Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2) Part No. B14085-01 |
|
![]() Previous |
![]() Next |
Table B-1 lists and describes the attributes in integration profiles for integrating with third-party directories.
Note: With the exception of the last change number attributes, you do not need to restart the Oracle directory integration and provisioning server after modifying a running profile. |
Table B-1 Attributes in Integration Profiles for Third-Party Directories
Attribute | Description |
---|---|
General Information | - |
Profile Name (orclodipAgentName )
|
Name of the profile for the particular third-party directory you are integrating with. This attribute is mandatory. |
Synchronization Mode (orclodipSynchronizationMode )
|
Direction of synchronization between Oracle Internet Directory and the connected directory.
|
ProfileStatus (orclOdipAgentControl )
|
Indicator whether the profile is enabled or disabled. The default is DISABLE. You must set this value to ENABLE. |
Profile Password (orclodipProfilePassword )
|
The password used by the profile to bind to Oracle Internet Directory. In case of import, the changes are made with the profile name as the identity. The default value is welcome .
Note: For security reasons, change this password. |
Scheduling Interval (orclODIPSchedulingInterval )
|
Time interval in seconds after which a connected directory is synchronized with Oracle Internet Directory. The default is 600 .
This attribute can be modified. |
Maximum Number of Retries (orclodipSyncRetryCount )
|
Maximum number of times Oracle directory integration and provisioning server tries to run the third-party directory connector in the event of a failure. The default is 5 .
|
Profile Version (orclversion )
|
Version of Oracle Directory Integration and Provisioning with which this profile was created.The default value is 1.0 . This value cannot be modified.
|
Debug Level
( |
Identifier indicating the level of debugging required for any profile.
Set this attribute to 63 for the maximum debug level. See Also: The section about setting debug logging levels in Oracle Internet Directory Administrator's Guide |
Execution Information | - |
Agent Execution Command (orclodipAgentExeCommand )
|
Connector executable name and argument list used by the directory integration and provisioning server. It can be passed as a command-line argument when the connector is invoked.
See Also: Chapter 10, "Synchronization with Oracle Human Resources" for typical usage of passing it in the command-line |
Connected Directory Account (orclodipConDirAccessAccount )
|
Valid user account in the connected directory to be used by the connector for synchronization. The value is specific to the connected directory with which you are integrating. For instance, for the SunONE synchronization connector, it is the valid bind DN in the SunONE Directory Server. For the Human Resources Connector, it is a valid user identifier in the Oracle Human Resources database. For other connectors, it can be passed as a command-line argument when the connector is invoked.
See Also: Chapter 10, "Synchronization with Oracle Human Resources" for typical usage of passing it in the command-line |
Connected Directory Account Password (orclodipConDirAccessPassword )
|
Password to be used by the user specified in the orclOdipConDirAccessAccount attribute to connect to the connected directory. The value is specific to the third-party directory with which you are integrating. For instance, for the SunONE synchronization connector, it is the valid bind password in the SunONE Directory Server. For the Human Resources Agent, it is the Oracle Human Resources database password.
|
Additional Config Info (orclodipAgentConfigInfo )
|
Any configuration information that you want the connector to store in Oracle Internet Directory. It is passed by the directory integration and provisioning server to the connector at time of connector invocation. The information is stored as an attribute and the directory integration and provisioning server does not have any knowledge of its content. When the connector is scheduled for execution, the value of the attribute is stored in the file, $ORACLE_HOME/ldap/ odi/conf/profile_name.cfg that can be processed by the connector.
Upload the file by using either the Directory Integration and Provisioning Assistant. Do this for both import and export agents. See Also: "The Directory Integration and Provisioning Assistant (dipassistant) Syntax" |
Connected Directory URL (orclOdipConDirURL )
|
Connect details required to connect to the connected directory. This parameter refers to the host name and port number as host : port : sslmode .
To connect by using SSL, enter Make sure the certificate to connect to the directory is stored in the wallet, the location of which is specified in the file Note: To connect to SunONE Directory Server by using SSL, the server certificate needs to be loaded into the wallet. See Also: The chapter on Oracle Wallet Manager in Oracle Advanced Security Administrator's Guide |
Interface Type (orclodipInterfaceType )
|
The data format or protocol used in synchronization. Supported values are:
|
Mapping Information | - |
Mapping Rules (orclodipAttributeMappingRules )
|
Attribute for storing the mapping rules. Store the mapping rules in a file by using the Directory Integration and Provisioning Assistant.
See Also: |
Connected Directory Matching Filter (orclodipConDirMatchingFilter )
|
This attribute specifies the filter to apply to the third-party directory change log. It is used in the import profile. The filter must be set in the import profile when both the import and export integration profiles are enabled, as follows:
This prevents the same change from being exchanged between the two directories indefinitely. To avoid confusion, make this account specific to synchronization. See Also: Oracle MetaLink Note 280474.1, "Setting Up Filtering in a DIP Synchronization Profile" available at Oracle MetaLink at |
OID Matching Filter (orclOdipOIDMatchingFilter )
|
In export profiles, this attribute specifies the filter to apply to the Oracle Internet Directory change log container. It is used in the export profile. It must be set in the export profile when both the import and export integration profiles are enabled, as in the following example:
This prevents the same change from being exchanged between the two directories indefinitely. In import profiles, this attribute specifies a key for mapping entries between Oracle Internet Directory and the connected directory. This is useful when the DN cannot be used as the key. |
Status Information | - |
OID Last Applied Change Number (orclLastAppliedChangeNumber )
|
For export operations, the last change from Oracle Internet Directory that was applied to the connected directory. The default value is 0 . Set this to the value of the lastchangenumber attribute of Oracle Internet Directory. If you have used the Directory Integration and Provisioning Assistant for bootstrapping using LDAP, then this is set automatically at the end of the bootstrapping process.
This is valid only in the export profile. |
Last Execution Time (orclodipLastExecutionTime)
|
Status attribute set to the last time the integration profile was executed successfully by the Oracle directory integration and provisioning server. Its format is dd-mon-yyyy hh:mm:ss , where hh is the time of day in 24-hour format. This attribute is initialized during profile creation.
|
Last Successful Execution Time (orclodipLastSuccessfulExecution Time)
|
Status attribute set to the last time the integration profile was executed successfully by the Oracle directory integration and provisioning server. The format is dd-mon-yyyy hh:mm:ss , where hh is the hour in 24-hour format.
|
Synchronization Status | Synchronization status of the last execution: Success or failure. (orclodipSynchronizationStatus ) Initially, this attribute has the value Yet to be executed . It is a read-only attribute
|
Synchronization Errors (orclodipSynchronizationErrors )
|
Messages explaining errors if the last execution failed. This parameter is updated by Oracle directory integration and provisioning server. It is a read-only attribute. |
Last Applied Change Number (orclodipConDirLastAppliedChgNum )
|
For import operations, the last change from the connected directory that was applied to Oracle Internet Directory. The default value is 0 . Set this to the value of the lastchangenumber attribute of Oracle Internet Directory. If you have used the Directory Integration and Provisioning Assistant for bootstrapping using LDAP, then this is set automatically at then end of the bootstrapping process.
This is valid only in the import profile. |
See Also:
|
In order to identify objects that are synchronized from Microsoft Active Directory, Oracle Internet Directory contains the schema elements listed in Table B-2, which correspond to Microsoft Active Directory-specific attributes.
Table B-2 Oracle Internet Directory Schema Elements that Correspond to Microsoft Active Directory-Specific Attributes
Schema Element | Description |
---|---|
orclADGroup
|
Represents the object class for groups synchronized from Active Directory. Contains the orclObjectGuid , orclObjectSid , and the orclSAMAccountName elements.
|
orclADUser
|
Represents the object class for users synchronized from Active Directory. Contains the orclObjectGuid , orclObjectSid , and the orclSAMAccountName elements.
|
orclObjectGuid
|
Stores Active Directory's OBJECTGUID attribute.
|
orclObjectSid
|
Stores Active Directory's OBJECTSID attribute.
|
orclSAMAccountName
|
Stores Active Directory's SAMAccountName attribute. In Oracle Internet Directory, this attribute is defined as a Directory String type. However, in Active Directory this attribute cannot accept any special or non-printable characters. If any entry is added in Oracle Internet Directory with this attribute, it can only contain a simple text string or synchronization from Oracle Internet Directory to Active Directory will fail.
|