Deploying Microsoft Active Directory User Management Connector
Deploying the Connector
1. Copy the contents of the connector installation media directory into the following directory:OIM_HOME/server/ConnectorDefaultDirectory
2. Log in to Oracle Identity System Administration http://idmhost:14000/sysadmin with xelsysadm user
3. In the left pane, under System Management, click Manage Connector.
4. In the Manage Connector page, click Install.
5. From the Connector List list, select ActiveDirectory RELEASE_NUMBER. This list displays the names and release numbers of connectors whose installation files you copy into the default connector installation directory in Step 1.
To repopulate the list of connectors in the Connector List list, click Refresh.
From the Connector List list, select ActiveDirectory RELEASE_NUMBER.
6. Click Load.
7. To start the installation process, click Continue.
The following tasks are performed, in sequence:
Configuration of connector libraries
Import of the connector XML files (by using the Deployment Manager)
Compilation of adapters
On successful completion of a task, a check mark is displayed for the task. If a task fails, then an X mark and a message stating the reason for failure is displayed. Depending on the reason for the failure, make the required correction and then perform one of the following steps:
8. Retry the installation by clicking Retry.
9. Cancel the installation and begin again from Step 1.
If all three tasks of the connector installation process are successful, then a message indicating successful installation is displayed. In addition, a list of steps that you must perform after the installation is displayed. These steps are as follows:
Ensuring that the prerequisites for using the connector are addressed
Note:At this stage, run the Oracle Identity Manager PurgeCache utility to load the server cache with content from the connector resource bundle in order to view the list of prerequisites. See Clearing Content Related to Connector Resource Bundles from the Server Cache for information about running the PurgeCache utility.
Configuring the IT Resource for Microsoft AD and AD LDS
You must specify values for the parameters of the Active Directory IT resource as follows:1. Log in to Oracle Identity System Administration.
2. In the left pane, under Configuration, click IT Resource.
4. In the IT Resource Name field on the Manage IT Resource page, enter Active Directory and then click Search.
5. Click the edit icon corresponding to the Active Directory IT resource.
6. From the list at the top of the page, select Details and Parameters.
7. Specify values for the parameters of the Active Directory IT resource
The following list describes each parameter of the Active Directory IT resource
ADLDSPort
Enter the number of the port at which Microsoft AD LDS is listening.
Sample value: 50001
Note: Do not enter a value for this parameter if you are using Microsoft Active Directory as the target system.
BDCHostNames
Enter the host name of the backup domain controller to which Oracle Identity Manager must switch to if the primary domain controller becomes unavailable.
Sample value: mydc1;mydc2;mydc3
Note:Multiple backup domain controllers must be separated by semicolon (;).
Configuration Lookup
This parameter holds the name of the lookup definition that stores configuration information used during reconciliation and provisioning.If you have configured your target system as a target resource, then enter Lookup.Configuration.ActiveDirectory.
If you have configured your target system as a trusted source, then enter Lookup.Configuration.ActiveDirectory.Trusted.
Default value: Lookup.Configuration.ActiveDirectory
Connector Server Name
Name of the IT resource of the type "Connector Server." You create an IT resource for the Connector Server in Configuring the IT Resource for the Connector Server.
Note:Enter a value for this parameter only if you have deployed the Active Directory User Management connector in the Connector Server.
Default value: Active Directory Connector Server
Container
Enter the fully qualified domain name of the user container into or from which users must be provisioned or reconciled into Oracle Identity Manager, respectively.
Sample value: DC=example,DC=com
DirectoryAdminName
Enter the user name of account that you create by performing the procedure described in Creating a Target System User Account for Connector Operations.
Enter the value for this parameter in the following format:
DOMAIN_NAME\USER_NAME
Sample value: mydomain\admin
Note:If you are using AD LDS as the target system and this machine belongs to a workgroup, enter the username of the account created in Creating a Target System User Account for Connector Operations.
Enter a value for this parameter in the following format:
USER_NAME
Sample value: admin
DirectoryAdminPassword
DomainName
Enter the domain name for the Microsoft Active Directory domain controller on which the connector is being installed.
Sample value: example.com
Note:This is a mandatory parameter if you are using Microsoft Active Directory as the target system.
isADLDS
Enter yes to specify that the target system is Microsoft AD LDS.
Enter no to specify that the target system is Microsoft Active Directory.
LDAPHostName
Enter the host name, IP address, or domain name of the Microsoft Windows computer (target system host computer) on which Microsoft Active Directory is installed.
Note:If you do not specify a value for this parameter and the BDCHostNames parameter (discussed earlier in this table), then a serverless bind is used. The connector leverages ADSI for determining the domain controller in the domain and then creates the directory entry. Therefore, all interactions with the target system are not specific to a domain controller.
To determine the host name, on the computer hosting the target system, right-click My Computer and select Properties. On the Computer Name tab of the System Properties dialog box, the host name is specified as the value of the Full computer name field.
Sample values:
w2khost
172.20.55.120
example.com
SyncDomainController
Enter the name of the domain controller from which user accounts must be reconciled.
Note:The value specified in this parameter is used if the value of the SearchChildDomains lookup entry is set to no. If no value is specified for the SyncDomainController parameter and the SearchChildDomains lookup entry is set to no, then the connector automatically finds a domain controller for the target system and reconciles users from it.
Sample value: mynewdc
SyncGlobalCatalogServer
Enter the host on which the global catalog server is located.
Note:The value specified in this parameter is used if the value of the SearchChildDomains lookup entry is set to yes. If no value is specified for the SyncGlobalCatalogServer parameter and the SearchChildDomains lookup entry is set to yes, then the connector automatically finds a global catalog server for the target system, and then reconciles user accounts from the domain controller on which the global catalog server is running.
It is strongly recommended to provide a value for this parameter if you have set the SearchChildDomains lookup entry to yes.
Sample value: myglobalcatalogdc
UseSSL
Enter yes if the target system has been configured for SSL. This enables secure communication between the Connector Server and target system. Otherwise, enter no.
Default value: no
Note:For resetting user password during provisioning operations, the communication with the target system must be secure. The default communication between the .NET Connector Server and Microsoft Active Directory is secure. Therefore, even if you set the value of this parameter to no, it is possible to reset user passwords during provisioning operations because the default communication is secure. See Configuring SSL for Microsoft Active Directory and Microsoft AD LDS for information about configuring SSL.
The default communication between the .NET Connector Server and Microsoft AD LDS is not secure. Therefore, for enabling password reset provisioning operations, you must set the value of this parameter to yes to secure communication with Microsoft AD LDS. See Configuring SSL Between Connector Server and Microsoft AD LDS for more information about configuring SSL.
8. To save the values, click Update.
Creating and Activating a Sandbox
1. Log in to Oracle Identity System Administration.2. In the upper pane, click Sandbox
3. Click on create SandBox
4. Click on Form Designer and then Create.
5. Click the search icon for “Resource Type “ and choose “AD User”
6. Type a Form Name
7. While creating a new UI form, the form type should be Parent Form + Child Tables (Master/Detail).
8. Click Create.
Create an Application Instance
9. In the System Administration console, click on Application Instances10. From the Actions menu, select Create. Alternatively, click Create on the toolbar. The Create Application Instance page is displayed.
11. Specify values for the following fields:
Name: The name of the application instance.
Display Name: The display name of the application instance.
Description: A description of the application instance.
Resource Object: The resource object name. Click the search icon next to this field to search for and select AD User.
IT Resource Instance: The IT resource instance name. Click the search icon next to this field to search for and select Active Directory.
Form: Select the form name (created in previous step).
11. Click Save. The application instance is created
12. Click on the Sandboxes icon.
13. Select the sandbox and click “Publish Sandbox”
14. Click Yes to continue.
0 Comments:
Post a Comment