A Verifying Adapters for Multiple Directory Identity Stores by Using ODSM

After you have configured your Oracle Virtual Directory adapters as described in Chapter 6, "Configuring an Identity Store with Multiple Directories," you can use ODSM to view the adapters for troubleshooting purposes. This chapter explains how.

This appendix contains the following sections:

A.1 Verifying Oracle Virtual Directory Adapters for Split Profile by Using ODSM

This section describes how to validate the adapters created in Configuring Oracle Virtual Directory Adapters for Split Profile.

This section contains the following topics:

A.1.1 Verifying User Adapter for Active Directory Server

Verify the following adapter and plug-ins for Active Directory:

Follow these steps to verify the User Adapter in Oracle Virtual Directory using Oracle Directory Services Manager.

  1. In a web browser, go to Oracle Directory Services Manager (ODSM). The URL is of the form: http://admin.mycompany.com/odsm.

  2. Connect to each Oracle Virtual Directory instance by using the appropriate connection entry.

  3. On the Home page, click the Adapter tab.

  4. Click user_AD1 adapter.

  5. Verify that the User Adapter routing as configured correctly:

    1. Visibility must be set to internal.

    2. Bind Support must be set to enable.

  6. Verify the User Adapter User Management Plug-in as follows:

    1. Select the User Adapter.

    2. Click the Plug-ins tab.

    3. Click the User Management Plug-in, then click Edit in the plug-ins table. The plug-in editing window appears.

    4. Verify that the plug-in parameters are as follows:

      Parameter Value Default

      directoryType

      activedirectory

      Yes

      exclusionMapping

      orclappiduser,uid=samaccountname

      mapAttribute

      orclguid=objectGuid

      mapAttribute

      uniquemember=member

      addAttribute

      user,samaccountname=%uid%,%orclshortuid%

      mapAttribute

      mail=userPrincipalName

      mapAttribute

      ntgrouptype=grouptype

      mapObjectclass

      groupofUniqueNames=group

      mapObjectclass

      orclidxperson=user

      pwdMaxFailure

      10

      Yes

      oamEnabled

      TrueFoot 1

      mapObjectClass

      inetorgperson=user

      Yes

      mapPassword

      True

      Yes

      oimLanguages

      Comma separated list of language codes, such as en,fr,ja

      Footnote 1

      Set oamEnabled to true only if you are using Oracle Access Manager.

A.1.2 Verifying Shadowjoiner User Adapter

Follow these steps to verify the ShadowJoiner Adapter in Oracle Virtual Directory using Oracle Directory Services Manager.

  1. In a web browser, go to Oracle Directory Services Manager (ODSM).

  2. Connect to Oracle Virtual Directory.

  3. On the Home page, click the Adapter tab.

  4. Click the Shadow4AD1 Adapter.

  5. Ensure that User Adapter routing as is configured correctly:

    1. Visibility must be set to internal.

    2. Bind Support must be set to enable.

  6. Verify the User Adapter as follows:

    1. Select the User Adapter.

    2. Click the Plug-ins tab.

    3. Click the User Management Plug-in, then click Edit in the plug-ins table. The plug-in editing window appears.

    4. Verify that the parameters are as follows:

      Parameter Value Default

      directoryType

      oid

      Yes

      pwdMaxFailure

      10

      Yes

      oamEnabled

      true

      mapObjectclass

      container=orclContainer

      Yes

      oimDateFormat

      yyyyMMddHHmmss'z'

A.1.3 Verifying JoinView Adapter

Follow these steps to verify the User Adapter in Oracle Virtual Directory using Oracle Directory Services Manager.

  1. In a web browser, go to the Oracle Directory Services Manager (ODSM) page.

  2. Connect to Oracle Virtual Directory.

  3. On the Home page, click the Adapter tab.

  4. Click the JoinView adapter.

  5. Verify the Adapter as follows

    1. Click Joined Adapter in the adapter tree. It should exist

    2. Click OK.

A.1.4 Verifying User/Role Adapter for Oracle Internet Directory

Follow these steps to verify the User Adapter in Oracle Virtual Directory using Oracle Directory Services Manager.

  1. In a web browser, go to Oracle Directory Services Manager (ODSM).

  2. Connect to Oracle Virtual Directory.

  3. On the Home page, click the Adapter tab.

  4. Click User Adapter.

  5. Verify the plug-in as follows:

    1. Select the User Adapter.

    2. Click the Plug-ins tab.

    3. Click the User Management Plug-in in the plug-ins table, then click Edit. The plug-in editing window appears.

    4. Verify that the parameters are as follows:

      Parameter Value Default

      directoryType

      oid

      Yes

      pwdMaxFailure

      10

      Yes

      oamEnabled

      true

      mapObjectclass

      container=orclContainer

      Yes

      oimDateFormat

      yyyyMMddHHmmss'z'

    5. Click OK.

A.1.5 Verifying Changelog Adapter for Active Directory Server

Follow these steps to verify the Changelog Adapter in Oracle Virtual Directory using Oracle Directory Services Manager.

  1. In a web browser, go to Oracle Directory Services Manager (ODSM).

  2. Connect to Oracle Virtual Directory.

  3. On the Home page, click the Adapter tab.

  4. Click the changelog_AD1 adapter.

  5. Verify the plug-in as follows.

    1. Select the Changelog Adapter.

    2. Click the Plug-ins tab.

    3. In the Deployed Plus-ins table, click the changelog plug-in, then click "Edit in the plug-ins table. The plug-in editing window appears.

    4. Verify that the parameter values are as follows:

      Parameter Value

      directoryType

      activedirectory

      mapAttribute

      targetGUID=objectGUID

      requiredAttribute

      samaccountname

      sizeLimit

      1000

      targetDNFilter

      cn=users,dc=idm,dc=ad,dc=com

      The users container in Active Directory

      mapUserState

      true

      oamEnabled

      true

      virtualDITAdapterName

      user_J1;user_AD1

A.1.6 Verifying Changelog Adapter for Oracle Internet Directory

To use the changelog adapter, you must first enable changelog on the connected directory. To test whether the directory is changelog enabled, type:

ldapsearch -h directory_host -p ldap_port -D bind_dn -q -b '' -s base 'objectclass=*' lastchangenumber

for example:

ldapsearch -h ldaphost1 -p 389 -D "cn=orcladmin" -q -b '' -s base 'objectclass=*' lastchangenumber

If you see lastchangenumber with a value, it is enabled. If it is not enabled, enable it as described in the Enabling and Disabling Changelog Generation by Using the Command Line section of Administering Oracle Internet Directory.

Follow these steps to verify the Changelog Adapter in Oracle Virtual Directory using Oracle Directory Services Manager.

  1. In a web browser, go to Oracle Directory Services Manager (ODSM).

  2. Connect to an Oracle Virtual Directory instance.

  3. On the Home page, click the Adapter tab.

  4. Click the Changelog Adapter.

  5. Verify the plug-in as follow.

    1. Select the Changelog Adapter.

    2. Click the Plug-ins tab.

    3. In the Deployed Plug-ins table, click the changelog plug-in, then click Edit in the plug-ins table. The plug-in editing window appears.

    4. Verify that the parameter values are as follows:

      Parameter Value

      directoryType

      oid

      mapAttribute

      targetGUID=orclguid

      requiredAttribute

      orclGUID

      modifierDNFilter

      cn=orcladmin

      sizeLimit

      1000

      targetDNFilter

      dc=mycompany,dc=com

      targetDNFilter

      cn=shadowentries

      mapUserState

      true

      oamEnabled

      true

      virtualDITAdapterName

      user_J1;shadow4AD1

      virtualDITAdapterName

      User Adapter (The name of the User adapter's name)

A.1.7 Configuring a Global Consolidated Changelog Plug-in

Verify the global level consolidated changelog plug-in as follows

  1. In a web browser, go to Oracle Directory Services Manager (ODSM).
  2. Connect to an Oracle Virtual Directory instance.
  3. On the Home page, click the Advanced tab. The Advanced navigation tree appears.
  4. Expand Global Plugins
  5. Click the ConsolidatedChglogPlugin. The plug-in editing window appears.

A.1.8 Validating Oracle Virtual Directory Changelog

Run the following command to validate that the changelog adapter is working:

$IDM_ORACLE_HOME/bin/ldapsearch -p 6501 -D cn=orcladmin -q -b 'cn=changelog' -s base 'objectclass=*' lastchangenumber

The command should return a changelog result, such as:

Please enter bind password:
cn=Changelog
lastChangeNumber=changelog_OID:190048;changelog_AD1:363878

If ldapsearch does not return a changelog result, double check the changelog adapter configuration.