I originally posted this on the Oracle Community site but I thought I would add it here:
--- START OF POST ---
My colleague and I have written a Database Tables ICF connector and this is an update regarding doing multiple trusted recons.
The data is written to a staging table as events rather than what normally you would think of as a summary table (USR is a good example of a summary table). There are about a dozen events. Only one event is valid to trigger a Create User task, carrying with it about 20 of the user's initial data fields, and such I program the Last Name, OIM Organization Name, OIM User Type, and OIM Employee Type into the attribute map when I pass it to the ResultsHandler.
For an update only recon profiles and update tasks. I originally did not believe that I would need to pass in the Last Name, OIM Organization Name, OIM User Type, and OIM Employee Type parameters into the Resource Object since it only does updates. Since it never creates a user (no match=do nothing), there should be no need for these parameters in the Resource Object. But when I run the Recon I got an error: The profile might be corrupt and could possibly cause reconciliation failure:: xxxxx xxxxxx xxxxxx xxxxxx missing mappings for: [ACT_KEY, USR_LAST_NAME, USR_TYPE, USR_EMP_TYPE] and I get an error XL_SP_ReconBlkUsrRqdcValdnMtch while processing batch ID xxx One or more parameters passed as null
The resolution is this: Any trusted recon must map to these four parameters even if they are not provided in the lookup or the scheduled job. For an update only job you just leave them blank.
--- END OF POST ---
Since I wrote this (in 2013) I did also start putting the 3 normally fixed values of Organization Name, Xellerate Type, and Role, spelled exactly that way, into the RO, the PD, and the Lookup.XX.UM.ReconAttrMap.Trusted.Defaults lookup, instead of trying to generate them inside the connector. This is only needed in the lookup for a recon that can do a create. Otherwise, as stated above, put them into the RO and PD and leave them off of the lookup. Of course Last Name is normally provided in a lookup, but if not then use the same process, put Last Name into the RO and PD and leave unmapped for UPDATES.
The names OIM Organization Name, OIM User Type, and OIM Employee Type are not the correct names, they were just made up.
Showing posts with label Connector. Show all posts
Showing posts with label Connector. Show all posts
Tuesday, April 14, 2015
Thursday, February 27, 2014
OIM 11gR2 Connector Server setup mojo
Just some simple tips for setting up the connector server. Some of these tips are from my colleagues, some I have modified what my colleagues are doing and so are my own take on things.
When building a connector server machine, it works very well to create a separate disk where all of the connector server software can be loaded and run from. For a physical machine (iron) the D drive will be taken by a CD/DVD drive, and you can use E: for the connector server. On a VM, you could choose to use D: or E:, whatever your preference.
On install never accept the Program Files folder for where the software is installed to. If you followed the advice above you will install the software into the D: or E: drive, if not, install in the C: drive, so your top folder is E:\Identity Connectors (or your drive). Under that you should have a Connector Server folder.
After install, decide where you want to put the log files. The default is C: and that is a bad location for the files. You can put the logs inside the Connector Server folder, in a separate folder, or on a third drive letter, for that matter. I call my logs folder Logs with a capital L since this is Microsoft and we give civilized names to our folders in Windows, not like those "lower case-no blanks" Linux savages.
The bundles of course go into the Connector Server folder per the install guides for each connector. Be sure to set the key first. I will cover logging in a separate post.
I install WinSCP and Notepad++ on my connector servers so I can manage things easily. I also make sure the Remote Admin tools including Active Directory Administrative Center, AD module for Windows PowerShell, Web Server (IIS) Tools, Telnet Client, and .NET 3.5.1 Framework Windows features are installed.
Finally, many people don't know how to set up a VIP on a windows box. The command is:
netsh interface ip add address "Local Area Connection" <vip-address> <netmask>
The name "Local Area Connection" is an example, this needs to be the name of your existing Ethernet adapter. Sometimes it is named Local Area Connection, other times it is named Online Network, but you need to find out what it is called by running ipconfig /all and noting it. You are adding an address to the existing interface, so it needs to be the same.
When building a connector server machine, it works very well to create a separate disk where all of the connector server software can be loaded and run from. For a physical machine (iron) the D drive will be taken by a CD/DVD drive, and you can use E: for the connector server. On a VM, you could choose to use D: or E:, whatever your preference.
On install never accept the Program Files folder for where the software is installed to. If you followed the advice above you will install the software into the D: or E: drive, if not, install in the C: drive, so your top folder is E:\Identity Connectors (or your drive). Under that you should have a Connector Server folder.
After install, decide where you want to put the log files. The default is C: and that is a bad location for the files. You can put the logs inside the Connector Server folder, in a separate folder, or on a third drive letter, for that matter. I call my logs folder Logs with a capital L since this is Microsoft and we give civilized names to our folders in Windows, not like those "lower case-no blanks" Linux savages.
The bundles of course go into the Connector Server folder per the install guides for each connector. Be sure to set the key first. I will cover logging in a separate post.
I install WinSCP and Notepad++ on my connector servers so I can manage things easily. I also make sure the Remote Admin tools including Active Directory Administrative Center, AD module for Windows PowerShell, Web Server (IIS) Tools, Telnet Client, and .NET 3.5.1 Framework Windows features are installed.
Finally, many people don't know how to set up a VIP on a windows box. The command is:
netsh interface ip add address "Local Area Connection" <vip-address> <netmask>
The name "Local Area Connection" is an example, this needs to be the name of your existing Ethernet adapter. Sometimes it is named Local Area Connection, other times it is named Online Network, but you need to find out what it is called by running ipconfig /all and noting it. You are adding an address to the existing interface, so it needs to be the same.
Subscribe to:
Posts (Atom)