Oracle Internet Directory Administrator's Guide Release 9.2 Part Number A96574-01 |
|
If you store employee data in Oracle Internet Directory, and if you use Oracle Human Resources to create, modify, and delete that data, then you must ensure that the data is synchronized between the two. The Oracle Human Resources connector enables you to do this.
This chapter introduces the Oracle Human Resources connector and explains how to deploy it. It contains these topics:
The Oracle Human Resources connector enables you to import a subset of employee data from Oracle Human Resources into Oracle Internet Directory. It is installed, with a default configuration, along with Oracle Internet Directory. It is ready to run out of the box.
You can schedule the Oracle Human Resources connector to run at any time, configuring it to extract incremental changes from the Oracle Human Resources system as often as every second. You can also set and modify attribute mapping between Oracle Human Resources and Oracle Internet Directory.
The Oracle Human Resources connector executable name is odihragent
and is located in the $
ORACLE_HOME/ldap/odi/bin
directory. You can manage the Oracle Human Resources connector by using Oracle Directory Manager.
Table 33-1 lists the tables in the Oracle Human Resources schema, most of whose attributes you can import into Oracle Internet Directory:
Table Name | Alias Used in the Connector Config Info Field |
---|---|
PER_PEOPLE_F |
PER |
PER_ADDRESSES |
PA |
PER_PERIOD_OF_ SERVICE |
PPS |
PER_PERSON_TYPE |
PPT |
All of these tables are visible if the login to the Oracle Human Resources database is done with the apps account.
Because attributes can be added or deleted at runtime from the configuration file, the Oracle Human Resources connector dynamically creates a SQL statement that selects and retrieves only the required attributes.
Table 33-2 shows some of the fields in the Oracle Human Resources user interface. These fields appear when you add or modify employee data.
This section contains these topics:
To deploy the Oracle Human Resources connector, you must create a directory integration profile for it in Oracle Internet Directory. You can do this by using the procedures outlined in Chapter 30, "Oracle Directory Integration Server Administration". However, if you have a server installation--that is, a typical installation--then you can use the default integration profile that the Oracle Universal Installer created in the directory for you. A client-only installation does not include this integration profile.
The integration profile contains several attributes and attribute values. Table 33-3 lists these attributes by both their friendly names as used by Oracle Directory Manager--for example, Profile Name
--and their actual names--for example, orclodipAgentName
. It provides a description of each attribute, and, where appropriate, the default values in the Oracle Human Resources connector integration profile. Some cells in Table 33-3 contain italicized text providing information and instructions specific to the Oracle Human Resources connector
Attribute | Description |
---|---|
General Information |
|
Profile Name ( |
Unique name by which the connector is identified in the system, used as an RDN component of the DN that identifies the integration profile. The name can contain only alpha-numeric characters. This attribute is mandatory and not modifiable. The default name is |
Profile Status ( |
Indicates whether the connector is enabled or disabled. Valid values are The default is You must set this value to |
Profile Password ( |
This is the password that the directory integration server uses to bind to Oracle Internet Directory on behalf of the profile. This attribute is mandatory and modifiable. Set this value to whatever password you want the Oracle Human Resources Profile to use. |
Execution Host ( |
Host on which the connector runs. This attribute is mandatory and modifiable. In Release 9.2. this attribute is ignored. |
Synchronization |
The direction of synchronization between Oracle Internet Directory and a connected directory.
This attribute is mandatory and modifiable. Note: Oracle Internet Directory Release 9.2 supports import operations only for Oracle Human Resources. |
Scheduling Interval |
Time interval in seconds after which a connected directory is synchronized with Oracle Internet Directory. The default is This attribute is mandatory and modifiable. |
Max Number of Retries ( |
Maximum number of times the directory integration server would try to perform synchronization before giving up. It will then retry at the next scheduled time. This attribute is mandatory and modifiable. |
Execution Information |
|
Agent Execution Command |
Connector executable name and argument list used by the directory integration server to execute the connector. This attribute is mandatory and modifiable. The default is: odihragent connect=hrdb \ login=%orclodipConDirAccessAccount \ pass=%orclodipConDirAccessPassword \ date=%orclODIPLastSuccessfulExecutionTime \ You must set the value in the argument |
Connected Directory Account ( |
Valid user account in the Oracle Human Resources system that you want to access changes in the Oracle Human Resources system. This information is passed by the directory integration server to the connector in the command line at time of connector's invocation. This attribute is optional and modifiable. |
Connected Directory Account Password ( |
Password for the user account accessing the Oracle Human Resources system. It is passed by the Directory integration server to the connector at time of connector invocation. This attribute is optional and modifiable. |
Additional Config Info ( |
Any configuration information that you want an connector to store in Oracle Internet Directory. It is passed by the directory integration server to the connector at time of connector invocation. The information is stored as an attribute and the directory integration server does not have any knowledge of its content. The value stored in this attribute represents (for Oracle Human Resources connector) all attributes that need to be synchronized from Oracle Human Resources. See Also: "Customizing the List of Attributes to Be Synchronized with Oracle Internet Directory" This attribute is mandatory for the Oracle Human Resources connector, and modifiable by editing the configuration file and uploading it again into the profile. |
Interface Type |
The interface used for data transfer. Since it is in the form of a tagged file, it is set to Note: You should not modify this attribute for Oracle Human Resources Profile. |
Mapping Information |
|
Mapping Rules |
The mapping rules for mapping data between a connected directory and Oracle Internet Directory. See Also: "Registration of Connectors into Oracle Directory Integration Platform" for a discussion of the value stored in this attribute This attribute is mandatory for Oracle Human Resources and modifiable. |
Connected Directory Matching Filter |
This is not used in Oracle Human Resources connectivity. |
( |
This attribute names an LDAP filter that is used to search for a target entry in Oracle Internet Directory. The Oracle directory integration server uses this filter to find out what kind of LDAP operation it needs to do to synchronize. It is of the form It is optional and modifiable. |
Status Information |
|
( |
Indicates the execution status of the profile as it is synchronizing. This is read-only. |
Synchronization Errors ( |
Error message for the last error encountered in synchronization. This is read-only. |
Last Execution Time ( |
Time of the most recent profile execution. It is generally read-only. It can be modified to re-sync from a different point in time. |
Last Successful Execution Time ( |
Time of the most recent successful profile execution. It is generally read-only. It can be modified to re-sync from a different point in time. |
Connected Directory Last Applied Change Number ( |
This attribute, standard for all profiles, does not apply to the Oracle Human Resources synchronization. |
OID Last Applied Change Number ( |
This attribute, standard for all EXPORT profiles, does not apply to Oracle Human Resources synchronization. |
You can customize the list of Oracle Human Resources attributes you want to synchronize with Oracle Internet Directory. To help you do this, Oracle Internet Directory includes a default list of Oracle Human Resources attributes to be synchronized. You can modify this list by including additional attributes in it, or excluding some from it.
The default attribute list is stored in the orclodipAgentConfigInfo
attribute as part of the integration profile. The integration profile is loaded into Oracle Internet Directory as part of a typical installation. The list is also contained in the file named oraclehragent.cfg.master
and is located under the $
ORACLE_HOME/ldap/odi/conf
directory.
The columns in the default list of Oracle Human Resources attributes are:
The oraclehragent.cfg.master
file contains the following:
ATTRNAME:COLUMN_NAME:TABLE_NAME:FORMAT:MAP
PersonId:person_id:PER:NUMBER:Y
PersonType:person_type_id:PER:NUMBER:Y
PersonTypeName:system_person_type:PPT:ASCII:Y
LastName:last_name:PER:ASCII:Y
StartDate:start_date:PER:DATE:Y
BirthDate:date_of_birth:PER:DATE:Y
EMail:email_address:PER:ASCII:Y
EmployeeNumber:employee_number:PER:NUMBER:Y
FirstName:first_name:PER:ASCII:Y
FullName:full_name:PER:ASCII:Y
knownas:known_as:PER:ASCII:Y
MaritalStatus:marital_status:PER:ASCII:Y
middleName:middle_names:PER:ASCII:Y
country:country:PA:ASCII:Y
socialsecurity:national_identifier:PER:ASCII:Y
Sex:sex:PER:ASCII:Y
Title:title:PER:ASCII:Y
suffix:suffix:PER:ASCII:Y
street1:address_line1:PA:ASCII:Y
zip:postal_code:PA:ASCII:Y
Address1:address_line1:PA:ASCII:Y
Address2:address_line2:PA:ASCII:Y
Address3:address_line3:PA:ASCII:Y
TelephoneNumber1:telephone_number_1:PA:ASCII:Y
TelephoneNumber2:telephone_number_2:PA:ASCII:Y
TelephoneNumber3:telephone_number_3:PA:ASCII:Y
town_or_city:town_or_city:PA:ASCII:Y
state:region_2:PA:ASCII:Y
Start_date:effective_start_date:PER:DATE:Y
End_date:effective_end_date:PER:DATE:Y
per_updateTime:last_update_date:PER:DATE:Y
pa_updateTime:last_update_date:PA:DATE:Y
To include additional Oracle Human Resources attributes for synchronization, follow these steps:
oraclehragent.cfg.master
file and name it anything other than Agent_Name
.cfg
. This is because the directory integration server generates a configuration file with that name, using it to pass the configuration information to the Oracle Human Resources connector at run time.You also need to assign an attribute name to the column name. This acts as the output tag by which this attribute is identified in the output file. This tag is also used in the mapping rules to establish a rule between the Oracle Human Resources attribute and the Oracle Internet Directory attribute.
You must also ensure that the map
column--that is, the last column in the record--is set to the value Y
.
Note: If you add a new attribute in the attribute list, then you must define a corresponding rule in the |
orclodipAgentConfigInfo
attribute by using the ldapmodify tool. The changes take effect the next time the connector runs.To exclude an Oracle Human Resources attribute that is currently being synchronized with Oracle Internet Directory:
oraclehragent.cfg.master
file and name it anything other than Agent_Name
.cfg
. This is because the directory integration server generates a configuration file with that name, using it to pass the configuration information to the Oracle Human Resources connector at run time.orclodipAgentConfigInfo
attribute by using the ldapmodify tool. The changes take effect the next time the connector runs.If the previous supporting attribute configuration is not sufficient to extract data from the Oracle Human Resources database, then the Oracle Human Resources connector also supports execution of a preconfigured SQL SELECT statement in the configuration file. There is a TAG to indicate this in the config file, namely, a "[SELECT]" in the config file.
The following example shows a sample select statement to fetch some information from the Oracle Human Resources database. Note that only the SQL statement should be below the [SELECT] Tag. The BINDVAR Bind Variable needs to be there to fetch incremental changes. The substitutes passes this value (the time stamp) to the Oracle Human Resources connector.
All the columns expressions fetched in the SELECT must have column names--for example, REPLACE(ppx.email_address),'@ORACLE.COM','') is fetched as EMAILADDRESS. The Oracle Human Resources connector writes out EMAILADDRESS as the attribute name in the output file with its value as the result of the expression REPLACE(ppx.email_address),'@ORACLE.COM'''.
[SELECT] SELECT REPLACE(ppx.email_address),'@ORACLE.COM',''), EMAILADDRESS , UPPER(ppx.attribute26) GUID, UPPER(ppx.last_name) LASTNAME, UPPER(ppx.first_name) FIRSTNAME, UPPER(ppx.middle_names) MIDDLENAME, UPPER(ppx.known_as) NICKNAME, UPPER(SUBSTR(ppx.date_of_birth,1,6)) BIRTHDAY, UPPER(ppx.employee_number) EMPLOYEEID, UPPER(ppos.date_start) HIREDATE, FROM hr_organization_units hou, per_people_x ppx, per_people_x mppx, per_periods_of_service ppos WHERE pax.supervisor_id = mppx.person_id(+) AND pax.organization_id = hou.organization_id(+) AND ppx.person_id = ppos.person_id AND ppx.person_id = pax.person_id AND ppos.actual_termination_date IS NULL AND UPPER(ppx.current_employee_flag) = 'Y' AND ppx.last_update_date >= (:BINDVAR,'YYYYMMDDHH24MISS')
Attribute mapping rules govern how the directory integration server converts attributes between Oracle Human Resources and Oracle Internet Directory. You can customize the mapping rules you want the directory integration server to use.
To help you do this, Oracle Internet Directory includes a default list of Oracle Human Resources mapping rules for the Oracle Human Resources system. You configure, modify, and delete mapping rules by editing this list.
The default list of mapping rules is stored in the orclodipAttributeMappingRules
attribute in the integration profile. In addition, the rules are also in the file named oraclehragent.map.master
located under the $
ORACLE_HOME/ldap/odi/conf
directory.
The oraclehragent.map.master file contains the following:
DomainRules NONLDAP:dc=metaagt,dc=com:uid=%dc=metaagt,dc=com AttributeRules firstname: : : :cn: :person email : : : :cn: :person: trunc(email,'@') email : : : :uid: :person:trunc(email,'@') firstname,lastname: : : :cn: :person: firstname+","+lastname lastname,firstname: : : :cn: :person: lastname+","+firstname firstname,lastname: : : :sn: :person: lastname | firstname EmployeeNumber: : : :employeenumber: :inetOrgperson EMail: : : :mail: :inetOrgperson TelephoneNumber1: : : :telephonenumber: :person TelephoneNumber2: : : :telephonenumber: :person TelephoneNumber3: : : :telephonenumber: :person Address1: : : :postaladdress: :person state: : : :st: :locality street1: : : :street: :locality zip: : : :postalcode: :locality town_or_city: : : :l: :locality Title: : : :title: :organizationalperson #Sex: : : :sex: :person
In the sample mapping file, `dc=metaagt,dc=com' is assumed as the `synchronization domain'. This domain name needs to be changed according to deployment requirements.
AttributeRules firstname: : : :cn: :person lastname: : : :sn: :person lastname: : : :cn: :person : : : :cn: :person: trunc(email,'@') : : : :cn: :person: firstname+","+lastname : : : :cn: :person: lastname+","+firstname EmployeeNumber: : : :employeenumber: :inetOrgperson EMail: : : :mail: :inetOrgperson TelephoneNumber1: : : :telephonenumber: :person TelephoneNumber2: : : :telephonenumber: :person TelephoneNumber3: : : :telephonenumber: :person Address1: : : :postaladdress: :person Address1: : : :postaladdress: :person Address1: : : :postaladdress: :person state: : : :st: :locality street1: : : :street: :locality zip: : : :postalcode: :locality town_or_city: : : :l: :locality Title: : : :title: :organizationalperson Sex: : : :sex: :person socialsecurity: : : :ssn: :person country: : : :c: :country BirthDate: : : :birthday: :organizationalperson : : : :userpassword: :person: "welcome" changetype ###
The default mapping rules in the orclodipAttributeMappingRules
attribute correspond to the default Oracle Human Resources attributes list in the orclodipAgentConfigInfo
attribute. To establish mappings between Oracle Human Resources attributes and Oracle Internet Directory attributes, the mapping rules use the ATTRNAME column in each record of the Oracle Human Resources attributes list.
See Also:
"Mapping Rules and Formats" for the description of the format of the mapping rules records |
To create Oracle Human Resources attribute mapping rules, you modify the orclodipAttributeMappingRules
attribute. To do this:
oraclehragent.map.master
file to Agent_Name.tmp
.orclodipAttributeMappingRules
attribute by using the following script:$
ORACLE_HOME
/ldap/odi/admin/ldapUploadAgentFile.sh
. The changes take effect the next time the profile runs.To modify existing Oracle Human Resources attribute mapping rules, you modify the orclodipAttributeMappingRules
attribute. To do this:
oraclehragent.map.master
file Profile_Name.map
.orclodipAttributeMappingRules
attribute by using the ldapmodify tool. The changes take effect the next time the connector runs.To delete existing Oracle Human Resources attribute mapping rules, you modify the orclodipAttributeMappingRules
attribute. To do this:
oraclehragent.map.master
file and name it anything other than Agent_Name
.map
, which is reserved for use by the directory integration server.orclodipAttributeMappingRules
attribute by using the following script:$
ORACLE_HOME
/ldap/odi/admin/ldapUploadAgentFile.sh
. The changes take effect the next time the profile runs.
Note: To run shell script tools on the Windows operating system, you need one of the following UNIX emulation utilities:
|
This section explains how to set up synchronization from Oracle Human Resources to Oracle Internet Directory.
During synchronization, the Oracle Directory Integration Platform uses an import file. This file can contain a few or many changes that the Oracle Human Resources connector extracts from the Oracle Human Resources system.
This file is in the tagged format and acts as input to the Oracle directory server. It is named Oracle_HR_Agent_Name.data
and is located in $
ORACLE_HOME/ldap/odi/import
.
You do not need to modify this file, but the last version of it is stored in the directory $
ORACLE_HOME/ldap/odi/import/archive
to help you with troubleshooting.
This is an example of an Oracle Human Resources change record in the import file:
FirstName: John LastName: Liu EmployeeNumber: 12345 Title: Mr. Sex: M MaritalStatus: Married TelephoneNumber: 123-456-7891 Mail: Jliu@my_company.com Address: 100 Jones Parkway City: MyTown
To prepare for synchronization between Oracle Human Resources and Oracle Internet Directory, follow these steps:
See Also:
""Registering the Oracle Directory Integration Server" for registration instructions |
ENABLE
. This indicates that the Oracle Human Resources connector is ready to run.See Also:
"Managing the Oracle Directory Integration Server" for instructions about starting and stopping the directory integration server |
Once the Oracle Human Resources system, Oracle Internet Directory, and the directory integration server are running and the Oracle Human Resources connector is enabled, the directory integration server automatically starts synchronizing changes from the Oracle Human Resources system into Oracle Internet Directory. It follows this process:
orclodipLastExecutionTime
) and the Scheduling Interval (orclodipschedulinginterval
), the directory integration server invokes the Oracle Human Resources connector.orclodipLastSuccessfulExecutionTime
attribute in the integration profile. It writes the changes into the Oracle Human Resources import file, namely $
ORACLE_HOME
/ldap/odi/import/HR_Agent_Name.dat
. It extracts only the attributes specified in the orclodipAgentConfigInfo
attribute in the integration profile.$
ORACLE_HOME
/ldap/odi/import/archive
. The status attributes Last Execution Time (orclodipLastExecutionTime
) and Last Successful Execution Time (orclodipLastSuccessfulExecutionTime
) are updated to the current time.ORACLE_HOME
/ldap/odi/HR_Agent_Name.trc
file.There are two ways to bootstrap Oracle Internet Directory from Oracle Human Resources:
orclodipConDirLastAppliedChgTime
to a time before Oracle Human Resources was installed.See Also:
Chapter 32, "Bootstrapping of a Directory in the Oracle Directory Integration Platform" for further instructions about initial bootstrapping |
|
Copyright © 1999, 2002 Oracle Corporation. All Rights Reserved. |
|