Integrating Oracle Identity Manager with Sun Java System Directory Server: Performing Reconciliation
Integrating Oracle Identity Manager with Sun Java System
Directory Server: Performing Reconciliation
This OBE tutorial describes and shows you how to use Oracle Identity Manager to
reconcile with an external resource automatically. New accounts, as well as changes
to existing accounts, can be retrieved and transferred into Oracle Identity Manager.
For this tutorial, Jim and Jane function as the users, and Sun Java System Directory
Server acts as the resource. Approximately
2 hours
This
OBE tutorial covers the following topics:  Place
the cursor over this icon to load and view all the screenshots for this tutorial.
(Caution: Because this action loads all screenshots simultaneously, response time
may be slow depending on your Internet connection.)
Note:
Alternatively, you can place the cursor over each individual icon in the following
steps to load and view only the screenshot associated with that step. The
screenshots will not reflect the specific environment you are using. They are
provided to give you an idea of where to locate specific functionality in Oracle
Identity Manager.
Oracle
Identity Manager is a highly flexible and scalable enterprise identity management
system that controls user accounts and access privileges within enterprise IT
resources centrally. It provides the functionalities of provisioning, identity
and role administration, approval and request management, policy-based entitlement
management, technology integration, and audit and compliance automation. Features
and benefits of Oracle Identity Manager include identity and role administration
(user and group management, self-service functionalities for users, and delegated
administration), provisioning (approval and request management, and configurable
workflow models), policy-based entitlements, reconciliation, and attestation support
(for audit and compliance purposes). Back
to Topic List
Linda
is employed as a network administrator for Mydo Main Corporation. In Mydo Main,
she is responsible for performing identity and access management tasks on various
users within the organization. Linda needs to create and
maintain users in Oracle Identity Manager so that these users can be provisioned
with resources and entitlements in various target systems. She reconciles Oracle
Identity Manager with Sun Java System Directory Server, Mydo Main's authoritative
source for users. This process, known as trusted source reconciliation, involves
identifying new users in Sun Java System Directory Server, and creating corresponding
records in Oracle Identity Manager. This process also modifies and synchronizes
Oracle Identity Manager users, whose account information in Sun Java System Directory
Server is changed. Jane is employed in the Product Management
department of Mydo Main Corporation. She is a full-time employee, based in Atlanta,
and needs to be provisioned with the Sun Java System Directory Server resource.
In addition, she manages Jim, who is a contractor for Mydo Main. Back
to Topic List
Before starting this tutorial, you should: Back to Topic
List
The purpose
of this OBE is for Oracle Identity Manager to retrieve user records from a trusted
source. For this OBE, Sun Java System Directory Server functions as the trusted
source. To have Oracle Identity Manager perform
trusted source reconciliation with Sun Java System Directory Server, Linda must
import two *.xml files into the Oracle Identity Manager
environment of Mydo Main. These files are: - iPlanetResourceObject.xml:
This file contains the Oracle Identity Manager connector definitions for Sun Java
System Directory Server.
- iPlanetResourceXLObject.xml:
This file contains the definition for Sun Java System
Directory Server when using it as an authoritative source.
These
two files represent an Oracle Identity Manager Connector for this type of directory
server. So, by importing these *.xml files, Linda
is importing the connector for Sun Java System Directory Server into Oracle Identity
Manager. To import this connector, perform the following
steps:
1. | Launch
your Oracle Identity Manager Server, Administrative Console, and Design Console. Note:
For more information about loading, setting up, or starting Oracle Identity Manager,
refer to the OBE titled "Installing
Oracle Identity Manager." |
2. | Log
in to your Administrative Console with the "superuser" account for Oracle
Identity Manager (that is, enter xelsysadm in the
User ID field and abcd1234 in the
Password field). Note:
The first time you log in to Oracle Identity Manager with a particular account,
you must select and answer "challenge" questions. These questions are
used to verify your identity if you need to reset your password. However, for
all subsequent logins with that account, these questions do not appear. Instead,
you are taken directly to the Home page of your Oracle Identity Manager Administrative
Console. For more information about selecting and answering
"challenge" questions, refer to the OBE titled "Installing
Oracle Identity Manager." |
3. | Open
the Import form in the Deployment Management
folder. Note:
If the Warning – Security window appears, click the Yes
or Grant This Session button, depending on which version of the
Web browser is installed on your machine. |
4. |
The “Please choose a file for import” window appears. In this window,
select the folder path where the export file resides, along with the name of the
*.xml file. For this OBE, you are selecting
the iPlanetResourceObject.xml file, which can be
found in the E:\OIM_Installs\OIM_CP_900\Directory Servers\Sun
Java System Directory Server\Sun Java System Directory Server Rev 4.1.0\xml
directory (after unzipping the Sun Java System Directory
Server Rev 4.1.0.zip file).
|
| 5. |
Select the iPlanetResourceObject.xml
file. Click Open. |
| 6. | The
Deployment Manager window appears. In this window, click Add File.
|
| 7. | The
Deployment Manager – Import window appears. Click Next. |
| 8. | A
Confirmation window appears. Click Next. |
| 9. | You
do not need to provide the parameter values at this time. Click Skip. | | 10. | A
Confirmation window appears. Click View Selections. |
| 11. | The
Deployment Manager – Import window appears. Click Import. |
| 12. | A
Confirmation window appears. Click Import. |
| 13. | A
Success window appears, indicating that the iPlanetResourceObject.xml
file is imported successfully. Click OK. |
| 14. | The
Deployment Manager – Import window appears again. You are now ready to import
the second *.xml file (that is, the iPlanetResourceXLObject.xml
file). To import this file, click Add File. |
15. |
The “Please choose a file for import” window appears. In this window,
select the folder path where the export file resides, along with the name of the
*.xml file. For this OBE, you are selecting
the iPlanetResourceXLObject.xml file, which can be
found in the E:\OIM_Installs\OIM_CP_900\Directory Servers\Sun
Java System Directory Server\Sun Java System Directory Server Rev 4.1.0\xml
directory. | | 16. |
Select the iPlanetResourceXLObject.xml file. Click
Open. |
| 17. | The
Deployment Manager window appears. In this window, click Add File.
|
| 18. | The
Deployment Manager – Import window appears. Click Next. |
| 19. | A
Confirmation window appears. Click Next. |
| 20. | The
Deployment Manager – Import window appears. Click Import. |
| 21. | A
Confirmation window appears. Click Import. |
| 22. | A
Success window appears, indicating that the iPlanetResourceXLObject.xml
file is imported successfully. Click OK. As
a result of importing both *.xml files, the connector
for Sun Java System Directory Server is also imported into Oracle Identity Manager.
Now that Linda imported this connector, she must configure
it so that it is operable within Mydo Main's Oracle Identity Manager environment. |
Back to Topic
List
In the previous section
of this OBE, Linda imported an Oracle Identity Manager Connector for Sun Java
System Directory Server into her corporation's Oracle Identity Manager environment.
Now, she must configure this connector so that it is operable within the environment. This
includes the following: - Copying any JAR files that
are used for provisioning purposes. For this OBE, Linda is copying the xliIPLanet.jar
file into the E:\oracle\oim_server\xellerate\JavaTasks
directory.
- Recompiling the adapters that she imported
(along with the other components of the Oracle Identity Manager Connector). She
must recompile these adapters. Otherwise, their code cannot reside within
the application server that is associated with Mydo Main's Oracle Identity Manager
environment. As a result, they cannot be operable.
- Creating
a definition that contains the administrative credentials, which Oracle Identity
Manager needs to reconcile with a specific resource. For this OBE, the
resource is a Sun Java System Directory Server, which has the following administrative
credentials:
| Parameter |
Value | | Admin id | cn=Directory
Manager | | Admin Password | abcd1234 |
| Server Address | ten.mydomain.com |
| Port | 2389 |
| SSL | false |
| Root DN | dc=contractors,dc=com |
| Use XL Org Structure | false |
| Prov Attribute Lookup Code | AttrName.Prov.Map.iPlanet |
| Recon Attribute Lookup Code | AttrName.Recon.Map.iPlanet |
| Last Recon TimeStamp | 0 |
To make the connector operable, perform
the following steps:
1. | Copy
the xliIPlanet.jar file (which resides
within the E:\OIM_Installs\OIM_CP_900\Directory Servers\Sun
Java System Directory Server\Sun Java System Directory Server Rev 4.1.0\lib
directory) to the E:\oracle\oim_server\xellerate\JavaTasks
directory. |
2. | Log
in to your Design Console with the "superuser" account for Oracle Identity
Manager (that is, enter xelsysadm in the User
ID field and abcd1234 in
the Password field).
|
| 3. |
Expand the Development Tools folder, and double-click the Adapter
Manager node. |
| 4. | The
list of adapters that Linda imported earlier appears. Select the Compile
All option. Click Start. Oracle
Identity Manager begins to recompile the adapters. After
all adapters are recompiled, an OK message is displayed in the Status
column for each adapter. This signifies that the adapters are recompiled successfully,
and can be used within Mydo Main's Oracle Identity Manager environment. |
| 5. | Expand
the Resource Management folder, and double-click the IT
Resources node. |
| 6. | In
the Name field, enter iPlanet User. | | 7. |
Double-click the Type lookup field (in the Type
text field). From the Lookup window that appears, select LDAP Server.
Click OK. |
| 8. | Click
Save. |
| 9. | The
parameters for the IT resource type appear. Enter the values for the parameters,
as follows (double-click each Value field to enter the value):
| Parameter | Value |
| Admin id | cn=Directory
Manager | | Admin Password | abcd1234 |
| Server Address | ten.mydomain.com |
| Port | 2389 |
| SSL | false |
| Root DN | dc=contractors,dc=com |
| Use XL Org Structure | false |
| Prov Attribute Lookup Code | AttrName.Prov.Map.iPlanet |
| Recon Attribute Lookup Code | AttrName.Recon.Map.iPlanet |
| Last Recon TimeStamp | 0 |
| | 10. | Click
Save.
Linda
configured the Oracle Identity Manager Connector so that it is operable with Mydo
Main Corporation's environment. One component of this connector is the iPlanet
User process form. This form contains information about the user records
Oracle Identity Manager retrieves from Sun Java System Directory Server. This
information includes each user's department, geographic location, organization,
role, group membership(s), and job titles. However, the
definitions that reference this information (that is, the lookup definitions)
may not accurately reflect the user-related values, which are transferred into
Oracle Identity Manager via reconciliation. As an example, the predefined values
for the Department lookup definition are Marketing and Finance. Some users, who
are brought into Oracle Identity Manager, belong to the Development, Product Management,
or Human Resources department. Therefore, Linda must modify the Department lookup
definition so that it reflects these values. In the next
section of this OBE, Linda learns how to modify the lookup definitions, which
are contained within the Oracle Identity Manager Connector that she imported and
configured. | Back
to Topic List
In the previous section
of this OBE, Linda configured a connector so that it is operable with Mydo Main
Corporation's Oracle Identity Manager environment. One component of this connector
is the iPlanet User custom process form. This form contains information
about the user records Oracle Identity Manager retrieves from a trusted source,
including each user's department, geographic location, organization, role, group
membership(s), and job titles. However, the lookup definitions
that reference this information may not accurately reflect the user-related values,
which are transferred into Oracle Identity Manager via reconciliation. As an example,
the predefined values for the Department lookup definition are Marketing and Finance.
Some users, who are brought into Oracle Identity Manager, belong to the Development,
Product Management, or Human Resources department. Therefore, Linda must modify
the Department lookup definition so that it contains these values. To
modify the lookup definitions, which are contained within the connector that is
imported and configured, perform the following steps:
1. | Expand
the Xellerate Administration folder of the Design Console, and
double-click the Lookup Definition node. |
2. | Enter
Lookup.IPNT.Department in the Code
field and click Query. The
lookup definition for which Linda queried appears. This
lookup definition represents the departments to which users can belong. |
3. | Use
the Add button to include the following entries for this lookup
definition (double-click each field to enter a value):
| Code Key | Decode | Language | Country |
| Development | Development | en | us |
| Product Management | Product
Management | en | us |
| Human Resources | Human
Resources | en | us |
| 4. | Click
Save. Linda
edited this lookup definition. She is now ready to modify the lookup definition
that represents the geographic locations where users can reside. |
5. | Click
New. Oracle
Identity Manager clears the contents of the existing lookup definition from the
form. |
6. | Enter
Lookup.IPNT.Location in the Code
field and click Query. The
lookup definition for which Linda queried appears. This
lookup definition represents the geographic locations where users can reside.
| 7. | Use
the Add button to include the following entries for this lookup
definition: | Code Key | Decode | Language | Country |
| Redwood Shores | Redwood
Shores | en | us |
| Atlanta | Atlanta | en | us |
| New York | New
York | en | us |
| Los Angeles | Los
Angeles | en | us |
| 8. | Click
Save. Linda
edited this lookup definition. She is now ready to modify the lookup definition
that represents the organizations to which users can belong. |
9. | Click
New. Oracle
Identity Manager clears the contents of the existing lookup definition from the
form. | 10. | Enter
Lookup.IPNT.Organization in the
Code field and click Query. The
lookup definition for which Linda queried appears. This
lookup definition represents the organizations to which users can belong.
| 11. | Use
the Delete button to remove the following entries from this lookup
definition (highlight each entry and click Delete):
| Code Key | Decode | Language | Country |
| ou=People2 | ou=People2 | en | us |
| ou=People3 | ou=People3 | en | us |
| 12. | Click
Save. Linda
edited this lookup definition. She is now ready to modify the lookup definition
that represents the roles that users can have. |
13. | Click
New. Oracle
Identity Manager clears the contents of the existing lookup definition from the
form. | 14. | Enter
Lookup.IPNT.Role in the Code
field and click Query. The
lookup definition for which Linda queried appears. This
lookup definition represents the roles that users can have. |
15. | Use
the Delete button to remove the following entries from this lookup
definition: | Code Key | Decode | Language | Country |
| cn=cn=nsDisabledRole\,dc=corp\,dc=mphasis\,
dc=com,cn=nsAccountInactivationTmp | cn=nsDisabledRole,dc=corp,
dc=mphasis,dc=com | en | US |
| cn=nsAccountInactivation_cos | nsAccountInactivation_cos | en | US |
| cn=nsDisabledRole | nsDisabledRole | en | US |
| cn=nsManagedDisabledRole | nsManagedDisabledRole | en | US |
| 16. | Enter
Users in the Group
field. | 17. | Click
Save. Linda
edited this lookup definition. She is now ready to modify the lookup definition
that represents the groups of which users can be members. |
18. | Click
New. Oracle
Identity Manager clears the contents of the existing lookup definition from the
form. | 19. | Enter
Lookup.IPNT.UserGroup in the Code
field and click Query. The
lookup definition for which Linda queried appears. This
lookup definition represents the groups of which users can be members. |
20. | Use
the Delete button to remove the following entries from this lookup
definition: | Code Key | Decode | Language | Country |
| cn=GROUP1,ou=Groups | GROUP1 | en | US |
| cn=GROUP2,ou=Groups | GROUP2 | en | US |
| cn=GROUP3,ou=Groups | GROUP3 | en | US |
| 21. | Enter
Users in the Group
field. | 22. | Click
Save. Linda
edited this lookup definition. She is now ready to modify the lookup definition
that represents the job titles that users can have. |
23. | Click
New. Oracle
Identity Manager clears the contents of the existing lookup definition from the
form. | 24. | Enter
Lookup.IPNT.UserTitle in the Code
field and click Query. The
lookup definition for which Linda queried appears. This
lookup definition represents the job titles that users can have. |
25. | Use
the Add button to include the following entries for this lookup
definition: | Code Key | Decode | Language | Country |
| Mr. | Mr. | en | us |
| Dr. | Dr. | en | us |
| Miss | Ms. | en | us |
| Mrs. | Mrs. | en | us |
| Honorable | Hon. | en | us |
| 26. | Use
the Delete button to remove the following entries from this lookup
definition: | Code Key | Decode | Language | Country |
| Mr | Mr | en | us |
| Doc | Doc | en | us |
| Mrs | Mrs | en | us |
| 27. | Click
Save. Linda
edited this lookup definition. All of the lookup definitions, which are contained
within the connector she imported and configured, now reflect the values of the
user records that are transferred into Oracle Identity Manager via reconciliation.
Trusted source reconciliation results in a user being
created within Oracle Identity Manager. The user information can now be maintained
and administered using the Oracle Identity Manager user profile form (that is,
the Create User form). As time progresses, this form may need
to be extended to take into account additional information being sent from the
authoritative source. Linda now faces such a scenario and needs to modify the
Create User form. In the next section
of this OBE, Linda learns how to modify the Create User form. |
Back
to Topic List Create UserIn
the previous section of this OBE, Linda modified the lookup definitions that are
contained within the connector she imported and configured. As a result, they
reflect the values of the user records that are transferred into Oracle Identity
Manager via reconciliation. After a user record is transferred
into Oracle Identity Manager, a copy is stored within the Create User
form. However, although information may be required for that user to be created,
the information may not be available in the form. As an example, a user's role
may be that of a contractor, but this role is not available within the form. Or,
a field may need to exist in the form, signifying that this user
has special privileges with the company's resources. Therefore, Linda needs to
modify the Create User form so that it reflects these fields
and values. To modify the Create User
form, perform the following steps:
1. | Expand
the Xellerate Administration folder of the Design Console, and
double-click the Lookup Definition node. |
2. | Enter
Lookup.Users.Role in the Code
field and click Query. The
lookup definition for which Linda queried appears. This
lookup definition represents the default roles that users can have within Oracle
Identity Manager. Note: This lookup definition
differs from the Lookup.IPNT.Role
definition you modified in the section of this OBE titled "Modifying
the Lookup Definitions." The Lookup.IPNT.Role
lookup definition is associated with the roles a user can have with the Sun Java
System Directory Server resource only. The Lookup.Users.Role
lookup definition corresponds to a user's roles with all resources. |
3. | Use
the Add button to include the following entry for this lookup
definition: | Code Key | Decode | Language | Country |
| Contractor | Contractor | en | US |
| 4. | Enter
Users in the Group
field. | 5. | Click
Save. Linda
edited this lookup definition. As a result, the role of Contractor is now available
within the Create User form. Linda
is now ready to create a check box for this form. This check box, titled "Special,"
is reserved for users who have distinctive privileges with the company's resources. |
6. | Expand
the Xellerate Administration folder of the Design Console, and
double-click the User Defined Field Definition node. |
7. | Enter
Users in the Form Name
field and click Query. The
tabs of this form are active, signifying that Linda can create fields for the
Create User form. One such field is a check box. This check box,
titled "Special," is reserved for users who have distinctive
privileges with the company's resources. |
8. | To
create this check box, click the Add button that appears within
the User Defined Columns tab. |
| 9. | The
User Defined Fields window appears. Populate the fields of this window, as follows:
| Field |
Value | | Label | Special |
| DataType | boolean |
| Field Type | Check
Box | | Column Name | SPECIAL
(it appears as USR_UDF_SPECIAL) | | Default
Value | 0 (0
indicates that the check box is deselected; 1 signifies
that the check box is populated.) | | Sequence | 1 |
| | 10. | Click
Save. Then, click Close.
Note:
If a Closing Form window appears, click Yes. Information
about the check box Linda created now appears within the User Defined
Columns tab of the User Defined Field Definition form.
Linda
modified the Create User form. She configured this form so that
it contains the role of Contractor. She also created a check box for this form.
This check box, titled "Special," is reserved for users
who have distinctive privileges with the company's resources. In
the section of this OBE titled "Modifying the Lookup Definitions,”
Linda edited the lookup definitions that reference the iPlanet User
process form. This form contains information about the user records Oracle Identity
Manager retrieves from the Sun Java System Directory Server trusted source. This
process form also has default values, or values that Oracle Identity
Manager uses to populate various fields of the form. However, because Linda modified
the lookup definitions, the default values of the process form are no longer synchronized
with the values contained within the lookup definitions. Therefore, she must modify
the default values, so that they reflect the values of the lookup definitions.
In the next section of this OBE, Linda learns how to modify
the default values of the iPlanet User custom process form. |
Back
to Topic List
Linda is now ready
to modify the iPlanet User process form. This form contains information
about the user records that Oracle Identity Manager retrieves from the Sun Java
System Directory Server trusted source. This process form
also has default values, or values that Oracle Identity Manager
uses to populate various fields of the process form. However, in the section of
this OBE titled "Modifying the Lookup Definitions,” Linda
edited the lookup definitions that reference this form. As a result, the default
values of the process form are no longer synchronized with the values contained
within the lookup definitions. Therefore, Linda must modify the default values,
so that they reflect the values of the lookup definitions. To
modify the iPlanet User process form, perform the following steps:
1. | Expand
the Development Tools folder of the Design Console, and double-click
the Form Designer node. |
2. | Enter
IPNT_USR in the Table Name
field (it appears as UD_IPNT_USR).
Click Query. The
form for which Linda queried appears. Note:
The UD_IPNT_USR value represents
how the process form is recognized within the database. |
3. | The
default values for the process form appear. Double-click the Default Value
field for each of the following values (so that you can delete them):
| Field | Default Value |
| Title | Mr |
| Department | Department1 |
| Location | Bangalore |
| 4. | Add
the following default values to this form (double-click each Default Value
field to enter the value): | Field | Default
Value | | Password | abcd1234 |
| Location | Redwood
Shores | | 5. | Click
Save. Linda
modified the default values of the iPlanet User process form.
As a result, they reflect the values of the lookup definitions that reference
this form. However, this process form has two child forms.
They are: -
iPlanet User Role:
This child form contains information about the roles users can have. These users
are transferred from Sun Java System Directory Server to Oracle Identity Manager
via trusted source reconciliation. -
iPlanet
User Group: This child form contains information about the groups to
which these users can belong. The default values
within these child forms must also be synchronized with the values of the lookup
definitions that reference them. Therefore, Linda needs to modify these default
values, accordingly. First, she must modify the default value of the iPlanet
User Role child form. |
6. | Click
New. Oracle
Identity Manager clears the contents of the existing process form. |
7. | Enter
IPNT_ROL in the Table Name
field (it appears as UD_IPNT_ROL).
Click Query. The
child form for which Linda queried appears. |
8. | Remove
the following default value from the child form:
| Field | Default Value |
| Role | cn=User
Role | | 9. | Add
the following default value to this form:
| Field | Default Value |
| Role | ROLE1 |
| 10. | Click
Save. Linda
modified the default value of the iPlanet User Role child process
form. As a result, it now reflects the value of the lookup definition that references
this form. Linda is now ready to modify the default value
of the iPlanet User Group child form (the second child form). |
11. | Click
New. Oracle
Identity Manager clears the contents of the existing child form. |
12. | Enter
IPNT_GRP in the Table Name
field (it appears as UD_IPNT_GRP).
Click Query. The
child form for which Linda queried appears. |
13. | Remove
the following default value from the child form:
| Field | Default Value |
| Group Name | cn=QA
Managers,ou=groups | |
14. | Click
Save. Linda
modified the default values of the iPlanet User process form,
as well as the default values associated with the iPlanet User Role
and iPlanet User Group child forms. These values now reflect
the values of the lookup definitions that reference this form. Linda
is now ready to create two users within Oracle Identity Manager: Jim and Jane.
Jane, who is based in Atlanta, is a full-time employee, and needs to be provisioned
with the Sun Java System Directory Server resource. In addition, she is employed
in the Product Management department of Mydo Main Corporation. She manages Jim,
who is a contractor for Mydo Main. In the next section
of this OBE, Linda creates users within Oracle Identity Manager and provisions
them with resources. | Back
to Topic List
Linda is now
ready to create records for two users within Oracle Identity Manager: Jim and
Jane. Jane is employed in the Product Management department of Mydo Main Corporation.
She is a full-time employee, based in Atlanta, and manages Jim, a contractor for
Mydo Main. Jane needs to be provisioned with the Sun Java
System Directory Server resource. However, before Linda can provision Jane with
this resource, she needs to start it. Otherwise, Oracle Identity Manager cannot
connect to the resource, and Jane cannot be provisioned with it. To
create and provision resources for users, perform the following steps:
1. | Double-click
the Start Sun icon on the Desktop. The
Start Sun window appears.
This signifies that Linda started the Sun Java System
Directory Server resource. She is now ready to create a record for Jane, a full-time
employee for Mydo Main Corporation. Jane is the user who is to be provisioned
with this resource. | 2. | From
the Oracle Identity Manager Administrative Console, open the Create User
form in the Users folder. |
3. | Complete
the Create User form, as follows:
| Field Name | Field Value |
| User ID |
JANE.FULLTIME | | First Name |
Jane | | Last Name | Fulltime
| | Organization | Xellerate
Users | | User Type | End-User
Administrator | | Employee Type | Full-Time
Employee | | Email Address | jane.fulltime@mydomain.com
| | Password | jane
| | Confirm Password | jane
| Note: There
is a Special check box on the Create User form.
This reflects the check box Linda created in the Modifying the Create
User Form section of this OBE. |
| 4. | Click
Create User.
The
User Detail form appears.
This
signifies that the record for Jane is created. Linda is now ready to create a
record for Jim. Jim is a contractor for Mydo Main Corporation. In addition, Jane
is his manager. | 5. | Open
the Create User form in the Users folder. Linda
is now ready to create a record for Jim, a contractor for Mydo Main Corporation.
| 6. | Complete
the Create User form, as follows:
| Field Name | Field Value |
| User ID |
JIM.AUTOPROV | | First Name |
Jim | | Last Name | Autoprov
| | Organization | Xellerate
Users | | User Type | End-User
| | Employee Type | Contractor
| | Manager ID | JANE.FULLTIME |
| Email Address | jim.autoprov@mydomain.com
| | Password | jim
| | Confirm Password | jim
| Note: There
is now a Contractor role within the Employee Type
combo box of the Create User form. This reflects the Lookup.Users.Role
lookup definition that Linda modified in the Modifying the Create
User Form section of this OBE. |
| 7. | Click
Create User. The
User Detail form appears. This
signifies that the record for Jim is created. Linda is now ready to provision
the Sun Java System Directory Server resource to Jane. |
| 8. | Open
the Manage User form in the Users folder. The
Manage User form appears. |
| 9. | Select
User ID from the combo box that is displayed within this form. Then, within the
text box that appears to the right of the combo box, enter the ID of the designated
user (that is, enter JANE.FULLTIME
into the text box). Lastly, click Search User. |
| 10. | From
the result set that is displayed, click the link that contains the ID of this
designated user. The
User Detail form appears. |
| 11. | Select
Resource Profile from the combo box that is displayed within the User
Detail form. |
| 12. | From
the Resource Profile form that appears, click Provision
New Resource. |
| 13. | The
Select a Resource panel appears. From this panel, assign the
iPlanet User connector to this user. Then, click Continue. Note:
The iPlanet User connector represents the Sun Java System Directory
Server resource, which Linda is provisioning for this user. |
| 14. | The
Verify Resource Selection panel appears. Click Continue. |
| 15. | The
Provide Process Data panel appears. Populate this panel, as
follows: | Field Name
| Field Value | | Title |
Mrs. | | Department |
Product Management | | Location | Atlanta
| Note: The
values that appear within the fields of this panel reflect the changes Linda made
to the lookup definitions in the "Modifying the Lookup Definitions”
section of this OBE. | | 16. |
Click Continue. The
iPlanet User Role child form appears. Note:
The Role field of this child form is populated with the value
of ROLE1. This reflects the modification Linda made in the "Modifying
the iPlanet User Process Form" section of this OBE. |
| 17. |
Click Continue. The iPlanet User Group child
form appears. Note:
The Group Name field of this child form is no longer populated
(that is, the cn=QA Managers,ou=groups value does not appear
within this field). This reflects the modification Linda made in the "Modifying
the iPlanet User Process Form" section of this OBE. |
| 18. |
Click Continue. The Verify Process Data panel
appears. |
| 19. |
Click Continue. A "Provisioning successfully initiated."
message appears. This signifies that the Sun Java System Directory Server resource,
which is represented by the iPlanet User connector, is provisioned
for this user. Linda
created records for two users within Oracle Identity Manager: Jim and Jane (who
are employed with Mydo Main Corporation). She also provisioned Jane with the Sun
Java System Directory Server resource. Linda is ready to configure Oracle
Identity Manager so that it reconciles with this resource. Any new user accounts,
as well as changes to existing accounts, can be retrieved and transferred into
Oracle Identity Manager. This results in these accounts being synchronized between
Sun Java System Directory Server and Oracle Identity Manager. In the next
section of this OBE, Linda learns how to reconcile with Sun Java System Directory
Server. | Back
to Topic List
Linda is
ready to configure Oracle Identity Manager so that it can reconcile with Sun Java
System Directory Server. Any new user accounts, as well as changes to existing
accounts, can be retrieved and transferred into Oracle Identity Manager. Because
of this, these accounts can be synchronized between Sun Java System Directory
Server and Oracle Identity Manager. To reconcile with Sun
Java System Directory Server, perform the following steps:
1. | Expand
the Xellerate Administration folder of the Design Console, and
double-click the Task Scheduler node. |
2. | Enter
iPlanet User Recon Task in the Scheduled
Task field. Click Query. The
record for which Linda queried appears. |
| 3. | Deselect
the Disabled check box. | | 4. | Within
the Interval panel, select the Recurring Intervals
option. Then, enter 1 in the text
box that appears below this option. Finally, make sure that the Minute(s)
selection appears in the combo box that is adjacent to this text box.
|
| 5. | Within
the Task Attributes tab of the Task Scheduler form,
the parameters for the scheduled task appear. Enter the values for these parameters,
as follows (double-click each Attribute Value field to enter
the value): | Attribute
Name | Attribute Value | | UserContainer | ou=people,dc=contractors,dc=com |
| Password | abcd1234 |
| Role | Contractor |
| | 6. | Click
Save. Oracle
Identity Manager retrieves any changes to existing accounts from Sun Java System
Directory Server automatically. The Reconciliation Manager
form is a "storage facility" that holds any user accounts, which are
brought into Oracle Identity Manager via reconciliation. Therefore, to verify
that modifications to existing user accounts are transferred from Sun Java System
Directory Server to Oracle Identity Manager successfully, open this form. |
| 7. | Expand
the User Management folder of the Design Console, and double-click
the Reconciliation Manager node. |
| 8. | Click
Query. A
table appears, displaying the user accounts that are transferred into Oracle Identity
Manager via reconciliation. |
| 9. | Double-click
the row header that displays JANE.FULLTIME. This is the ID of
the user to whom Linda provisioned the Sun Java System Directory Server resource.
Information about this user appears. Notice that Event Linked appears within the Status
field. This signifies that information about this account is linked from Sun Java
System Directory Server to Oracle Identity Manager. Linda is now ready
for Oracle Identity Manager to retrieve all "new" records from Sun Java
System Directory Server for users who have a role of Contractor. For this to occur,
Sun Java System Directory Server needs to function as an authoritative (or trusted)
source. Because of this, the value of the TrustedSource attribute
for the iPlanet User Recon Task scheduled task must change from
False to True.
Therefore, Linda needs to return to the scheduled task. |
| 10. | Within
the Task Attributes tab of the Task Scheduler form,
modify the value for the following parameter:
| Attribute Name | Attribute Value
| | TrustedSource | true |
| | 11. | Click
Save. Oracle
Identity Manager retrieves any new user accounts from Sun Java System Directory
Server automatically. To verify that these user accounts are transferred from
Sun Java System Directory Server to Oracle Identity Manager successfully, return
to the Reconciliation Manager form. |
12. | Click
New. Oracle
Identity Manager clears the contents of the Reconciliation Manager
form. | | 13. | Click
Query. A table appears, displaying the new user accounts that
are transferred into Oracle Identity Manager via reconciliation. Notice
that all of these accounts are preceded by "CONTR,"
signifying that these users have a role of Contractor. Linda is now ready
to verify that both the new accounts and the modifications to the existing accounts
are transferred into Oracle Identity Manager successfully. To do so, she needs
to access the Manage User form of the Administrative Console. |
| 14. | Open
the Manage User form in the Users folder. The
Manage User form appears. | | 15. | Select
User ID from the combo box that is displayed within this form. Then, within the
text box that appears to the right of the combo box, enter *.
This value represents a wildcard character. Lastly, click Search User. Oracle
Identity Manager displays the accounts, from Sun Java System Directory Server,
of all new users it received with a role of Contractor. In addition, it contains
all modifications to existing user accounts.
This signifies that Oracle Identity Manager reconciled with
Sun Java System Directory Server successfully. That is, any new user accounts,
as well as changes to existing accounts, are retrieved and transferred into Oracle
Identity Manager. Because of this, these accounts are synchronized between Sun
Java System Directory Server and Oracle Identity Manager. |
Back to
Topic List In
this lesson, you learned how to:
 | Import
a connector | |
Make a connector operable | | Modify
lookup definitions | |
Modify the Create User form | | Modify
the iPlanet User process form | | Create
and provision resources for users | | Reconcile
with Sun Java System Directory Server | Back
to Topic List Back
to Topic List
Place the cursor over this icon to hide
all screenshots.
|
Bookmark
