Integrating Oracle Identity Manager with Microsoft Active Directory: Performing User Management and Provisioning

Purpose

This OBE tutorial describes and shows you how to perform installation and configuration of the Active Directory Adapter. This process involves using the Active Directory connector to connect the Oracle Identity Manager Server with the Active Directory instance.

Time to Complete

Approximately 1½ hour

Topics

This OBE tutorial covers the following topics:

 Overview
 Scenario
 Importing Active Directory XML Definitions by Using the Deployment Manager
 Deploying the Adapter Libraries
 Backing Up the Oracle Identity Manager Server Database
 Defining the IT Resource for the Active Directory Server
 Backing Up the Oracle Identity Manager Server Database
 Compiling the Adapters
 Provisioning the User to the Active Directory Server
 Summary
 Related Information

Viewing Screenshots

 Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: Because this action loads all screenshots simultaneously, response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.

The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in Oracle Identity Manager.

Overview

All components that are used by Oracle Identity Manager to communicate with a particular resource, for the purposes of performing provisioning with that resource, are placed into a container. This container is known as an Oracle Identity Manager Connector. Provisioning occurs as a result of the components of this connector working with one another. Each provisioning workflow is stored within a separate Oracle Identity Manager Connector. Out-of-the-box connectors are installed and configured to connect the Oracle Identity Manager Server to various other instances. You can install and configure an out-of-the-box Active Directory connector to connect the Oracle Identity Manager Server with an Active Directory instance. To connect Oracle Identity Manager to Active Directory, you need to set up an IT resource for the users or the groups that need to be provisioned in the Active Directory instance.

Back to Topic List

Scenario

Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, Linda is responsible for managing the access privileges for various user groups to various resources within the organization. In addition, to perform provisioning tasks, she needs to install and configure various connectors for integrating the Oracle Identity Manager Server to multiple other instances. One of this is an Active Directory instance that needs to be connected to the Oracle Identity Manager Server to perform user provisioning. This enables Linda to manage provisioning tasks across the enterprise setup of Mydo Main.

Back to Topic List

Importing Active Directory XML Definitions by Using the Deployment Manager

The Oracle Identity Manager Connector Pack contains adapter libraries and configuration information related to specific targets. These targets are the various instances that can be connected to an Oracle Identity Manager Server. The configuration information for a connector resides in XML files that need be imported before using the connector. You use the OIM Deployment Manager functions of the Oracle Identity Manager administrative console to import the connector definitions to the Oracle Identity Manager Server. To import the XML definition files, perform the following steps:

1.

Open a browser window and enter the URL to access the Oracle Identity Manager Admin Console in the following format:

http://<hostname>.<domainname>:<port>/xlWebApp

Note : Ensure that the Oracle database and the JBoss application server are already running.

 

2.

Log in with the user ID xelsysadm and password abcd1234.

Note : You can use your own Oracle Identity Manager account from your environment for logging in to the Admin Console.

 

3.

The Deployment Manager is used to import the XML configuration files for the Active Directory (AD) connector. In the left pane, click Deployment Management and then click Import.

 

4.

Click Yes to accept the security certificate.

Note: This screen can change depending on the version of browser used.

Note : Before you perform the next step, you need to download the XML configuration files from here. Extract the contents of xml_AD.zip to the E:\OIM_Installs\OIM_CP_900\Directory Servers\Microsoft Active Directory\Microsoft Active Directory Rev 4.4.0\xml directory.

 

5.

Navigate to E:\OIM_Installs\OIM_CP_900\Directory Servers\Microsoft Active Directory\Microsoft Active Directory Rev 4.4.0\xml and click the xliADOrganizationObject_DM.xml file. Then, click Open.

 

6.

By using the Deployment Manager, you can take a previously created .xml data file, and use it to load information into Oracle Identity Manager. Import files are generated by other Oracle Identity Manager environments. They can contain either new information to be added to Oracle Identity Manager or updates to information that already exists in Oracle Identity Manager (for example, a record insert or record update). The Deployment Manager provides a sequence of steps to confirm the substitutions and the IT resource data. In the File Preview section, click Add File.

 

7.

In the Substitutions section, click Next.

 

8.

In the Confirmation section, click Next.

 

9.

Click Skip. The IT Resource for the AD Server needs to be created later.

 

10.

In the Confirmation section, click View Selections.

 

11.

The summary will list the data imported in the xliADOrganizationObject_DM.xml file and the Current Selections section outlines the detail of the objects that are being imported. Next, click Import.

 

12.

In the Confirmation dialog box, click Import. This step imports the configuration file to the Oracle Identity Manager Server.

 

13.

Notice the message for a successful import. Then, click OK.

Note : Repeat step 5 through 13 to import the remaining XML files in the following order:

  1. AD Groups Object ( xliADGroupObject_DM.xml )
  2. AD User Object ( xliADUserObject_DM.xml )
  3. AD Reconciliation Task ( xliActiveDirectoryScheduleTask_DM.xml )

 

 

Back to Topic List

Deploying the Adapter Libraries

By transferring Oracle Identity Manager Connectors between environments, you can ensure a faster and optimal process for provisioning. It requires fewer resources to transport an Oracle Identity Manager Connector between environments than it does to reconstruct the connector manually within the target environment. Such transfers also ensure error reduction in the process of using connectors. After importing the objects for the AD connector in the Oracle Identity Manger Server, you need to copy the connector libraries to appropriate locations. To copy these files, perform the following steps:

1.

Open the command prompt window and enter the following command:

copy E:\OIM_Installs\OIM_CP_900\"Directory Servers"\"Microsoft Active Directory"\"Microsoft Active Directory Rev 4.4.0"\lib\xliActiveDirectory.jar E:\oracle\oim_server\xellerate\JavaTasks

Press the Enter key to confirm the copying of the file.

Note : Any external *.jar files for provisioning purposes need to copied to the JavaTasks folder for Oracle Identity Manager to work with other resources.

2.

In the same command prompt window, enter the following command:

copy E:\OIM_Installs\OIM_CP_900\"Directory Servers"\"Microsoft Active Directory"\"Microsoft Active Directory Rev 4.4.0"\lib\xliADRecon.jar E:\oracle\oim_server\xellerate\JavaTasks

Press the Enter key to confirm the copying of the file.

 

3.

To copy the external library file used by the AD connector to the Oracle Identity Manager Server, enter the following command:

copy E:\OIM_Installs\OIM_CP_900\"Directory Servers"\"Microsoft Active Directory"\"Microsoft Active Directory Rev 4.4.0"\ext\ldapsdk-4.1.jar E:\oracle\oim_server\xellerate\ext

Press the Enter key to confirm the copying of the file.

Note: Non-resource-specific *.jar files need to copied into the ext folder.

Back to Topic List

Backing Up the Oracle Identity Manager Server Database

After deploying the adapter libraries, you need to back up the Oracle Identity Manger Server database. Regular backups for the database can help you roll back to any stable state of Oracle Identity Manager in case of a failure. To run this backup, perform the following step:

1.

At the command prompt, enter the following command:

exp system/abcd1234 file=E:\OimDB_backups\Lab09_1_AD_AdapterAdded.dmp owner=oimuser

Press the Enter key to confirm the database backup.

Back to Topic List

Defining the IT Resource for the Active Directory Server

By importing an Oracle Identity Manager connector, you are transferring any IT Resource Types for that connector into the Active Directory environment. However, the IT Resource contains the administrative credentials that Oracle Identity Manager needs to provision a user to an AD instance. As a result, after backing up the Oracle Identity Manager Server database, you need to create the IT Resource for connecting to the Active Directory instance. To establish this connection, perform the following steps:

1.

Navigate to E:\oracle\oim_designConsole\xlclient and double-click the xlclient.cmd file. This launches the Oracle Identity Manager Design Console.

Note : The Oracle database and the JBoss application server should be running for this task.

 

2.

Log in with the user ID xelsysadm and password abcd1234.

 

3.

In the Oracle Identity Manager Design Console window, navigate to Resource Management and then double-click IT Resources.

 

4.

In the IT Resources Information section, enter AD Server as Name and then double-click in the Type field to view the resource types.

.

 

5.

The Lookup window lists the target instances for which an IT Resource can be set up. In this Lookup window, select AD Server and then click OK.

 

6.

Click the Save icon from the toolbar to store the new resource.

Note : You can view the default configuration parameters for the IT Resource.

 

7.

For configuring the resource parameter information, provide the following values:

Parameter Value
Admin FQDN cn=Administrator,cn=Users,dc=mydomain,dc=com
Admin Login Administrator
Admin Password abcd1234
Root Context dc=mydomain,dc=com
SSL Port Number 636
Server Address ten.mydomain.com
Use SSL true

Click the Save icon from the toolbar to save the new values.

Note : You need to use SSL for this configuration and the security certificate information needs to be up to date for this task.

 

8. Close the IT Resource form.

 

Back to Topic List

Backing Up the Oracle Identity Manager Server Database

After configuring the resource parameters, you need to back up the Oracle Identity Manger Server database. To run this backup, perform the following step:

1.

At the command prompt, enter the following command:

exp system/abcd1234 file=E:\OimDB_backups\Lab09_2_AD_AdapterAdded.dmp owner=oimuser

Press the Enter key to confirm the database backup.

Note : You can view the database export progress. This backup may take a few minutes to run. Note the completion of the database export.

Back to Topic List

Compiling the Adapters

A connector is used to provision a user to an AD instance. For this, you need to recompile the adapters that get imported, along with the other components of your Oracle Identity Manager Connector. This recompilation places the code for the adapter within the application server that is associated with your Oracle Identity Manager environment. In addition, changes made to the adapters, tasks, or processes need the recompiling of the adapters used in the workflow processes. To execute this recompilation, perform the following tasks:

1.

In the Oracle Identity Manager Design Console window, navigate to Development Tools and then double-click Adapter Manager.

 

2.

You can select specific adapters to be recompiled. If you want a complete recompilation, you can click the Compile All option and then click Start. This will recompile all the adapters.

 

3.

Click X on the toolbar to close the Adapter Manager form.

 

Back to Topic List

Provisioning the User to the Active Directory Server

After recompiling the adapters, you can assign the AD resource to an Oracle Identity Manager user and view that the record is created in Active Directory. To provision the user to Active Directory, perform the following steps:

1.

In the Oracle Identity Manager Admin Console, click Users and then click Manage.

Note: Ensure that the user JANE.FULLTIME is already created for this activity.

2.

Enter Jane as the First Name and click Search User.

Note : You can provision any user from the Oracle Identity Manager Server. Consider the user JANE for this example.

 

3.

In the Results section, click the JANE.FULLTIME user to view the user details.

 

4.

In the User Detail section, select Resource Profile from the additional detail drop-down menu.

 

5.

In the Resource Profile section, click Provision New Resource.

 

6.

Select the AD User resource and click Continue.

 

7.

To verify the resource selection, click Continue.

 

8.

In the Provide Process Data step, click the magnifying glass icon to select the AD Server. Then, select the AD Server option and click Select.

 

9.

After the AD Server is selected, click Continue.

Note : Ensure that the password for the user JANE.FULLTIME is set as abcd1234 .

 

10.

In the AD User Group Details section, click Continue.

 

11.

To finally verify the process data, click Continue.

 

12.

Notice that the provisioning is successfully initiated. Click Back to User Resource Profile to view the status.

 

13.

To verify the user has been successfully provisioned to Active Directory, from the Start menu, select Administrative Tools, and then select Active Directory Users and Computers.

 

14.

Notice the newly provisioned JANE.FULLTIME user in the Users section.

 

Back to Topic List

 

Summary

In this lesson, you learned how to:

Back to Topic List

 Import Active Directory XML definitions by using the Deployment Manager
 Deploy the adapter libraries
 Back up the Oracle Identity Manager Server database
 Define the IT Resource for the Active Directory Server
 Back up the Oracle Identity Manager Server database
 Compile the adapters
 Provision the user to the Active Directory Server

Related Information

 To ask a question about this OBE tutorial, post a query on the OBE Discussion Forum.

Back to Topic List

 Place the cursor over this icon to hide all screenshots.

 

 

 

Left Curve
Popular Downloads
Right Curve
Untitled Document