Oracle Internet Directory Application Developer's Guide Release 9.2 Part Number A96577-01 |
|
This chapter explains how to develop applications that can use the Oracle Directory Provisioning Integration Service in the Oracle Directory Integration Platform. These applications can be either legacy or third-party applications that are based on the Oracle platform.
This chapter contains these topics:
See Also:
The chapter on the Oracle Directory Provisioning Integration Service in Oracle Internet Directory Administrator's Guide |
You should be familiar with:
In addition, Oracle Corporation recommends that you understand Oracle9iAS Single Sign-On.
This section gives an overview of the usage model for an agent for a provisioning-integrated application.
Figure 8-1 shows the lifecycle of the application that obtains provisioning events.
oidprovtool
.To develop applications for synchronized provisioning, you perform these general tasks:
This section contains these topics:
Modify the installation logic for each application to run a post-installation configuration tool.
During application installation, the application invokes the Provisioning Subscription Tool, oidProvTool. The general pattern of invoking this tool is:
oidprovtool param1=<p1_value> param2=<p2_value> param3=<p3_value> ...
See Also:
|
First, create users in Oracle Internet Directory. Then enroll them in the application.
When using either of these interfaces, you must enable the Oracle Directory Provisioning Integration Service to identify users presently enrolled in the application. This way, the delete events it sends correspond only to users enrolled in the application.
Implement the application logic so that the user_exists
function verifies that a given user in Oracle Internet Directory is enrolled in the application.
The Oracle Directory Provisioning Integration Service primarily propagates the user deletion events from Oracle Internet Directory to the various provisioning-integrated applications.
With the PL/SQL callback interface, then the application registers with the Oracle Directory Provisioning Integration Service and provides:
The Oracle Directory Provisioning Integration Service in turn connects to the application database and invokes the necessary PL/SQL procedures.
Figure 8-2 illustrates the system interactions for the PL/SQL callback interface.
As Figure 8-2 shows, the deletion of a user from an application comprises these steps:
user_exists()
function of the provisioning event interface of the application.user_delete()
function of the provisioning event interface.Step 5 is the responsibility of the provisioning-integrated application developer.
You must enable the de-installation logic for each provisioning-integrated application to run the Provisioning Subscription Tool (oidprovtool
) that unsubscribes the application from the Oracle Directory Provisioning Integration Service.
As stated in "Development Tasks for Provisioning Integration", you must develop logic to consume events generated by the Oracle Directory Provisioning Integration Service. The interface between the application and the Oracle Directory Provisioning Integration Service can be either table-based or use PL/SQL callbacks.
See Also:
"Development Usage Model for Provisioning Integration" for information about how to use these interfaces |
The PL/SQL callback interface requires you to develop a PL/SQL package that Oracle Directory Provisioning Integration Service invokes in the application-specific database. Choose any name for the package, but be sure to use the same name when you register the package at subscription time. Implement the package by the following PL/SQL package specification:
Rem Rem NAME Rem ldap_ntfy.pks - Provisioning Notification Package Specification. Rem DROP TYPE LDAP_ATTR_LIST; DROP TYPE LDAP_ATTR; -- LDAP ATTR ---------------------------------------------------------------- -- -- Name : LDAP_ATTR -- Data Type : OBJECT -- DESCRIPTION : This structure contains details regarding -- an attribute. -- ---------------------------------------------------------------- CREATE TYPE LDAP_ATTR AS OBJECT ( attr_name VARCHAR2(255), attr_value VARCHAR2(2048), attr_bvalue RAW(2048), attr_value_len INTEGER, attr_type INTEGER -- (0 - String, 1 - Binary) attr_mod_op INTEGER ); / GRANT EXECUTE ON LDAP_ATTR to public; ------------------------------------------------------------- -- -- Name : LDAP_ATTR_LIST -- Data Type : COLLECTION -- DESCRIPTION : This structure contains collection -- of attributes. -- ------------------------------------------------------------- CREATE TYPE LDAP_ATTR_LIST AS TABLE OF LDAP_ATTR; / GRANT EXECUTE ON LDAP_ATTR_LIST to public; ------------------------------------------------------------------------------- -- -- NAME : LDAP_NTFY -- DESCRIPTION : This a notifier interface implemented by Provisioning System -- clients to receive information about changes in OID. -- The name of package can be customized as needed. -- The functions names within this package SHOULD NOT be changed. -- -- ------------------------------------------------------------------------------- CREATE OR REPLACE PACKAGE LDAP_NTFY AS -- -- LDAP_NTFY data type definitions -- -- Event Types USER_DELETE CONSTANT VARCHAR2(256) := 'USER_DELETE'; USER_MODIFY CONSTANT VARCHAR2(256) := 'USER_MODIFY'; GROUP_DELETE CONSTANT VARCHAR2(256) := 'GROUP_DELETE'; GROUP_MODIFY CONSTANT VARCHAR2(256) := 'GROUP_MODIFY'; -- Return Codes (Boolean) SUCCESS CONSTANT NUMBER := 1; FAILURE CONSTANT NUMBER := 0; -- Values for attr_mod_op in LDAP_ATTR object. MOD_ADD CONSTANT NUMBER := 0; MOD_DELETE CONSTANT NUMBER := 1; MOD_REPLACE CONSTANT NUMBER := 2;
A callback function invoked by the Oracle Directory Provisioning Integration Service yo check if a user is enrolled with the application
FUNCTION user_exists ( user_name IN VARCHAR2, user_guid IN VARCHAR2, user_dn IN VARCHAR2)
Parameter | Description |
---|---|
|
User identifier |
|
Global user identifier |
|
DN attribute of the user entry |
Returns a (any) positive number if the user exists
A callback function invoked by the Oracle Directory Provisioning Integration Service to check whether a group exists in the application.
FUNCTION group_exists ( group_name IN VARCHAR2, group_guid IN VARCHAR2, group_dn IN VARCHAR2) RETURN NUMBER;
Parameter | Description |
---|---|
group_name |
Group simple name |
group_guid |
GUID of the group |
group_dn |
DN of the group entry |
Returns a positive number if the group exists. Returns zero if the group doesn't exist.
A callback function invoked by the Oracle Directory Provisioning Integration Service to deliver change notification events for objects modeled in Oracle Internet Directory. Currently modify and delete change notification events are delivered for users and groups in Oracle Internet Directory. While delivering events for an object (represented in Oracle Internet Directory),the related attributes are also sent along with other details. The attributes are delivered as a collection (array) of attribute containers, which are in un-normalized form--that is, if an attribute has two values then two rows would be sent in the collection.
FUNCTION event_ntfy ( event_type IN VARCHAR2, event_id IN VARCHAR2, event_src IN VARCHAR2, event_time IN VARCHAR2, object_name IN VARCHAR2, object_guid IN VARCHAR2, object_dn IN VARCHAR2, profile_id IN VARCHAR2, attr_list IN LDAP_ATTR_LIST ) RETURN NUMBER;
On success returns a positive number. On failure returns zero.
|
Copyright © 1999, 2002 Oracle Corporation. All Rights Reserved. |
|