sion

Oracle Fusion Middleware : Oracle Identity and Access Management Suite 10g/11gR1/11gR2PS1,PS2,PS3 : OIM | OAM,OAAM,OIF | OID, OVD, DIP | OUD/ ODSEE | Microsft AD | OpenLDAP | ADF | EBS R12 | OECMCCR4 | Business Intelleigence - Bi Publisher | Banking | Demo Applications | Core Java | SQL | PLSQL | Web services | Weblogic | Tomcat | JBoss | OHS | WebGate | WebCenter | In any Queries please Contact Me : info@oratechsoft.com

Search This Blog

Tuesday, 30 June 2015

Lab4 :: OIM Integration with Active Directory


1.Install Active Directory - DCPROMO
   Configure DNS Server, Add the Active Directory Domain Services Role,
   Install Active Directory Domain Services (DCPROMO)

2.Install Connecter server and restart the services

3.Copy the AD connecter Bundle to Connecter Default Directory in
OIM and if need to change port Number(default : 8759)and add switches

4.Install AD Connector using Manage Connector in sysadmin
console

5.Create IT Resource

6.Create Sanbox and activate, create Application Instace + Form

7.Run Catalog Synchronization Scheduler Job

8.Provision user to AD

select User from OIM --> Accounts --> Request Accounts --> Catlog--> AD Application Instance--> Add to cat --> Chek in --> Load the Org -->User Accounts --> Refresh...( Status :: Provisioned )


9. Reconciliation to OIM from AD



Trusted User Recon from Target Resource AD to OIM :-
========================================================

Before Running Trusted Recon we need to make sure that ITResouce has following configuration:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+     Lookup.Configuration.ActiveDirectory.Trusted         +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Run Scheduler

Note :: it is used Initial Reconciliation to OIM, (org,groups and users and others )


Target User Recon from Target Resource AD to OIM :-
=======================================================

Before Running Target Recon we need to make sure that ITResouce has following configuration:


++++++++++++++++++++++++++++++++++++++
+Lookup.Configuration.ActiveDirectory+
++++++++++++++++++++++++++++++++++++++

Run Scheduler


Note :: It is used if an user already in oim or provisioned user , that time we are using Target Reconciliation. But in this time an user updates visible in only in Process form not in Object form.



----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

1.  install windows server 2008 r2

2. confif DOMAIN Controller (DCPROMO)

3. set static ip address

4. disable firewall

5. down and install Connector server

6. down Active directory conn

7. copy the AD -->ad-->bundle --files

8. past them into installed connector server --IdentityConnector--Connectorserver---(paste)

9.Stop  the services for Connector server

10. Edit the ConnectorServer.exe.conf the following

<swithes>
<ad name="ActiveDirectorySwitch" value="4" />
</switches>

 11. save it

12. start the Connector services

13. copy the AD (parent folder)--->AD(child folder)

15. paste them into c:\oracle\Middleware\Oracle_IDM1\server\DefaultConnector (Paste here AD Child folder)

16. Goto sysadmin CONSOLE

15. SELECT managedConnector --install--> select AD childfolder-->click load -->next-->next-->finish

16. now edit the ou and groups and users in "ACtive Directory users and Computer"


17. now Recon the DC -->OU-->Groups-->user (.Trusted)

how to recon
------------
run the sheduler(AD orglookup recon, groups,users) at SYSADMIN console

18. provision the org,groups,users to Target System

How to provi
-------------

1. Goto Sysadmin console

2. create sandbox and activate it

3. when we create new appInstance -->run the CatSYSJOb sheduler

4. when we use already created AppIns no need to run the CatSysJob Sheduler

5. create form form AppInstance

6.now Export the sandbox for safety

7. Now publish the sandbox



8. Next Goto Self service Console

9. exi, new created groups,users

10. select or create -> and then RequestAccounts-->going catalog-->select APPInstance-->Add to cat--> check out --> choose our org (destination) and readytosub-->submit

11. now close the catalog

12. and click accounts -->refresh

13. now result is Provisioned ..

14. if provisioning commes --> no need to warry--> check the error --> See ur IT resources fileds

15. okay



16. Automatic provi( Through Access polices)



- By lakshmi Prasada Reddy Nandyala | nandyala@lakshmiprasad.co.in || Contact :: 9490059784

No comments:

Post a Comment