Integrating Oracle Identity Manager with Sun Java System Directory Server: Performing User Management and Provisioning
Integrating Oracle Identity Manager with Sun Java System
Directory Server: Performing User Management and Provisioning
This OBE tutorial describes and shows you how to perform
installation and configuration of the Sun Java System Directory Server adapter.
This process involves using the Sun Java System Directory Server adapter to
connect the Oracle Identity Manager Server with the Sun Java System Directory
Server instance.
Approximately 1hour
This OBE tutorial covers the following topics:
 Place
the cursor over this icon to load and view all the screenshots for this tutorial.
(Caution: Because this action loads all screenshots simultaneously, response
time may be slow depending on your Internet connection.)
Note: Alternatively, you can place the cursor
over each individual icon in the following steps to load and view only the screenshot
associated with that step.
The screenshots will not reflect the specific environment
you are using. They are provided to give you an idea of where to locate specific
functionality in Oracle Identity Manager.
All components that are used by Oracle Identity Manager to
communicate with a particular resource, for the purposes of performing provisioning
with that resource, are placed into a container. This container is known as
an Oracle Identity Manager Connector. Provisioning occurs as a result of the
components of this connector working with one another. Each provisioning workflow
is stored within a separate Oracle Identity Manager Connector. Out-of-the-box
connectors are installed and configured to connect the Oracle Identity Manager
Server to various other instances. You can install and configure an out-of-the-box
Sun Java System Directory Server connector to connect the Oracle Identity Manager
Server with a Sun Java System Directory Server instance. To connect Oracle Identity
Manager to Sun Java System Directory Server, you need to set up an IT resource
for the users or the groups that need to be provisioned in the Sun Java System
Directory Server instance.
Back to Topic List
Linda works as a network administrator for Mydo Main Corporation.
In Mydo Main, Linda is responsible for managing the access privileges for various
user groups to various resources within the organization. In addition, to perform
provisioning tasks, she needs to install and configure various connectors for
integrating the Oracle Identity Manager Server to multiple other instances.
One of this is a Sun Java System Directory Server instance that needs to be
connected to the Oracle Identity Manager Server to perform user provisioning.
This enables Linda to manage provisioning tasks across the enterprise setup
of Mydo Main.
Back to Topic List
Before starting this tutorial, you should have completed the OBE
titled "Installing
Oracle Identity Manager."
By transferring Oracle Identity Manager connectors between
environments, you can ensure a faster and optimal process for provisioning.
It requires fewer resources to transport an Oracle Identity Manager connector
between environments than it does to reconstruct the connector manually within
the target environment. Such transfers also ensure error reduction in the process
of using connectors. To copy the connector libraries to appropriate locations,
perform the following steps:
|
1.
|
Open the command prompt window and enter the following
command:
copy E:\OIM_Installs\OIM_CP_900\"Directory
Servers"\"Sun Java System Directory Server"\"Sun Java
System Directory Server Rev 4.1.0"\lib\xliIPlanet.jar E:\oracle\oim_server\xellerate\JavaTasks
Press the Enter key to confirm the copying of
the file.
Note: Any external *.jar
files for provisioning purposes need to copied to the JavaTasks
folder for Oracle Identity Manager to work with other resources.
|
Back to Topic List
The Oracle Identity Manager Connector
Pack contains adapter libraries and configuration information related to specific
targets. These targets are the various instances that can be connected to an
Oracle Identity Manager Server. The configuration information for a connector
resides in XML files that need be imported before using the connector. You use
the OIM Deployment Manager functions of the Oracle Identity Manager administrative
console to import the connector definitions to the Oracle Identity Manager Server.
To import the XML definition files, perform the following steps:
|
1.
|
Open a browser window and enter the URL to access the
Oracle Identity Manager Administrative and User Console in the following format:
http://<host name>.<domain name>:<port>/xlWebApp
Note: Ensure that the Oracle
database, JBoss application server, and Sun Java System Directory Server
are already running.
|
|
2.
|
Log in with the user ID xelsysadm and password abcd1234.
Note: You can use your own Oracle Identity Manager
account from your environment for logging in to the Admin Console.
|
| 3. |
The Deployment Manager is used to import the XML configuration files
for the Sun Java System Directory Server connector. In the left pane,
click Deployment Management and then click Import.
|
| 4. |
Click Yes to accept the security certificate.
Note: This screen can change depending on the version
of browser used.
Note: Before you perform the next step, you need
to download the XML configuration files from here.
Extract the contents of xml_SUN.zip to the E:\OIM_Installs\OIM_CP_900\Directory
Servers\Sun Java System Directory Server\Sun Java System
Directory Server Rev 4.1.0\xml directory.
|
| 5. |
Navigate to E:\OIM_Installs\OIM_CP_900\Directory
Servers\Sun Java System Directory Server\Sun Java System
Directory Server Rev 4.1.0\xml and click the iPlanetResourceObject.xml
file. Then, click Open.
|
| 6. |
By using the Deployment Manager, you can take a previously created .xml
data file, and use it to load information into Oracle Identity Manager.
Import files are generated by other Oracle Identity Manager environments.
They can contain either new information to be added to Oracle Identity
Manager or updates to information that already exists in Oracle Identity
Manager (for example, a record insert or record update). The Deployment
Manager provides a sequence of steps to confirm the substitutions and
the IT resource data. In the File Preview section, click Add File.
|
| 7. |
In the Substitutions section, click Next.
|
| 8. |
In the Confirmation section, click Next.
|
| 9. |
To create the IT Resource for the Sun Java System Directory Server, provide
the following values and click Next and then click Skip.
| Parameter |
Value |
| Admin ID |
cn=Directory
Manager |
| Admin Password |
abcd1234 |
| Server Address |
ten.mydomain.com
|
| Port |
2389 |
| SSL |
false |
| Root DN |
dc=contractors,dc=com |
| Use XL Org Structure |
false |
| Prov Attr Lookup Code |
AttrName.Prov.Map.iPlanet |
| Recon Attr Lookup Code |
AttrName.Recon.Map.iPlanet |
|
| 10. |
In the Confirmation section, click View Selections.
|
| 11. |
The summary lists the data imported in the
iPlanetResourceObject.xml file
and the Current Selections section outlines the detail of the objects
that are being imported. Next, click Import.
|
| 12. |
In the Confirmation dialog box, click Import. This step imports
the configuration file to the Oracle Identity Manager Server.
|
| 13. |
Notice the message for a successful import. Then, click OK.
Note: Repeat step 5 through 13 to import the
iPlanetResourceXLObject.xml file. A few screens (step 9 to 11)
will not be displayed because one configuration file has already been
imported.
|
Back to Topic List
A connector is used to provision a user to a Sun Java System
Directory Server instance. For this, you need to recompile the adapters that
get imported, along with the other components of your Oracle Identity Manager
Connector. This recompilation places the code for the adapter within the application
server that is associated with your Oracle Identity Manager environment. In
addition, changes made to the adapters, tasks, or processes need the recompiling
of the adapters used in the workflow processes. To execute this recompilation,
perform the following tasks:
|
1.
|
In the Oracle Identity Manager Design Console window,
navigate to Development Tools and then double-click Adapter
Manager.
|
|
2.
|
You can select specific adapters to be recompiled. If you want a complete
recompilation, you can click the Compile All option and then click
Start. This will recompile all the adapters.
|
| 3. |
Click X on the toolbar to close the Adapter Manager form.
|
Back to Topic List
After recompiling the adapters, you can assign the SUN iPlanet
resource to an Oracle Identity Manager user and check that the record is created
in the Sun Java System Directory Server. To provision the user to Sun Java System
Directory Server, perform the following steps:
|
1.
|
In the Oracle Identity Manager Administrative and User Console, click
Users and then click Manage.
Note: Ensure that the user JOE.PARTTIME
is already created for this activity.
|
| 2. |
Click Search User and in the Results section, click the JOE.PARTTIME
user to view the user details.
Note: You can provision any user from the Oracle
Identity Manager Server. Consider the user JANE for this example.
|
| 3. |
In the User Detail section, select Resource Profile from the additional
detail drop-down menu.
|
| 4. |
In the Resource Profile section, click Provision New Resource.
|
| 5. |
Select the iPlanet User resource and click Continue.
|
| 6. |
To verify the resource selection, click Continue.
|
| 7. |
In the Provide Process Data step, click the magnifying glass icon to
select the iPlanet Server. Then, select the iPlanet User option
and click Select. After the SUN iPlanet Server is selected, click
Continue.
Note: Ensure that the password for the user JOE.PARTTIME
is set as abcd1234. The iPlanet
User option button will be selected by default.
|
| 8. |
In the Provide Process Data section for the iPlanet User Role, click
Clear and then Continue.
|
| 9. |
In the Provide Process Data section for the iPlanet User Group, click
Clear and then Continue.
|
| 10. |
To finally verify the process data, click Continue.
|
| 11. |
Notice that the provisioning is successfully initiated. Click Back
to User Resource Profile to view the status.
|
| 12. |
To verify the user has been successfully provisioned to the SUN iPlanet server,
check the Resource Profile for the JOE.PARTTIME user from the Users
section.
Notice the newly provisioned JOE.PARTTIME user in the Users section.
|
| 13. |
To further verify the user has been successfully provisioned to the SUN iPlanet
server, from the desktop, start the LDAP Browser.
|
| 14. |
In the Connect Window, select the Contractors SUN directory server
and click Connect.
|
| 15. |
In the ou=People branch, expand the node to view the entry for
the JOE.PARTTIME user.
|
Back to Topic List
In this lesson, you learned how to:
 |
Deploy the adapter libraries
|
|
Import SUN iPlanet XML definitions
by using the Deployment Manager |
|
Compile an adapter |
|
Provision a user to the Sun Java
System Directory Server |
Back to Topic List
|
To ask a question about this OBE tutorial, post a query on the OBE
Discussion Forum. |
Back to Topic List
Place the cursor over this icon to hide all screenshots.
|
Bookmark
