Place the cursor over this icon to load and view all
the screenshots for this tutorial. (Caution: Because this action loads all screenshots
simultaneously, response time may be slow depending on your Internet connection.)
Note: Alternatively, you can place the cursor over
each individual icon in the following steps to load and view only the screenshot
associated with that step.
Overview
New employees joining a company do not generally
have access to all the applications that they require on the first day
of work. Employee details are added to the Human Resources database, but
employees are not always provided with the applications they might need.
An employee must raise multiple requests so that application administrators
provide access to applications. To avoid the delay and to simplify the
process, you can automatically provide new employees with the application
by integrating Oracle Human Resources (HR) with Oracle Internet Directory
(OID).
Note:
We do not advise trying this on your production
environment. In the process of testing the integration, you will add or
remove new employees to the HR database and might thus change the original
data set.
The DIP (Directory Integration Platform) server that
is built into OID includes an HR agent. This agent can be configured to
automatically provide employees with their Oracle Application Server Web
application, e-mail accounts, Microsoft Windows desktop user accounts,
SunOne user accounts, and much more.
Furthermore, when employees leave the company, all of
their accounts are automatically deprovisioned simply by changing the
employee status in HR to ex-employee. This integration feature ensures
that none of the ex-employee accounts are left open to cause possible
security concerns.
Have a test instance of E-Business Suite with Oracle Human Resources
configured (version 11.0.3 or later). Refer this
documentation library to get information on installing and configuring
Oracle Human Resources application.
3.
Set ORACLE_HOME
to point to the application server install directory.
Testing
Network Connectivity with Oracle Human Resources
Before configuring the Oracle Human Resources agent, you
must ensure that you have database connectivity between OID and your HR database.
To test the network connectivity between OID and HR, perform the following steps:
1.
Test the connection by using the tnsping
command line tool and the SID for the HR database.
If you successfully connect, you should see messages
similar to the following:
2.
Also, use SQL*Plus to test the database connectivity.
sqlplus apps/apps@PROD
Note: If
either of these two commands does not work, do not proceed to the next
step. Resolve your database networking issues before you continue with
this tutorial.
After establishing network connectivity to Oracle Human
Resources, you need to evaluate the tables and columns in the HR database
that are to be synchronized with OID. This is configured using the OracleHRAgent.cfg.master
file, which is located in your $ORACLE_HOME/ldap/odi/conf
directory. In most cases, the default settings in this file will suffice
and are already loaded in your default OracleHRAgent profile. If these default
settings are satisfactory for your integration needs, then it is not necessary
to change or load the OracleHRAgent.cfg.master
settings. The following screenshot shows the content of the default OracleHRAgent.cfg.master
file. Note: If you want to modify the settings, then make
a copy of OracleHRAgent.cfg.master
file with the name OracleHRAgent.cfg.
Observe that each line of the file has five entries separated by the
delimeter ":".
Consider the following line: PersonId:person_id:PER:NUMBER:Y
PersonId
:
HR attribute
person_id:
Database column name for the HR attribute
PER:
Name of the database table in which
the data is stored
NUMBER:
Data type for the values you want to
import from the HR database
Y
Indication that you want
to use this column for mapping to OID
If you are making any changes to the OracleHRAgent.cfg
file, you must upload the file to the OracleHRAgent profile. To upload the file,
perform the following steps: Note: The default parameters have already been uploaded to the profile.
In most cases the default parameters are sufficient. If you are using the default
profile, then you can skip these steps.
1.
Switch to a command window and change the directory
to $ORACLE_HOME/bin.
The next step is to configure the attribute mapping file by
using the OracleHRAgent.map file.
The following screenshot shows the content of the OracleHRAgent.map
file.
The domain rules in the file are as follows: NONLDAP:cn=users,dc=acme,dc=com:cn=%,cn=users,dc=acme,dc=com The domain rules tell the DIP server the type of repository with
which we are synchronizing.
NONLDAP
In this example, we are synchronizing
with the Oracle database. So NONLDAP
tells the DIP server that the repository we are synchronizing with is not
an LDAP repository.
cn=users,dc=acme,dc=com
Tells the DIP server where the
new employee accounts and changes to those accounts will take place in the
OID server
cn=%,cn=users,dc=acme,dc=com
Tells the DIP server how to form the relative
distinguished name (RDN) for user accounts in OID. In this example, it tells
the DIP server to use the cn
attribute as the RDN attribute for the user accounts.
In addition to the domain rules, the map file contains attribute
rules. Let's take a look at one of the them:
FirstName: : :
:givenName: :person This line indicates a mapping of the FirstName
column in the database to the givenName
attribute in OID, which belongs to the person
object class.
FirstName
Database column
name
givenName
Name of the attribute
in OID to which you want to map the database column
person
Name of the object class that
the attribute is associated with in OID
Examine the last mapping rule in this file:
employeenumber:1
: : :userpassword: :person: "welcome"+employeenumber This mapping rule initializes the user password
to "welcome" plus the employee number. For example, if the employee
number is 259, the initial password is set to "welcome259".
1.
Download
the file and place it in the $ORACLE_HOME/ldap/odi/conf
directory.
2.
Upload the mapping file. After modifying the mapping
file, you must upload the rules to the OracleHRAgent profile. Use the
dipassistant command to
upload the mapping file to the OracleHRAgent profile.
Change the directory to $ORACLE_HOME/bin,
and then issue the following command:
Launch the Oracle Directory Manager (ODM) by typing
oidadmin at the prompt.
Log in as orcladmin user.
2.
In the Directory Information Tree (DIT), navigate to
Server Management and then Integration Server. Click Configuration
Set1.
3.
You see all the default DIP profiles. Double-click OracleHRAgent.
4.
You see the Integration Profile: OracleHRAgent form.
The Scheduling Interval, (which is set in seconds) determines how often
OID checks the HR database for updates. Change the value of Scheduling
Interval to 10.
5.
Click the Execution tab.
6.
The agent execution command runs against the HR database. This command
includes the name of the agent we want to execute, the database connect
string for the HR database, the HR database login name, the password,
and the execution parameter. Enter the following command in the Agent
Execution Command field.
Note: You might have to change the connect string, the login,
or the password depending on your installation details.
Enter employeenumber
in the OID Matching Filter field.
9.
Click the Status tab.
10.
Set the execution time value. This value tells the DIP server (each time
it connects) how far back in time it needs to get new changes. In this
example, we are setting the server to the current date. This means we
get only those new changes that have been made since this date and time.
If this is the first time you have run the DIP server, you can bootstrap
OID with all the employees in the HR database. In this case, you would
set the date and time far enough back to obtain all of the employees in
the HR database. Each time the agent executes, it automatically updates
this value to the current date and time so that—the next time it
executes—it obtains all changes since the last successful time the
agent executed.
Change the value of Last Successful Execution Time to reflect the current
date and time.
11.
Click the General tab.
For synchronization to happen, the DIP server must be running. If it
is not running, you can start the DIP server with the following command:
To start the odisrv server, you must specify which oidldapd server port
the odisrv server process should use. The odisrv server will not run unless
oidldapd server process is running. HR agent belongs to configset 1 and
thus "configset=1" is specified in the command.
12.
To start agent synchronization, change the Profile Status from Disable
to Enable. Then click OK.
To test the synchronization of Oracle Human Resources
with Oracle Application Server 10g, create a new employee in Oracle
HR and verify that the new employee has been added by OID to the Oracle
Application Server environment.
1.
Open a
browser and enter the following URL: http://<host>.<domain>:8000/OA_HTML/US/ICXINDEX.htm
Log in to Oracle HR as sysadmin.
2.
Click US HR Manager.
The first time you click this link, you may have to
download the Jinitiator plug-in. Download and install Jinitiator.
3.
If you have already installed Jinitiator, you should
see the following window:
Double-click People.
4.
Double-click Enter and Maintain.
5.
Click New on the Find Person form.
6.
Enter values for the fields in the Name section
as shown in the screenshot.
7.
Scroll to select the type of person. Click the button
next to the Type field.
8.
Select Employee and click OK.
9.
Enter the Social Security Number in the Social Securityfield.
10.
Enter Birth Date. Click the Office Details tab.
11.
Enter details in the relevant fields (such as Office, Location,
and Email).
12.
Click the Save icon.
13.
Wait to see the "Transaction complete" message, and
then exit Oracle Applications.
14.
Verify that the new employee whom you created has been added by OID to
the Oracle Application Server environment. In the browser, change the
URL to http://<host.domain>:7777/oiddas.Click Login.
15.
Log in as orcladmin.
16.
Click the Directory tab.
17.
In the "Search for user" field, enter the first name of the
newly created employee. Then click Go.
You can also log in as the new employee.
In this tutorial, you should have learned how to integrate OID with Oracle
Human Resources.
Similarly, you can integrate Microsoft Active Directory and SunOne/iPlanet
with OID. Refer to this tutorial
to integrate Microsoft Active Directory with OID.
Place the cursor over this icon
to hide all screenshots.
Bookmark
