Transcription
Oracle Identity ManagerConnector Guide for IBM RACF AdvancedRelease 9.1.0.12.0F21285-12Nov 2021
Oracle Identity Manager Connector Guide for IBM RACF Advanced, Release 9.1.0.12.0F21285-12Copyright 2019, 2021, Oracle and/or its affiliates.Primary Author: Debapriya DattaContributing Authors: Maya Chakrapani, Mike HowlettContributors: Amol Datar, Shradha Joshi, Vaidyanath Laturkar, Nilesh NikaljeThis software and related documentation are provided under a license agreement containing restrictions onuse and disclosure and are protected by intellectual property laws. Except as expressly permitted in yourlicense agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverseengineering, disassembly, or decompilation of this software, unless required by law for interoperability, isprohibited.The information contained herein is subject to change without notice and is not warranted to be error-free. Ifyou find any errors, please report them to us in writing.If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it onbehalf of the U.S. Government, then the following notice is applicable:U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software,any programs embedded, installed or activated on delivered hardware, and modifications of such programs)and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government endusers are "commercial computer software" or "commercial computer software documentation" pursuant to theapplicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use,reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/oradaptation of i) Oracle programs (including any operating system, integrated software, any programsembedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oraclecomputer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in thelicense contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloudservices are defined by the applicable contract for such services. No other rights are granted to the U.S.Government.This software or hardware is developed for general use in a variety of information management applications.It is not developed or intended for use in any inherently dangerous applications, including applications thatmay create a risk of personal injury. If you use this software or hardware in dangerous applications, then youshall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure itssafe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of thissoftware or hardware in dangerous applications.Oracle, Java, and MySQL are registered trademarks of Oracle and/or its affiliates. Other names may betrademarks of their respective owners.Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks areused under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc,and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registeredtrademark of The Open Group.This software or hardware and documentation may provide access to or information about content, products,and services from third parties. Oracle Corporation and its affiliates are not responsible for and expresslydisclaim all warranties of any kind with respect to third-party content, products, and services unless otherwiseset forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not beresponsible for any loss, costs, or damages incurred due to your access to or use of third-party content,products, or services, except as set forth in an applicable agreement between you and Oracle.
ContentsPrefaceAudiencexiiDocumentation AccessibilityxiiRelated DocumentsxiiConventionsxiiiWhat's New in the Oracle Identity Manager Advanced Connector for IBMRACF?Software UpdatesxivDocumentation-Specific Updates1xxiiiAbout the IBM RACF Advanced Connector1.1Introduction to the Connector1-11.2Certified Components1-11.3Certified Languages1-21.4Connector Architecture1-31.51.4.1Understanding the Connector Components1-31.4.2Understanding the Connector Operations1-41.4.2.1Full Reconciliation Process1-41.4.2.2Initial LDAP Population and Reconciliation Process1-51.4.2.3Provisioning Process1-5Connector Features1.5.1Full and Incremental Reconciliation1-71.5.2Encrypted Communication Between the Target System and Oracle IdentityManager1-7High Availability Feature of the Connector1-71.5.31.61-7Connector Objects Used During Reconciliation and Provisioning1-81.6.1Supported Functions for Target Resource Reconciliation1-91.6.2Supported Functions for Provisioning1-91.6.3User Attributes for Target Resource Reconciliation and Provisioning1-101.6.4GROUP Attributes for Target Resource Reconciliation and Provisioning1-12iii
1.6.5Security Attributes for Provisioning1-121.6.6DATASET Profile Attributes for Provisioning1-131.6.7Resource Profile Attributes for Provisioning1-131.6.8Reconciliation Rule1-141.6.9Reconciliation Action Rules1-141.6.1021-15Installing and Configuring the LDAP Gateway2.1Hardware Requirements for Installing the LDAP Gateway2-12.2Installing the LDAP Gateway2-12.3Upgrading the LDAP Gateway2-32.4Configuring the LDAP Gateway2-52.4.1Setting Connection Properties2.4.2Creating the Connector Configuration2-152.4.3Configuring the LDAP Gateway for Multiple Installations of the Target System2-172.4.4Overriding the Default System Configuration2-19Configuring the Windows Service for the LDAP Gateway2-202.52-52.5.1Installing and Configuring the Windows Service for the LDAP Gateway2-202.5.2Uninstalling the Windows Service for the LDAP Gateway2-212.5.3Configuring Memory Pool Settings2-212.5.4Configuring Memory Pool Settings for LDAP Gateway v8.x.x2-222.6Configuring Transformation of the LDAP Gateway Attributes2-232.7Configuring Multiple Instances of the LDAP Gateway2-242.8Encrypting Data2-252.8.1Understanding Encryption2-252.8.2Configuring Encryption2-27Understanding the Caching Layer2-282.92.10Configuring Scheduled Reconciliation2-292.11About Parsing Grammar Protocol 1.02-302.12Configuring IDF LDAP Gateway to Use SSL for Messaging Between Gateway andPioneer/Voyager2-342.12.1Configuring SSL for Messaging Between Gateway and Pioneer2-342.12.2Configuring SSL for Messaging Between Gateway and Voyager2-352.12.3Enabling AT-TLS for RACF Pioneer and Voyager2-352.133Viewing the Reconciliation Action Rules for IBM RACF Advanced ConnectorConfiguring Replication2-39IBM RACF Connector Deployment on Oracle Identity Manager3.1Running the Connector Installer3-13.2Configuring the IT Resource3-23.3Configuring Oracle Identity Manager3-4iv
3.3.153-53.3.1.1Creating and Activating a Sandbox3-53.3.1.2Creating a New UI Form3-53.3.1.3Creating an Application Instance3-63.3.1.4Publishing a Sandbox3-63.3.1.5Harvesting Entitlements and Sync Catalog3-63.3.1.6Updating an Existing Application Instance with a New Form3-73.3.2Localizing Field Labels in UI Forms3-73.3.3Clearing Content Related to Connector Resource Bundles from the ServerCache for Oracle Identity Manager Connector3-93.3.44Creating Additional Metadata, Running Entitlement, and CatalogSynchronization JobsEnabling Logging for IBM RACF Advanced Connector3-103.3.4.1Enabling Logging for the LDAP Gateway3-103.3.4.2Event Logging in Oracle Identity Manager3-11Installing and Configuring the Agents of the IBM RACF Connector on theMainframe4.1Installation Requirements for Agents4-14.2Installing the Mainframe Agents4-44.3Configuring the Mainframe Agents4-94.3.1Configuring the Provisioning Agent4.3.2Configuring the Reconciliation Agent4-94-134.4Configuring Logging4-154.5Customizing the Reconciliation Exit4-204.6Activating and Deactivating Reconciliation Exits4-224.7Operator Interface for Mainframe Agents4-224.7.1Provisioning Agent Commands4-224.7.2Reconciliation Agent Commands4-23Using the IBM RACF Advanced Connector5.1Guidelines on Using the IBM RACF Advanced Connector5-15.2Scheduled Tasks for Lookup Field Synchronization5-25.35.45.2.1RACF Reconcile Groups To Internal LDAP5-45.2.2RACF Find All LDAP Groups5-4Configuring the Security Attributes Lookup Field5-65.3.1Attributes of the Find All Security Attributes Scheduled Task5-65.3.2Adding Additional Security Attributes for Provisioning and Reconciliation5-8Configuring Reconciliation5-85.4.1Configuring Incremental Reconciliation5-85.4.2Performing Full Reconciliation5-9v
5.4.35-115.4.3.1RACF Reconcile All Users5-115.4.3.2RACF Deleted User Reconciliation Using OIM5-125.4.3.3RACF Reconcile Users to Internal LDAP5-135.4.3.4RACF Reconcile All LDAP Users5-135.4.3.5RACF Reconcile Datasets To Internal LDAP5-145.4.3.6RACF Reconcile Resources To Internal LDAP5-155.4.46Reconciliation Scheduled TasksGuidelines for Configuring Filtered Reconciliation to Multiple Resource Objects5-165.5Configuring Account Status Reconciliation for IBM RACF Advanced Connector5-175.6Scheduled Tasks for IBM RACF Advanced Connector5-185.7Configuring Reconciliation Jobs5-185.8Performing Provisioning Operations5-19Extending the Functionality of the IBM RACF Advanced Connector6.16.2Adding Custom Fields for Target Resource Reconciliation6-16.1.1Adding Custom Fields for Reconciliation6-16.1.2Adding Custom Fields to Oracle Identity Manager6-2Adding Custom Multivalued Fields for Reconciliation6-36.2.1Adding Custom Multivalued Fields to the Reconciliation Component6-36.2.2Adding Custom Multivalued Fields6-46.3Adding Custom Fields for Provisioning for IBM RACF Advanced Connector6-86.4Removing Attributes Mapped for Target Resource Reconciliation6-106.5Using the Provisioning Agent to Run IBM z/OS Batch Jobs6-106.6Configuring the Connector for Provisioning to Multiple Installations of the TargetSystem6-136.7Customizing Log File Locations6-146.8LDAP Reconciliation Supported Queries6-156.9Handling Pioneer Error Messaging Exceptions in the Gateway6-167Troubleshooting the IBM RACF Advanced Connector8Known Issues and Workarounds for the IBM RACF Advanced ConnectorAFiles and Directories in the IBM RACF Advanced Connector PackageBAPF-Authorized Librariesvi
CPioneer DatasetsDCreating Custom Scheduled TasksD.1Code for Searching All Users and All User DataD-1D.2Code for Searching All Groups and All Group DataD-2D.3Code for Searching All Datasets and All Dataset DataD-2EVoyager and Pioneer Control File ParametersFConfiguring RACF Starter User ID and Access for Voyager Agent andPioneer Agent Started TasksGCustomizing AES Encryption KeyHMainframe Language Environment Runtime OptionsH.1Setting Runtime Options for IBM RACFH-1H.2Run Time Options, Defaults and Recommendations for IBM RACFH-2IPioneer Post-Processing CommandsJPioneer SMF ProcessKPioneer MessagesLVoyager MessagesMFeatures of the Mainframe AgentsM.1Functions Supported by the Pioneer Provisioning AgentM-1M.2Functions Supported by the Voyager Reconciliation AgentM-3vii
NCustom Data Field (CSDATA)N.1Adding CSDATA FieldsN-1N.2Parsing CSDATA FieldsN-2viii
List of Figures1-1Provisioning Process1-66-1Multivalued Field Added on a New Form6-46-2Child Form Added to the Process Form6-56-3New Reconciliation Field Added in the resource Object6-66-4Entry Added in the Lookup Definition6-76-5New Reconciliation Field Mapped to a Process Data Field6-8ix
List of Tables1-1Certified Components1-21-2Supported Functions for Provisioning1-91-3User Attributes for Target Resource Reconciliation and Provisioning1-101-4GROUP Attribute Mappings for IBM RACF Connector1-121-5Security Attribute for Target Resource Reconciliation and Provisioning1-131-6DATASET Attribute Mappings for IBM RACF Advanced Connector1-131-7Resource Profile Attributes for Target Resource Provisioning1-141-8Reconciliation Action Rules for IBM RACF Advanced Connector1-142-1Hardware Requirements for Installing the LDAP Gateway2-12-2Properties in the racf.properties File2-62-3Property Values To Be Updated for Running Multiple Instances of the LDAP Gateway3-1IT Resource Parameters for IBM RACF Advanced Connector3-2Log Files and their Contents3-113-3Logger Parameters3-124-1Requirements4-14-2Installation Placeholders4-64-3Job Streams to Execute4-84-4Parameters of the Pioneer Control File4-94-5Parameters of the Voyager Control File4-134-6Logging Parameters4-154-7Provisioning Agent Commands4-224-8Reconciliation Agent Commands4-235-1Attributes of the Find All Resources, Find All Datasets, and Find All Groups2-243-2Scheduled Tasks5-25-2Attributes of the RACF Reconcile Groups To Internal LDAP Task5-45-3Attributes of the RACF Find All LDAP Groups Task5-45-4Attributes of the Find All Security Attributes Scheduled Task5-75-5Attributes of the RACF Reconcile All Users Scheduled Task5-115-6Attributes of the RACF Reconcile Deleted Users to Oracle Identity ManagerScheduled Task5-135-7Attributes of the RACF Reconcile Users to Internal LDAP Scheduled Task5-135-8Attributes of the RACF Reconcile All LDAP Users Scheduled Task5-135-9Attributes of the RACF Reconcile Datasets To Internal LDAP Task5-155-10Attributes of the RACF Reconcile Resources To Internal LDAP Task5-155-11Scheduled Tasks for Lookup Field Synchronization and Reconciliation for IBM RACF5-18x
6-1Values for the Variables, Map To, Qualifier, and Literal Value Lists for Each Variable6-97-1Troubleshooting Tips7-1A-1Files and Directories in the Installation PackageA-1C-1Relationship between the Steps in the LOADDSN Member and the File ContentsC-1E-1Voyager Control File ParametersE-1E-2Pioneer Control File ParametersE-3H-1Language Environment Run Time Options, Defaults and Recommendations for IBM RACFH-2K-1Pioneer MessagesK-1L-1Voyager MessagesL-1M-1Functions Supported by the Provisioning Agent - PioneerM-2xi
PrefacePrefaceThis guide describes the connector that is used to integrate Oracle Identity Managerwith IBM RACF.AudienceThis guide is intended for resource administrators and target system integration teams.Installation of the connector components on the mainframe requires experience withIBM RACF and various z/OS technologies and components, including TCP/IP, QSAM(flat files), and z/OS libraries.Documentation AccessibilityFor information about Oracle's commitment to accessibility, visit the OracleAccessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx acc&id docacc.Access to Oracle SupportOracle customers that have purchased support have access to electronic supportthrough My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx acc&id info or visit http://www.oracle.com/pls/topic/lookup?ctx acc&id trsif you are hearing impaired.Related DocumentsFor information about installing and using Oracle Identity Governance 12.2.1.4.0, visitthe following Oracle Help Center ntity-governance/12.2.1.4/index.htmlFor information about installing and using Oracle Identity Governance 12.2.1.3.0, visitthe following Oracle Help Center ntity-governance/12.2.1.3/index.htmlFor information about Oracle Identity Governance Connectors 12.2.1.3.0documentation, visit the following Oracle Help Center ntity-governance-connectors/12.2.1.3/index.htmlFor information about Oracle Identity Manager Connectors 11.1.1 documentation, visitthe following Oracle Help Center page:xii
Prefacehttp://docs.oracle.com/cd/E22999 01/index.htmConventionsThe following text conventions are used in this document:ConventionMeaningboldfaceBoldface type indicates graphical user interface elements associated with anaction, or terms defined in text or the glossary.italicItalic type indicates book titles, emphasis, or placeholder variables for whichyou supply particular values.monospaceMonospace type indicates commands within a paragraph, URLs, code inexamples, text that appears on the screen, or text that you enter.xiii
What's New in the Oracle Identity Manager Advanced Connector for IBM RACF?What's New in the Oracle Identity ManagerAdvanced Connector for IBM RACF?This chapter details updates made to the software and documentation for the OracleIdentity Manager Advanced Connector for IBM RACF.The updates discussed in this chapter are divided into the following categories: Software UpdatesThis section describes updates made to the connector software. Documentation-Specific UpdatesThese include major changes made to the connector documentation. Thesechanges are not related to software updates.Software UpdatesThese are the updates made to the connector software. Software Updates in Release 9.1.0.12.0 Software Updates in Release 9.1.0.11.0 Software Updates in Release 9.1.0.10.0 Software Updates in Release 9.1.0.9.0 Software Updates in Release 9.1.0.8.0 Software Updates in Release 9.1.0.7.0 Software Updates in Release 9.1.0.6.0 Software Updates in Release 9.1.0.5.1 Software Updates in Release 9.1.0.5.0 Software Updates in Release 9.1.0.4.0 Software Updates in Release 9.1.0.3.0 Software Updates in Release 9.1.0.2.0 Software Updates in Release 9.1.0.1.0 Software Updates in Release 9.1.0.0.0Software Updates in Release 9.1.0.12.0The following are software updates in release 9.1.0.12.0: Resolved Issues in Release 9.1.0.12.0xiv
What's New in the Oracle Identity Manager Advanced Connector for IBM RACF?Resolved Issues in Release 9.1.0.12.0The following table lists the issues resolved in release 9.1.0.12.0:Bug NumberIssueResolution33087587RECONCILING RACF USER'SThis issue has been resolved.DATASET AND PROFILES INTOOIM USING EXTRACTS INZ/OS V2.4Software Updates in Release 9.1.0.11.0The following are software updates in release 9.1.0.11.0: Resolved Issues in Release 9.1.0.11.0Resolved Issues in Release 9.1.0.11.0The following table lists the issues resolved in release 9.1.0.11.0:Bug NumberIssueResolution33033255RECONCILING RACF USER’S This issue has been resolved.DATASET AND PROFILES INTOOIM33350939RACF Command to removeinstdata value is not generated33350541RACF with Default Group Update This issue has been resolved.also triggering a Group ConnectcommandThis issue has been resolved.Software Updates in Release 9.1.0.10.0The following are software updates in release 9.1.0.10.0: Resolved Issues in Release 9.1.0.10.0Resolved Issues in Release 9.1.0.10.0The following table lists the issues resolved in release 9.1.0.10.0:Bug NumberIssueResolution33203187RACF - CSDATA attribute cannot This issue has been resolved.be set to nullSoftware Updates in Release 9.1.0.9.0The following are software updates in release 9.1.0.9.0: Resolved Issues in Release 9.1.0.9.0Resolved Issues in Release 9.1.0.9.0The following table lists the issues resolved in release 9.1.0.9.0:xv
What's New in the Oracle Identity Manager Advanced Connector for IBM RACF?Bug NumberIssueResolution32577059Enhanced Alias processing tobe able to use IDCAMS JCLThis issue has been resolved.Software Updates in Release 9.1.0.8.0The following are software updates in release 9.1.0.8.0: Resolved Issues in Release 9.1.0.8.0Resolved Issues in Release 9.1.0.8.0The following table lists the issues resolved in release 9.1.0.8.0:Bug NumberIssueResolutionInternalMemory leak issue in thegatewayThis issue has been resolved.InternalRace condition issue withRACF batch reconciliationsThis issue has been resolved.Software Updates in Release 9.1.0.7.0The following are software updates in release 9.1.0.7.0: Resolved Issues in Release 9.1.0.7.0Resolved Issues in Release 9.1.0.7.0The following table lists the issues resolved in release 9.1.0.7.0:Bug NumberIssueResolution32498921CVE-2021-26117: APACHEACTIVEMQ UPDATE TO ATLEAST 5.16.1 OR 5.15.14This issue has been resolved.32054805CVE-2019-10086: APACHECOMMONS BEANUTILSUPDATE TO AT LEAST 1.9.4This issue has been resolved.31974483CVE-2020-5421: SPRINGFRAMEWORK UPDATE TOAT LEAST 5.2.9, 5.1.18,5.0.19, OR 4.3.29This issue has been resolved.Software Updates in Release 9.1.0.6.0The following are software updates in release 9.1.0.6.0: Resolved Issues in 9.1.0.6.0Resolved Issues in 9.1.0.6.0The following table lists the issues resolved in release 9.1.0.6.0:xvi
What's New in the Oracle Identity Manager Advanced Connector for IBM RACF?Bug NumberIssueResolution31046304IPV6 support for RACF.This issue has been resolved.31046245OIM RACF CONNECTORSUPPORT FOR IPV6.This issue has been resolved.32491842RACF 9.1.0.5 ADDUSERcommand failedThis issue has been resolved.32613512RACF 9.1.0.X None of the RACF This issue has been resolved.delete Events are gettingprocessed completely. All aregetting stuck in 'Event Received'Software Updates in Release 9.1.0.5.1The following are software updates in release 9.1.0.5.1: Resolved Issues in 9.1.0.5.1Resolved Issues in 9.1.0.5.1The following table lists the issues resolved in release 9.1.0.5.1:Bug NumberIssueResolution32430567RACF 9.1.0.5 LMTS updated inalternate IT Resource whenScheduled Task is run.This issue has been resolved.31829404RACF 9.1.x - Recon TimezoneIssue On OIM scheduled jobpage , in 'LDAP Time Zone' fieldenter the Timezone databasename value instead of theabbreviated timezone.This issue has been resolved.To find out TimeZone databasename value refer to List of tzdatabase time zones .Sample value: America/New York instead of ESTSoftware Updates in Release 9.1.0.5.0The following are software updates in release 9.1.0.5.0: Support for Filtering Secondary IT Resource Parameter Added Additional Jobs Resolved Issues in 9.0.1.5.0Support for FilteringSupport for filtering has been added for the following jobs: RACF Reconcile All Users RACF Reconcile All LDAP Usersxvii
What's New in the Oracle Identity Manager Advanced Connector for IBM RACF?Secondary IT Resource Parameter AddedSecondary IT Resource Parameter has been added for the following job: RACF Reconcile All LDAP UsersAdditional JobsThe following jobs have been added to fetch groups from the mainframe: RACF Reconcile Groups to Internal LDAP RACF Find All LDAP GroupsResolved Issues in 9.1.0.5.0The following table lists the issues resolved in release 9.1.0.5.0:Bug NumberIssueResolution31598874RACF 9.1.0.3 - Doesn't have"Support for Filtering"capability on ReconciliationThis issue has been resolved.29998398Provided a new job on OIM tofetch Groups from Mainframeto Internal LDAP and anotherjob on OIM to get the Groupsfrom LDAP and load thelookup in OIM.This issue has been resolved.30788999'RACF Reconcile All LDAPUsers' doesn't haveSecondary IT ResourceParameter.This issue has been resolved.Software Updates in Release 9.1.0.4.0The following are software updates in release 9.1.0.4.0: Addition of a New Property in the racf.properties File Resolved IssuesAddition of a New Property in the racf.properties FileA new property, sendAltGrpWithMembershipUpdate, has been added to theracf.properties file. Use this property to determine if other group attributes can bemodified along with the membership update.See Setting Connection Properties for more information about this property.Resolved Issues in Release 9.1.0.4.0The following table lists the issues resolved in release 9.1.0.4.0:xviii
What's New in the Oracle Identity Manager Advanced Connector for IBM RACF?Bug NumberIssueResolution31941015When voyager tried to write back This issue has been resolved.information to the LDAP gateway,it would fail with the followingerror:cn XXXX,ou racf,ou Groups,dc system,dc backendcannot be parsed as avalid DN: The providedvalue "UID" could not beparsed as a validdistinguished namebecause the last nonspace character was partof the attribute name'UID'. It will beexcluded from the set ofgroup members31940817Duration required to run theThis issue has been resolved.RACF Reconcile Users ToInternal LDAP schedule job waslong resulting in fewer number ofusers being reconciled.31829404Due to unsuccessful timezoneconversion upon a reconciliatonoperation, logs displayedtimezone in the EST -5 hrsformat.This issue has been resolved.Unable to search the keyThis issue has been resolved.31753123VOYSDV54 when the logger waspresent in the INFO mode.31910630Error resulted in logs due toThis issue has been resolved.prompt for update user/accountoperation even before completionof create user/account operation.xix
What's New in the Oracle Identity Manager Advanced Connector for IBM RACF?Bug NumberIssueResolution32121259Below lines from the config.ldifThis issue has been resolved.file of the LDAP Gateway version6.8.0 have been removed toincrese performance:ds-cfg-index-type:presence -- removedfrom settings underdn:ds-cfgattribute cn,cn Index,ds-cfg-backendid userRoot,cn Backends,cn configds-cfg-index-type:substring -- removedfrom settings underdn:ds-cfgattribute objectClass,cn Index,ds-cfgbackendid userRoot,cn Backends,cn configds-cfg-index-type:presence -- removedfrom settings underdn:ds-cfgattribute uid,cn Index,ds-cfg-backendid userRoot,cn Backends,cn configSoftware Updates in Release 9.1.0.3.0The following are software updates in release 9.1.0.3.0: Support for New Oracle Identity Governance Release Addition of a New Parameter in the Pioneer Control File Addition of New Informational Messages Resolved IssuesSupport for New Oracle Identity Governance ReleaseFrom this release onward, you can install and use the connector with Oracle IdentityGovernance 12c PS4 (12.2.1.4.0).See Table 1-1 for the full list of certified Oracle Identity Governance releases.Addition of a New Parameter in the Pioneer Control FileA new parameter, EXPORT MON, has been added to theHLQ.PIONEER.CONTROL.FILE file. Use this parameter to specify whether you wantto monitor user or group imports with messages displayed for every specified numberof records. By default, the value of this parameter is set to NO.xx
What's New in the Oracle Identity Manager Advanced Connector for IBM RACF?See Configuring the Provisioning Agent for more information about this parameter and thepermitted values.Addition of New Informational MessagesThe IDFRPI066 and IDFRPI067 informational message IDs have been added as a result ofintroduction of the EXPORT MON parameter in the HLQ.PIONEER.CONTROL.FILE file.See Pioneer Messages for the message IDs and its corresponding text.Resolved Issues in Release 9.1.0.3.0The following table lists the issues resolved in release 9.1.0.3.0:Bug NumberIssueResolution30955398The number of recordsprocessed by the RACFROUbatch job was logged incorrectlyin theHLQ.PIONEER.IMPORTU.FILEdataset. The count in theHLQ.PIONEER.IMPORTU.FILEdataset was double the numberof records processed.This issue has been resolved.31009468When you updated the displayThis issue has been resolved.name of an account in the targetsystem, only the value of the snattribute in LDAP was updated.The cn value was not updated.31046369The IT Resource field was notconfigured as a key field forreconciliation matching.This issue has been resolved.Software Updates in Release 9.1.0.2.0The following is a software update in release 9.1.0.2.0:Customizing the IRREVX01 RACF Command ExitFrom this release onward, you can integrate any custom version of the RACF command exit(IRREVX01) in your environment with the connector-specific version of the IRREVX01 exit(module name: IDFINSTX). The connector installation package includes sample files that letyou add your modifications and then integrate different versions of the IRREVX01 exit.See Customizing the Reconciliation Exit for more information about working with customreconciliation exit routines.Software Updates in Release 9.1.0.1.0The following are the software updates in release 9.1.0.1.0: Transformation of LDAP Gateway Attributes Running Multiple Instances of the LDAP Gateway on the Same Host CRUD Operations on RACLIST Resource Classesxxi
What's New in the Oracle Identity Manager Advanced Connector for IBM RACF?Transformation of LDAP Gateway AttributesBy including transformation rules within the LDAP INSTALL DIR/conf/customerconfiguration.properties file, you can configure the LDAP gateway totransform the gateway attributes in search results.See Configuring Transformation of the LDAP Gateway Attributes for more informationon the transformation rules to include and its format.Running Multiple Instances of the LDAP Gateway on the Same HostFrom this release onward, you can run multiple instances of the LDAP Gateway on thesame host.See Configuring Multiple Instances of the LDAP Gateway for more information onconfiguring and running multiple gateway instances in your environment.CRUD Operations on RACLIST Resource ClassesThe connector provides support for performing CRUD operations on RACLISTresource classes. To support this feature, the "supportedResourceClasses" propertyhas been added to racf.properties file that is located in the LDAP INSTALL DIR/conf directory.See the "supportedResourceClasses" property in Table 2-2 for more information onconfiguring the connector for this feature.Software Updates in Release 9.1.0.0.0The following are the software updates in release 9.1.0.0.0: Support for New Oracle Identity Governance Release Support for New Target System Version Detailed Audit Logs Support for High Availability and Disaster Recovery in the LDAP Gateway Support for Reconciling Space Character in TSO Command Dynamic Allocation of the Voyager DEBUGOUT Parameter Support for RACLINK Command Support for a New Diagnostic Tool Addition of New Parameters to Pioneer and Voyager Support for 256-Bit TCP/IP EncryptionSupport for New Oracle Identity Governance ReleaseFrom this release onward, the connector can be installed and used on Oracle IdentityGovernance release12.2.1.3.0. Be sure to download and apply the 28682376
The terms governing the U.S. Government's use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. . Understanding the Caching Layer2-28. . IBM RACF Connector Deployment on Oracle Identity Manager. Running the Connector Installer3-1.
