Home Learn the Basics View Content Add Content Create Pages Build Portlets Administer Page Groups Administer the Portal Try the Hands-On Exercises
Home
Home
Previous PageGo to page 1 of 7Go to page 2 of 7Go to page 3 of 7Current page 4 of 7Go to page 5 of 7Go to page 6 of 7Go to page 7 of 7Next Page
 

 

Oracle Human Resources Integration: Configure the HR .map file

The next step is to configure the attribute mapping file. This is done with the OracleHRAgent.map file. We will be using a sample file called "OracleHRAgent.map" which was provided as part of the sample file downloads. Place a copy of this file in your $ORACLE_HOME/ldap/odi/conf directory.

The first thing you will need to do is evaluate which database table column's you want to map to attributes in OID.

In the above example, lets examine the "DomainRules":

NONLDAP:CN=Users,DC=acme,DC=com:cn=%,cn=users,dc=acme,dc=com

The domain rule is divided into three sections, each separated by a ":" character. The left part of the domain rule tells the DIP server that we are not synchronizing with another LDAP server.

NONLDAP:CN=Users,DC=acme,DC=com:cn=%,cn=users,dc=acme,dc=com

The middle portion of the domain rule tells the DIP server where the new employee accounts and changes to those accounts will take place in the OID server.

NONLDAP:CN=Users,DC=acme,DC=com:cn=%,cn=users,dc=acme,dc=com

The last section of the domain rule tells the DIP server how to form the RDN (Relative Distinguished Name) for user accounts in OID. In this example it tells the DIP server to use the "cn" attribute as the RDN attribute for the user accounts.

NONLDAP:CN=Users,DC=acme,DC=com:cn=%,cn=users,dc=acme,dc=com

Now lets examine a simple "Attribute Rules" definition

firstname: : : :givenname: :inetorgperson

The "firstname" column value will be mapped to the "givenname" attribute which is part of the "inetorgperson" objectclass on the destination (OID side).

Lets examine the last mapping rule in this file:

employeenumber:1 : : :userpassword: :person: "welcome"+employeenumber

This mapping rule will initialize the users password to "welcome" plus the employee number. For example, if the employees employee number is 259, the initial password will be set to "welcome259".

This is just a sample of the many options you have for setting user passwords.

Optionally, by also mapping the "Employee_startdate" with the OID attribute "orclActiveStartDate", the users accounts will not be valid until their first day of work.

The sample file we used to create our mapping rules contain a list of common attributes used in most HR to OID synchronization integration's as well as a few optional attributes we will use for integration with Microsoft Windows. The attribute mapping rules we are using for Microsoft user provisioning are:

orclSAMAccountName

krbPrincipalName

If you do not wish to integrate with Microsoft windows, you can remove these lines from the mapping file that contain references to these attributes.

Please note that if you configured the Domain Rules to provision employees into the default subscriber location (where your Oracle Application Server users are located in OID), you must have at least one reference in the mapping file that uses the "orclUserv2" objectclass.

The default subscriber location in OID has an access control requirement that all user entries must include this "orclUserv2" objectclass. If you try to create a new user under the default subscriber location without including this objectclass, the OID server will not permit the new user to be created.

Since the sample file only makes reference to the "orclUserv2" objectclass in the "KrbPrincipalName" attribute, if you were to remove this mapping rule from the file, your synchronization from HR to OID will fail.

So if you remove this attribute you will need to create another reference to the "orclUserv2" objectclass somewhere else in the mapping file. One way to resolve this is to modify another attribute rule in the mapping file such as the "sn" attribute to include the "orclUserv2" objectclass.

Example:

lastname: : : :sn: :inetorgperson

This line maps the "lastname" column in the HR database to the "sn" attribute in OID. If you have a line that looks like this in your file you can change it to look like this:

lastname: : : :sn: :orclUserv2

As long as there is another attribute line in your file that makes reference to the "inetorgperson" objectclass, it is ok to replace it with the "orclUserv2" objectclass to satisfy the OID server requirement to include the "orclUserv2" objectclass.

Uploading the mapping file

Once you are finished modifying your "oraclehragent.map" file we need to upload these rules to the "OracleHRAgent" profile. We will use a program called "dipassistant" to upload the mapping file into the OracleHRAgent agent profile.

From the command prompt type the following command:

dipassistant mp -host hostname.domain.com -port 3060 -passwd welcome1 -profile OracleHRAgent odip.profile.mapfile=/oracle/home/ldap/odi/conf/oraclehragent.map

Note: This command is one command, not three.

Be sure to substitute your own FQDN, port number and password for OID in this command.

The password used in this command is the password for the orcladmin user.

The "odip.profile.mapfile" should be set to the complete directory path to the mapping file including the name of the mapping file.

Watch a viewlet to see how this is done.
Oracle Logo Next Page