Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2) B14085-02 |
|
Previous |
Next |
During synchronization from a relational database to Oracle Internet Directory, the additional configuration information file governs the retrieval of data from the database. It provides the Oracle directory integration and provisioning server with the following information:
The SELECT
statement to execute
Either the attribute(s) or the database column(s) to be used in incremental synchronization. Generally, this is either an attribute that contains a timestamp or a change sequence number that the next SQL statement should use to retrieve incremental data.
To configure this file, use the sample file DBReader.cfg.master
in the $ORACLE_HOME/ldap/odi/conf directory, and edit it to your specifications.
Formatting the Additional Configuration Information File
It is very important to follow the correct format of this file. The various sections are divided using TAG names. Every TAG section has a list of parameters and their respective values. The general layout is as follows.
[TAG] PARAMETER1: value PARAMETER2: value [TAG] PARAMETER1: value PARAMETER2: value\ VALUE continuation\ value continuation\ end of value continuation [TAG] PARAMETER1: value PARAMETER2: value\ end of value continuation
For example, following this format, the DBReader.cfg.master
file looks like this:
[DBQUERY] SELECT: SELECT\
EMPNO EmpNum,\ ENAME,\ REPLACE(EMAIL),'@ACME.COM','') UID,\ EMAIL,\ TELEPHONE,\ TO_CHAR(LAST_UPDATE_DATE,'YYYYMMDDHH24MISS') Modified_Date\
FROM\
EMPLOYEE\
WHERE\
LAST_UPDATE_DATE>TO_DATE (:Modified_Date,'YYYYMMDDHH24MISS')\
ORDER BY\ LAST_UPDATE_DATE [SYNC-PARAMS] CHANGEKEYATTRS: Modified_Date
Note that the entire SELECT
statement is put as a value in the parameter SELECT
in the section represented by the TAG DBQUERY
. Because it is a lengthy value, the value continuation character is put as the last character in every line until the SELECT
statement ends.
The CHANGEKEYATTRS
parameter value is the name of the column(s) to be used while performing incremental synchronization. The value(s) of these column(s) is always stored in the orclOdipLastAppliedChgNum
attribute of the profile. Every time the SELECT
statement is executed, the current value(s) of this attribute are put into the SQL statement accordingly. This ensures that the data is always retrieved incrementally.
If there are multiple column names in the CHANGEKEYATTRS
—for example, column1:column2
—then the value in the orclOdipLastAppliedChgNum
attribute of the profile is stored as value1~value2
and so on, with value1
corresponding to column1
and value2
to column2
.
Column names are retrieved into Directory Integration and Provisioning as attribute value pairs and subsequently mapped into LDAP attribute values according to set mapping rules. For this reason, all columns names retrieved in the SELECT
statement must be simple names rather than expressions. For example, you can have the expression REPLACE(EMAIL),'@ACME.COM','')
but it retrieves the expression value as UID
.
In this example, the Modified_Date
is the key for incremental synchronization. Because it is a date, it must be represented in a string format.
When the profile is created, the orclOdipLastAppliedChgNum
attribute must be set to some value. All changes after this date—that is, rows in the table with LAST_UPDATE_DATE
greater than this value— are retrieved. For example, if the orclOdipLastAppliedChgNum
attribute is set to 20000101000000
, then all employee changes since January 1, 2000 are retrieved.
Because of the ORDER BY
clause, all the database rows returned are in the order of LAST_UPDATE_DATE
—that is, the changes retrieved and applied to the directory are in chronological order. Once the last change is retrieved and applied:
The orclOdipLastAppliedChgNum
attribute value is set to the Modified_Date
from the last row retrieved.
The profile is updated.
Whenever the Directory Integration and Provisioning executes the profile again, it uses the previously stored value.