A Verifying Adapters for Multiple Directory Identity Stores by Using ODSM
This appendix contains the following sections:
A.1 Verifying Oracle Virtual Directory Adapters for Split Profile by Using ODSM
This section describes how to validate the adapters created in Configuring Oracle Virtual Directory Adapters for Split Profile.
This section contains the following topics:
A.1.1 Verifying User Adapter for Active Directory Server
Verify the following adapter and plug-ins for Active Directory:
Follow these steps to verify the User Adapter in Oracle Virtual Directory using Oracle Directory Services Manager.
-
In a web browser, go to Oracle Directory Services Manager (ODSM). The URL is of the form:
http://admin.mycompany.com/odsm
. -
Connect to each Oracle Virtual Directory instance by using the appropriate connection entry.
-
On the Home page, click the Adapter tab.
-
Click user_AD1 adapter.
-
Verify that the User Adapter routing as configured correctly:
-
Visibility must be set to internal.
-
Bind Support must be set to enable.
-
-
Verify the User Adapter User Management Plug-in as follows:
-
Select the User Adapter.
-
Click the Plug-ins tab.
-
Click the User Management Plug-in, then click Edit in the plug-ins table. The plug-in editing window appears.
-
Verify that the plug-in parameters are as follows:
Parameter Value Default directoryType
activedirectory
Yes
exclusionMapping
orclappiduser,uid=samaccountname
mapAttribute
orclguid=objectGuid
mapAttribute
uniquemember=membe
raddAttribute
user,samaccountname=%uid%,%orclshortuid%
mapAttribute
mail=userPrincipalName
mapAttribute
ntgrouptype=grouptype
mapObjectclass
groupofUniqueNames=group
mapObjectclass
orclidxperson=user
pwdMaxFailure
10
Yes
oamEnabled
True
Foot 1mapObjectClass
inetorgperson=user
Yes
mapPassword
True
Yes
oimLanguages
Comma separated list of language codes, such as
en,fr,ja
Footnote 1
Set oamEnabled to true only if you are using Oracle Access Manager.
-
A.1.2 Verifying Shadowjoiner User Adapter
Follow these steps to verify the ShadowJoiner Adapter in Oracle Virtual Directory using Oracle Directory Services Manager.
-
In a web browser, go to Oracle Directory Services Manager (ODSM).
-
Connect to Oracle Virtual Directory.
-
On the Home page, click the Adapter tab.
-
Click the Shadow4AD1 Adapter.
-
Ensure that User Adapter routing as is configured correctly:
-
Visibility must be set to internal.
-
Bind Support must be set to enable.
-
-
Verify the User Adapter as follows:
-
Select the User Adapter.
-
Click the Plug-ins tab.
-
Click the User Management Plug-in, then click Edit in the plug-ins table. The plug-in editing window appears.
-
Verify that the parameters are as follows:
Parameter Value Default directoryType
oid
Yes
pwdMaxFailure
10
Yes
oamEnabled
true
mapObjectclass
container=orclContainer
Yes
oimDateFormat
yyyyMMddHHmmss'z'
-
A.1.3 Verifying JoinView Adapter
Follow these steps to verify the User Adapter in Oracle Virtual Directory using Oracle Directory Services Manager.
-
In a web browser, go to the Oracle Directory Services Manager (ODSM) page.
-
Connect to Oracle Virtual Directory.
-
On the Home page, click the Adapter tab.
-
Click the JoinView adapter.
-
Verify the Adapter as follows
-
Click Joined Adapter in the adapter tree. It should exist
-
Click OK.
-
A.1.4 Verifying User/Role Adapter for Oracle Internet Directory
Follow these steps to verify the User Adapter in Oracle Virtual Directory using Oracle Directory Services Manager.
-
In a web browser, go to Oracle Directory Services Manager (ODSM).
-
Connect to Oracle Virtual Directory.
-
On the Home page, click the Adapter tab.
-
Click User Adapter.
-
Verify the plug-in as follows:
-
Select the User Adapter.
-
Click the Plug-ins tab.
-
Click the User Management Plug-in in the plug-ins table, then click Edit. The plug-in editing window appears.
-
Verify that the parameters are as follows:
Parameter Value Default directoryType
oid
Yes
pwdMaxFailure
10
Yes
oamEnabled
true
mapObjectclass
container=orclContainer
Yes
oimDateFormat
yyyyMMddHHmmss'z'
-
Click OK.
-
A.1.5 Verifying Changelog Adapter for Active Directory Server
Follow these steps to verify the Changelog Adapter in Oracle Virtual Directory using Oracle Directory Services Manager.
-
In a web browser, go to Oracle Directory Services Manager (ODSM).
-
Connect to Oracle Virtual Directory.
-
On the Home page, click the Adapter tab.
-
Click the changelog_AD1 adapter.
-
Verify the plug-in as follows.
-
Select the Changelog Adapter.
-
Click the Plug-ins tab.
-
In the Deployed Plus-ins table, click the changelog plug-in, then click "Edit in the plug-ins table. The plug-in editing window appears.
-
Verify that the parameter values are as follows:
Parameter Value directoryType
activedirectory
mapAttribute
targetGUID=objectGUID
requiredAttribute
samaccountname
sizeLimit
1000
targetDNFilter
cn=users,dc=idm,dc=ad,dc=com
The users container in Active Directory
mapUserState
true
oamEnabled
true
virtualDITAdapterName
user_J1;user_AD1
-
A.1.6 Verifying Changelog Adapter for Oracle Internet Directory
To use the changelog adapter, you must first enable changelog on the connected directory. To test whether the directory is changelog enabled, type:
ldapsearch -h directory_host -p ldap_port -D bind_dn -q -b '' -s base 'objectclass=*' lastchangenumber
for example:
ldapsearch -h ldaphost1 -p 389 -D "cn=orcladmin" -q -b '' -s base 'objectclass=*' lastchangenumber
If you see lastchangenumber
with a value, it is enabled. If it is not enabled, enable it as described in the Enabling and Disabling Changelog Generation by Using the Command Line section of Administering Oracle Internet Directory.
Follow these steps to verify the Changelog Adapter in Oracle Virtual Directory using Oracle Directory Services Manager.
-
In a web browser, go to Oracle Directory Services Manager (ODSM).
-
Connect to an Oracle Virtual Directory instance.
-
On the Home page, click the Adapter tab.
-
Click the Changelog Adapter.
-
Verify the plug-in as follow.
-
Select the Changelog Adapter.
-
Click the Plug-ins tab.
-
In the Deployed Plug-ins table, click the changelog plug-in, then click Edit in the plug-ins table. The plug-in editing window appears.
-
Verify that the parameter values are as follows:
Parameter Value directoryType
oid
mapAttribute
targetGUID=orclguid
requiredAttribute
orclGUID
modifierDNFilter
cn=orcladmin
sizeLimit
1000
targetDNFilter
dc=mycompany,dc=com
targetDNFilter
cn=shadowentries
mapUserState
true
oamEnabled
true
virtualDITAdapterName
user_J1;shadow4AD1
virtualDITAdapterName
User Adapter (The name of the User adapter's name)
-
A.1.7 Configuring a Global Consolidated Changelog Plug-in
Verify the global level consolidated changelog plug-in as follows
- In a web browser, go to Oracle Directory Services Manager (ODSM).
- Connect to an Oracle Virtual Directory instance.
- On the Home page, click the Advanced tab. The Advanced navigation tree appears.
- Expand Global Plugins
- Click the ConsolidatedChglogPlugin. The plug-in editing window appears.
A.1.8 Validating Oracle Virtual Directory Changelog
Run the following command to validate that the changelog adapter is working:
$IDM_ORACLE_HOME/bin/ldapsearch -p 6501 -D cn=orcladmin -q -b 'cn=changelog' -s base 'objectclass=*' lastchangenumber
The command should return a changelog result, such as:
Please enter bind password: cn=Changelog lastChangeNumber=changelog_OID:190048;changelog_AD1:363878
If ldapsearch
does not return a changelog result, double check the changelog adapter configuration.