performing Flat-File Reconciliation. To do so, select User ID from the combo box in this form. Enter RLAVALLI in the text box to the right of the combo box. Click Search User.

 

3.

From the result set, click the link that contains the ID for RLAVALLI.

 

4.

On the User Detail form, select Resource Profile from the combo box.

 

5.

On the Resource Profile form, click Provision New Resource.

Note: The “Resources Not Found” message appears because no Oracle Identity Manager connectors are currently assigned to this user.

 

6.

On the Select a Resource panel, select the iPlanet User connector. Click Continue.

Note: The iPlanet User connector represents the Sun Java System Directory Server resource.

Linda is ready to populate the fields of the custom process form, contained within this connector, and save this information to the database. By doing so, Oracle Identity Manager provisions the target user with access rights to the corresponding resource (for this OBE, Sun Java System Directory Server).

 

7.

On the Verify Resource Selection panel, click Continue.

 

8.

Populate the custom process form, as follows (and click Continue):

Field Value
Password rlavalli
Server iPlanet IT Resource

Note: For security purposes, the password appears as a series of asterisks.

 

9.

On the iPlanet User Role panel, click Continue.

 

10.

On the iPlanet User Group panel, click Continue.

 

11.

On the Verify Process Data panel, click Continue.

 

12.

Click the Back to User Resource Profile link.

The Resource Profile form appears:

The status of the iPlanet User connector, Provisioned, appears in the Status column of the Resource Profile form. Oracle Identity Manager granted access rights to Sun Java System Directory Server for Robert.

Linda is ready to verify the login credentials for this user, which she specified in the custom process form, can be used to access the resource.

 

Back to Topic List

Accessing the Resource

In this OBE, Linda used Oracle Identity Manager to provision a resource (for this OBE, a Sun Java System Directory Server) to a user, whose login credentials are specified in the custom process form.

Now, she must ensure this user is provisioned with the resource. For this OBE, this is accomplished by using Sun ONE Server Console.

To access the resource, perform the following steps.

1.

From Sun ONE Server Console, expand the localhost.oracle.com node. Expand the Server Group node and select the Directory Server item.

 

2.

Click Open. Click the Directory tab.

 

3.

Expand the dc=oracle,dc=com node and select the People organization.

RLAVALLI appears in the associated pane. This user is provisioned with Sun Java System Directory Server.

 

Back to Topic List

Summary

In this lesson, you learned how to:

 Copy connector and external code files
 Configure Oracle Identity Manager Server
 Import a connector
 Make the connector operable
 Assign the connector to the user
 Access the resource

Back to Topic List

Related Information

 To ask a question about this OBE tutorial, post a query on the OBE Discussion Forum.

Back to Topic List

 Place the cursor over this icon to hide all screenshots.

 

Left Curve
Popular Downloads
Right Curve
Untitled Document