Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Reconciling OUD groups as OIG roles in vanilla OIG

4137610Jan 14 2020 — edited Jan 23 2020

OIG 12c is a fresh vanilla environment.

We are attempting to reconcile "roles" and "memberships" from OUD 12c to OIG 12c.

OUD 12c contains Users and Group records extracted and imported from some existing OUD 11g environment.

Idea is to reconcile all Groups from OUD 12c to land up as Roles in OIG 12c.

Is that possible? 

Steps attempted were-

Step 1. Unziped connector binary oid-12.2.1.3.0.zip to ConnectorDefualtDirectory

Step 2. In Sysadmin console, Manage Connector -> configure connector by selecting 'ODSEE/OUD/LDAPV3 Connector 12.2.1.3.0'

Step 3. In Sysadmin console, IT Resource -> updated 'DSEE Server' with OUD connection parameters and Configuration lookup value equals 'Lookup.LDAP.OUD.Configuration'

Step 4. In Sysadmin console, Form Designer -> created a form instance for 'Resource Type' equals 'LDAP User'

(Not sure if a Form Instance is to be created for LDAP "Groups" - above one was for LDAP "User" - please clarify this point !!!)

Step 5. In Sysadmin console, Application Instances -> created an application instance for 'Resource Object' equals 'LDAP User' and 'IT Resource' equals 'DSEE Server' and 'Form Instance' equals the one created in 'Step 4'

Step 6. In Sysadmin console, ran job "LDAP Connector OU Lookup Reconciliation"

Step 7. In Sysadmin console, ran job "LDAP Connector Group Lookup Reconciliation"

Step 8. In Sysadmin console, ran job "Catalog Synchronization Job"

Step 9. Then reconciled all users from OUD to OIG. (This was done by setting up Application Onboarding using OUD as Trusted source and running the job tha got created for the application "OUD12cTrustedApp LDAP Connector User Search Reconciliation")

Result -> Users got successfully reconciled in OIG (Identity console -> Manage -> Users -> shows users of OUD)

Step 10. In Sysadmin console, ran job "LDAP Connector Group Search Reconciliation"

Result -> No roles got reconciled in OIG (Identity console -> Manage -> Roles -> shows no roles of OUD)

Is this the correct procedure for reconciling roles and memberships available as OUD groups?

Thanks in advance!
This post has been answered by Srinath Menon-Oracle on Jan 21 2020
Jump to Answer

Comments

4137610

Hello,

Any insights on this?

Thank you.

4137610

Any insights?

Sandeep Kumar sk

Check this connector guide for OUD section 5.4. (Reconciling OUD Groups Under One Organization in Oracle Identity Manager)

Note: Oracle Identity Governance 12c PS3 supports most of the Oracle Identity Manager 11g connectors through CI-based implementation. The above link is for CI-based implementation.

Srinath Menon-Oracle

This requirement can be done only by Trusted mode of roles/groups reconciliation but this functionality is not supported with OUD Connector as in reconciling OUD groups (and memberships) as roles to OIM .

4137610

Thank you Sri.

Tend to agree with this.  We also noticed it may need a ".Trusted" keyword in the Configuration Lookup value of 'DSEE Server' IT Resource (meaning, "Lookup.LDAP.OUD.Configuration.Trusted") for this to operate.  However was not sure like if that configuration was supported.

Is there no way to reconcile OUD Groups into a fresh new vanilla OIG environment as OIG Roles?

We don't need to actually engage OUD as well.  Since our end goal to do a migration from OIM 11g to OIG 12c.  Thus will it be better to use UserManagement / RoleManagement APIs to get all Users, Roles and Organizations from OIM 11g and push them into OIG 12c using APIs.  We don't need to migrate user's Passwords - since OAM (SSO login) will be used for login to OIG eventually.

Thank you.

Srinath Menon-Oracle
Answer 
Is there no way to reconcile OUD Groups into a fresh new vanilla OIG environment as OIG Roles?

In the current system OOTB there is no way to achieve this.

Marked as Answer by 4137610 · Sep 27 2020
1 - 6

Post Details

Added on Jan 14 2020
#identity-management, #identity-manager
6 comments
551 views