Prerequisite
OIM and OAM must be in a separate domain.
High Level Steps
- Enable LDAP Sync
- Configure the identity store by extending the schema.
- Configure the identity store with the users required by Access Manager.
- Configure the identity store with the users required by Oracle Identity Manager.
- Configure the identity store with the users required by Oracle WebLogic Server
- Extend Access Manager to support Oracle Identity Manager
- Integrate Access Manager and Oracle Identity Manager
- Configure the WebGate on the Oracle HTTP Server (OHS) to point to the 11g OAM Server
- Delete IAMSuiteAgent (the IDM Domain Agent) and restart the Oracle WebLogic Server Administration and Managed Servers.
Configuring Identity Store
Preconfiguring OID, OUD, and standalone OVD
./idmConfigTool.sh -preConfigIDStore input_file=prepareIDStore.properties
------------------prepareIDStore.properties------------------
IDSTORE_HOST: localhost
IDSTORE_PORT: 8060
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,cn=Oim,dc=deepakdubey,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,cn=Oim,dc=deepakdubey,dc=com
IDSTORE_SEARCHBASE: cn=Oim,dc=deepakdubey,dc=com
IDSTORE_SYSTEMIDBASE: cn=systemids,cn=Oim,dc=deepakdubey,dc=com
IDSTORE_OIMADMINUSER: oimadmin
IDSTORE_OIMADMINGROUP:OIMAdministrators
-------------------------------------------------------------
Creating Oracle Virtual Directory Adapters for Oracle Internet Directory and Active Directory
idmConfigTool.sh -configOVD input_file=ovd1.props
--------------ovd1.props--------------------------------
IDSTORE_HOST: localhost
IDSTORE_PORT: 8060
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,cn=Oim,dc=deepakdubey,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,cn=Oim,dc=deepakdubey,dc=com
IDSTORE_SEARCHBASE: cn=Oim,dc=deepakdubey,dc=com
IDSTORE_SYSTEMIDBASE: cn=systemids,cn=Oim,dc=deepakdubey,dc=com
IDSTORE_OIMADMINUSER: oimadmin
IDSTORE_OIMADMINGROUP:OIMAdministrators
oraidm@saidmsit:/u01/OIM/Middleware/Oracle_OIM/idmtools/bin$ cat ovd1.props
ovd.host:saidmsit.deepakdubey.com
ovd.port:8060
ovd.binddn:cn=orcladmin
ovd.password:moedev123
ovd.oamenabled:true
ovd.ssl:false
ldap1.type:OID
ldap1.host:saidmsit.deepakdubey.com
ldap1.port:8060
ldap1.binddn:cn=oimadmin,cn=systemids,cn=Oim,dc=deepakdubey,dc=com
ldap1.password:moedev123
ldap1.ssl:false
ldap1.base:cn=Oim,dc=deepakdubey,dc=com
ldap1.ovd.base:cn=Oim,dc=deepakdubey,dc=com
usecase.type:single
----------------------------------------------------------------
Creating Identity Virtualization Library (libOVD) Adapters and Integrating With Oracle Identity Manager
sh $MW_HOME/oracle_common/bin/libovdconfig.sh -domainPath $MW_HOME/user_projects/domains/base_domain -contextName oim -host myhost.mycompany.com -port 7001 -userName weblogic
To create user and changelog adapters, run the following command:
sh $MW_HOME/oracle_common/bin/libovdadapterconfig.sh -domainPath $MW_HOME/user_projects/domains/base_domain -contextName oim -host myadminserver.mycompany.com -port 7001 -userName weblogic -adapterName LDAP1 -adapterTemplate adapter_template_oim.xml -bindDN "cn=orcladmin" -createChangelogAdapter -dataStore OID -ldapHost myldaphost.mycompany.com -ldapPort 3060 -remoteBase "cn=Oim,dc=deepakdubey,dc=com" -root "cn=Oim,dc=deepakdubey,dc=com"
Enter AdminServer Password:
Enter LDAP Server Password:
Restart the web container and Oracle Identity Manager
To integrate Oracle Identity Manager to Oracle Identity Virtualization (libOVD):
Login to Oracle Identity System Administration.
Under Configuration on the left pane, click IT Resource. The Manage IT Resource page is displayed in a separate window.
From the IT Resource Type list, select Directory Server, and then click Search.
For the Directory Server IT resource, click Edit. The Edit IT Resource Details and Parameters page is displayed.
In the Search Base field, enter a value, for example, cn=Oim,dc=deepakdubey,dc=com.
In the User Reservation Container field, enter a value, for example, cn=reserve,cn=Oim,dc=deepakdubey,dc=com.
Restart the WebLogic server on which Oracle Identity Manager is deployed.
-----------Modifying the MDS-----
Copy the $IAM_ORACLE_HOME/server/metadata/ to /tmp/
Edit the LDAPContainerRules.xml. To do so, open LDAPContainerRules.xml, and replace $DefaultUserContainer$ and $DefaultRoleContainer$ with appropriate user and role container values.
Perform the import by using Oracle Enterprise Manager.
Seeding Reconciliation Jobs
Seeding LDAP reconciliation scheduled jobs with parameters:
Go to the $OIM_ORACLE_HOME/server/setup/deploy-files directory.
Set ant home. The following are sample commands to set ant home:
export ANT_HOME=/u01/mwhome/modules/org.apache.ant_1.7.1
$ANT_HOME/bin/ant -f setup.xml seed-ldap-recon-jobs -DoperationsDB.driver=oracle.jdbc.OracleDriver -DoperationsDB.user=schemaowner1_OIM -DOIM.DBPassword=SCHEMA_OWNER_PASSWORD -DoperationsDB.host=myhost.mycompany.com -DoperationsDB.port=1521 -DoperationsDB.serviceName=oimdb.regress.rdbms.mycompany.com -Dssi.provisioning=ON -Dweblogic.server.dir=$MW_HOME/wlserver_10.3 -Dojdbc.location=$MW_HOME/wlserver_10.3/server/lib/ojdbc6.jar -Dwork.dir=seed_logs
Running the LDAP Post-Configuration Utility
LDAPConfigPostSetup.sh LOCATION_OF_THE_DIRECTORY_CONTAINING_THE_ldapconfig.props_FILE
It has the ldapconfig.props