Integrating Oracle Identity Manager with Sun Java System Directory Server: Performing User Management and Provisioning

Purpose

This OBE tutorial describes and shows you how to perform installation and configuration of the Sun Java System Directory Server adapter. This process involves using the Sun Java System Directory Server adapter to connect the Oracle Identity Manager Server with the Sun Java System Directory Server instance.

Time to Complete

Approximately 1hour

Topics

This OBE tutorial covers the following topics:

 Overview
 Scenario
 Deploying the Adapter Libraries
 Importing SUN iPlanet XML Definitions by Using the Deployment Manager
 Compiling the Adapters
 Provisioning the User to the Sun Java System Directory Server
 Summary
 Related Information

Viewing Screenshots

 Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: Because this action loads all screenshots simultaneously, response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.

The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in Oracle Identity Manager.

Overview

All components that are used by Oracle Identity Manager to communicate with a particular resource, for the purposes of performing provisioning with that resource, are placed into a container. This container is known as an Oracle Identity Manager Connector. Provisioning occurs as a result of the components of this connector working with one another. Each provisioning workflow is stored within a separate Oracle Identity Manager Connector. Out-of-the-box connectors are installed and configured to connect the Oracle Identity Manager Server to various other instances. You can install and configure an out-of-the-box Sun Java System Directory Server connector to connect the Oracle Identity Manager Server with a Sun Java System Directory Server instance. To connect Oracle Identity Manager to Sun Java System Directory Server, you need to set up an IT resource for the users or the groups that need to be provisioned in the Sun Java System Directory Server instance.

Back to Topic List

Scenario

Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, Linda is responsible for managing the access privileges for various user groups to various resources within the organization. In addition, to perform provisioning tasks, she needs to install and configure various connectors for integrating the Oracle Identity Manager Server to multiple other instances. One of this is a Sun Java System Directory Server instance that needs to be connected to the Oracle Identity Manager Server to perform user provisioning. This enables Linda to manage provisioning tasks across the enterprise setup of Mydo Main.

Back to Topic List

Deploying the Adapter Libraries

Before starting this tutorial, you should have completed the OBE titled "Installing Oracle Identity Manager."

By transferring Oracle Identity Manager connectors between environments, you can ensure a faster and optimal process for provisioning. It requires fewer resources to transport an Oracle Identity Manager connector between environments than it does to reconstruct the connector manually within the target environment. Such transfers also ensure error reduction in the process of using connectors. To copy the connector libraries to appropriate locations, perform the following steps:

1.

Open the command prompt window and enter the following command:

copy E:\OIM_Installs\OIM_CP_900\"Directory Servers"\"Sun Java System Directory Server"\"Sun Java System Directory Server Rev 4.1.0"\lib\xliIPlanet.jar E:\oracle\oim_server\xellerate\JavaTasks

Press the Enter key to confirm the copying of the file.

Note : Any external *.jar files for provisioning purposes need to copied to the JavaTasks folder for Oracle Identity Manager to work with other resources.

 

Back to Topic List

Importing SUN iPlanet XML Definitions by Using the Deployment Manager

The Oracle Identity Manager Connector Pack contains adapter libraries and configuration information related to specific targets. These targets are the various instances that can be connected to an Oracle Identity Manager Server. The configuration information for a connector resides in XML files that need be imported before using the connector. You use the OIM Deployment Manager functions of the Oracle Identity Manager administrative console to import the connector definitions to the Oracle Identity Manager Server. To import the XML definition files, perform the following steps:

1.

Open a browser window and enter the URL to access the Oracle Identity Manager Administrative and User Console in the following format:

http://< host name>.< domain name>:< port>/xlWebApp

Note : Ensure that the Oracle database, JBoss application server, and Sun Java System Directory Server are already running.

 

2.

Log in with the user ID xelsysadm and password abcd1234.

Note : You can use your own Oracle Identity Manager account from your environment for logging in to the Admin Console.

 

3.

The Deployment Manager is used to import the XML configuration files for the Sun Java System Directory Server connector. In the left pane, click Deployment Management and then click Import.

 

4.

Click Yes to accept the security certificate.

Note: This screen can change depending on the version of browser used.

Note : Before you perform the next step, you need to download the XML configuration files from here. Extract the contents of xml_SUN.zip to the E:\OIM_Installs\OIM_CP_900\Directory Servers\ Sun Java System Directory Server\Sun Java System Directory Server Rev 4.1.0\xml directory.

 

5.

Navigate to E:\OIM_Installs\OIM_CP_900\Directory Servers\ Sun Java System Directory Server\Sun Java System Directory Server Rev 4.1.0\xml and click the iPlanetResourceObject.xml file. Then, click Open.

 

6.

By using the Deployment Manager, you can take a previously created .xml data file, and use it to load information into Oracle Identity Manager. Import files are generated by other Oracle Identity Manager environments. They can contain either new information to be added to Oracle Identity Manager or updates to information that already exists in Oracle Identity Manager (for example, a record insert or record update). The Deployment Manager provides a sequence of steps to confirm the substitutions and the IT resource data. In the File Preview section, click Add File.

 

7.

In the Substitutions section, click Next.

 

8.

In the Confirmation section, click Next.

 

9.

To create the IT Resource for the Sun Java System Directory Server, provide the following values and click Next and then click Skip.

Parameter Value
Admin ID cn=Directory Manager
Admin Password abcd1234
Server Address ten.mydomain.com
Port 2389
SSL false
Root DN dc=contractors,dc=com
Use XL Org Structure false
Prov Attr Lookup Code AttrName.Prov.Map.iPlanet
Recon Attr Lookup Code AttrName.Recon.Map.iPlanet

 

10.

In the Confirmation section, click View Selections.

 

11.

The summary lists the data imported in the iPlanetResourceObject.xml file and the Current Selections section outlines the detail of the objects that are being imported. Next, click Import.

 

12.

In the Confirmation dialog box, click Import. This step imports the configuration file to the Oracle Identity Manager Server.

 

13.

Notice the message for a successful import. Then, click OK.

Note : Repeat step 5 through 13 to import the iPlanetResourceXLObject.xml file. A few screens (step 9 to 11) will not be displayed because one configuration file has already been imported.

 

Back to Topic List

Compiling the Adapters

A connector is used to provision a user to a Sun Java System Directory Server instance. For this, you need to recompile the adapters that get imported, along with the other components of your Oracle Identity Manager Connector. This recompilation places the code for the adapter within the application server that is associated with your Oracle Identity Manager environment. In addition, changes made to the adapters, tasks, or processes need the recompiling of the adapters used in the workflow processes. To execute this recompilation, perform the following tasks:

1.

In the Oracle Identity Manager Design Console window, navigate to Development Tools and then double-click Adapter Manager.

 

2.

You can select specific adapters to be recompiled. If you want a complete recompilation, you can click the Compile All option and then click Start. This will recompile all the adapters.

 

3.

Click X on the toolbar to close the Adapter Manager form.

 

Back to Topic List

Provisioning the User to the Sun Java System Directory Server

After recompiling the adapters, you can assign the SUN iPlanet resource to an Oracle Identity Manager user and check that the record is created in the Sun Java System Directory Server. To provision the user to Sun Java System Directory Server, perform the following steps:

1.

In the Oracle Identity Manager Administrative and User Console, click Users and then click Manage.

Note: Ensure that the user JOE.PARTTIME is already created for this activity.

 

2.

Click Search User and in the Results section, click the JOE.PARTTIME user to view the user details.

Note : You can provision any user from the Oracle Identity Manager Server. Consider the user JANE for this example.

 

3.

In the User Detail section, select Resource Profile from the additional detail drop-down menu.

 

4.

In the Resource Profile section, click Provision New Resource.

 

5.

Select the iPlanet User resource and click Continue.

 

6.

To verify the resource selection, click Continue.

 

7.

In the Provide Process Data step, click the magnifying glass icon to select the iPlanet Server. Then, select the iPlanet User option and click Select. After the SUN iPlanet Server is selected, click Continue.

Note : Ensure that the password for the user JOE.PARTTIME is set as abcd1234 . The iPlanet User option button will be selected by default.

 

8.

In the Provide Process Data section for the iPlanet User Role, click Clear and then Continue.

 

9.

In the Provide Process Data section for the iPlanet User Group, click Clear and then Continue.

 

10.

To finally verify the process data, click Continue.

 

11.

Notice that the provisioning is successfully initiated. Click Back to User Resource Profile to view the status.

 

12.

To verify the user has been successfully provisioned to the SUN iPlanet server, check the Resource Profile for the JOE.PARTTIME user from the Users section.

Notice the newly provisioned JOE.PARTTIME user in the Users section.

 

13.

To further verify the user has been successfully provisioned to the SUN iPlanet server, from the desktop, start the LDAP Browser.

 

14.

In the Connect Window, select the Contractors SUN directory server and click Connect.

 

15.

In the ou=People branch, expand the node to view the entry for the JOE.PARTTIME user.

 

Back to Topic List

 

Summary

In this lesson, you learned how to:

 Deploy the adapter libraries
 Import SUN iPlanet XML definitions by using the Deployment Manager
 Compile an adapter
 Provision a user to the Sun Java System Directory Server

 

Back to Topic List

Related Information

 To ask a question about this OBE tutorial, post a query on the OBE Discussion Forum.

Back to Topic List

 Place the cursor over this icon to hide all screenshots.

 

 

 

Left Curve
Popular Downloads
Right Curve
Untitled Document