Database User Management (DBUM) connector is used to integrate Oracle Identity Manager with database user management tables for various databases. The functionality of the connector can be extended to achieve various specific requirements. One of the ways to extend the DBUM connector is by adding a Stored Procedure for user provisioning operation. This blog gives you the exact steps to extend your Oracle database. The same principles can be applied for other supported target database (DB) systems as well.
Here is a broad overview of the steps involved:
- Compile stored procedure with user created for target system as owner on target DB
- Extend connector functionality
- Remove existing jar and upload new one to OIM DB with the changes made in Step 2
- Restart the managed server
- Run the provision operation and verify the process
Step 1: Compile Stored Procedure
This step should be done with the same user that was created on the target DB, which is created as part of the target system account.
For example, if the user created on the target DB is “testuser”, then use the same user to run/compile the stored procedure.
Verify the same is compiled successfully.
Here is a sample Stored Procedure:
create or replace PROCEDURE InsertPackage(usr varchar2,
pwd varchar2)
is
stmt VARCHAR2(100);
BEGIN
EXECUTE IMMEDIATE ‘CREATE USER ‘||usr||’ IDENTIFIED BY ‘||pwd ;
EXECUTE IMMEDIATE ‘GRANT CREATE SESSION TO ‘||usr;
INSERT INTO test(TIMESTAMP, MESSAGE,USERNAME)
VALUES (SYSDATE,’Added User ‘||usr,
usr);
Step 2: Extend Connector Functionality
Download the jar which is org.identityconnectors.dbum-1.0.1116.jar (for DBUM 11.1.1.8.0) and org.identityconnectors.dbum-12.3.0.jar (for DBUM 12.2.1.3.0).
Extract the contents and navigate to <tmp>/scripts/oracle and open provision.queries for editing.
For CREATE_PWD_USER (used as a sample for this blog), change the query from existing to the following:
CREATE_PASSWORD_USER {
Query=”call insertPackage ({__NAME__},{__PASSWORD__})”
QueryType=”StoredProc”
Parameters=[“__NAME__”:”Type:String”, “__PASSWORD__”:”Type:GuardedString,TAGS:DOUBLEQUOTES”]
QueryExtensions=[]
}
Create a new jar file using the steps listed in the documentation.
Step 3: Remove Existing Jar File
Run DeleteJars.sh utility to remove the existing DBUM bundle jar file from the OIM DB. Use the same jar file name as mentioned in Step 2 for respective versions.
Run UploadJars.sh utility to upload the modified jar file to OIM DB.
Run PurgeCache.sh -all to clear the cache.
Step 4: Restart OIM Managed Server
Step 5: Provision Operation And Test Procedure
For any user Request Account, select the DBUM application instance, enter the details in the process form, and Submit the request.
Verify the user provisioning is successful and that the application instance shows “Provisioned” in the status.
On the target DB, check the test table to confirm the entry is made and run the following query to confirm the new provisioned user is created:
select * from dba_users;
We hope this step-by-step process was helpful. Contact our experienced Oracle consultants here so we can further assist you with upgrading and successfully integrating your Oracle systems to transform your business today!
