Chat now with support
Chat mit Support

Identity Manager 8.1 - Native Database Connector User Guide for Connecting DB2 (LUW) Databases

Creating a synchronization project

A synchronization project collects all the information required for synchronizing the One Identity Manager database with a target system. Connection data for target systems, schema types and properties, mapping and synchronization workflows all belong to this.

Make the following information available for setting up a synchronization project for synchronizing with the native database connector.

Table 7: Information Required for Setting up a Synchronization Project

Data

Explanation

Synchronization server

All One Identity Manager Service actions are executed against the target system environment on the synchronization server. Data entries required for synchronization and administration with the One Identity Manager database are processed by the synchronization server.

Installed components:

  • One Identity Manager Service (started)

The synchronization server must be declared as a Job server in One Identity Manager. The Job server name is required.

For more information, see Setting up the synchronization server.

Remote connection server

To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with target system to do this. Sometimes direct access from the workstation on which the Synchronization Editor is installed is not possible, because of the firewall configuration, for example, or because the workstation does not fulfill the necessary hardware and software requirements. If direct access to the workstation is not possible, you can set up a remote connection.

The remote connection server and the workstation must be in the same Active Directory domain.

Remote connection server configuration:

  • One Identity Manager Service is started

  • RemoteConnectPlugin is installed

  • ADO.NET provider for DB2 (LUW) is installed

The remote connection server must be declared as a Job server in One Identity Manager. The Job server name is required.

 TIP: The remote connection server requires the same configuration as the synchronization server (with regard to the installed software and entitlements). Use the synchronization as remote connection server at the same time, by simply installing the RemoteConnectPlugin as well.

For more detailed information about setting up a remote connection, see the One Identity Manager Target System Synchronization Reference Guide.

Synchronization workflow

Set the option Data import in the synchronization step if synchronization data is imported from a secondary system.

For more detailed information about synchronizing user data with different systems, see the One Identity Manager Target System Synchronization Reference Guide.

Base object

You cannot normally specify a base object for synchronizing with database connectors. In this case, assignment of one base table and the synchronization server is sufficient.

  • Select the Base table from the menu in which to load the objects. The base table can be used to defined downstream processes for synchronization. For more information about downstream processes, see the One Identity Manager Target System Synchronization Reference Guide.

  • The Synchronization servers menu displays all Job servers for which the Native database connector server function is activated.

Variable set

If you implement specialized variable sets, ensure that the start up configuration and the base object use the same variable set.

To configure synchronization with the native database connector

  1. Create a new synchronization project.

  1. Add mappings. Define property mapping rules and object matching rules.

  2. Create synchronization workflows.

  3. Create a start up configuration.

  4. Define the synchronization scope.

  5. Specify the base object of the synchronization.

  6. Specify the extent of the synchronization log.

  7. Run a consistency check.

  8. Activate the synchronization project.

  9. Save the new synchronization project in the database.

Detailed information about this topic

How to Set up a Synchronization Project

There is an wizard to assist you with setting up a synchronization project. This wizard takes you all the steps you need to set up initial synchronization with a target system. Click Next once you have entered all the data for a step.

 NOTE: The following sequence describes how you configure a synchronization project if Synchronization Editor is both:

  • executed In default mode, and

  • started from the launchpad

If you execute the project wizard in expert mode or directly from Synchronization Editor, additional configuration settings can be made. Follow the project wizard instructions through these steps.

To set up a synchronization project

  1. Start the Launchpad and log on to the One Identity Manager database.

    		 NOTE: If synchronization is executed by an application server, connect the database through the application server.

  1. Select Native Database Connector and click on Run.

    This starts the Synchronization Editor's project wizard.

  1. Specify how One Identity Manager can access the target system on the System access page.

    • If access is possible from the workstation on which you started Synchronization Editor, you do not need to make any settings.

    • If access is not possible from the workstation on which you started Synchronization Editor, you can set up a remote connection.

      Enable the Connect using remote connection server option and select the server to be used for the connection under Job server.

  • Click Next to start the system connection wizard to create a connection to an external database.

  1. Select the database system to which you want to connect on the Select database system page.

    • Select DB2 (LUW).

  2. Configure the system connection. 

    For more information, see Connecting a system to a DB2 (LUW) database.

  3. You can save the current configuration as a template on the Save configuration page. When you reconnect to a database system of the same type, you can use this configuration as a template.

    • Click and enter the name and repository of the configuration file.

  4. You can save the connection data on the last page of the system connection wizard.

    • Set the Save connection locally option to save the connection data. This can be reused when you set up other synchronization projects.

    • Click Finish, to end the system connection wizard and return to the project wizard.

  1. On the One Identity Manager Connection tab, test the data for connecting to the One Identity Manager database. The data is loaded from the connected database. Reenter the password.

    		 NOTE: If you use an unencrypted One Identity Manager database and have not yet saved any synchronization projects to the database, you need to enter all connection data again. This page is not shown if a synchronization project already exists.

  2. The wizard loads the target system schema. This may take a few minutes depending on the type of target system access and the size of the target system.

  1. Select a project template on the Select project template page to use for setting up the synchronization configuration.

    		 NOTE: The native database connector does not provide a default project template for setting up synchronization. If you have created your own project template, you can select it to configure the synchronization project. Otherwise, select Create blank project.

  1. Enter the general setting for the synchronization project under General.

    Table 8: General properties of the synchronization project

    Property

    Description

    Display name

    Display name for the synchronization project.

    Script language

    Language in which the scripts for this synchronization project are written.

    Scripts are implemented at various points in the synchronization configuration. Specify the script language when you set up an empty project.

    		 IMPORTANT: You cannot change the script language once the synchronization project has been saved.

    If you use a project template, the template's script language is used.

    Description

    		 Spare text box for additional explanation.

  1. To close the project wizard, click Finish.

  2. Save the synchronization project in the database.

Connecting a System to a DB2 (LUW) Database

Table 9: Required information for connecting the system
Data Explanation
Server Name of the server on which the database server is installed. The fully qualified server name or the IP address may be given.
User account and password User account and password used by the native database connector to log in to the external database. Make a user account available with sufficient permissions.
Database Name of the external database to be synchronized.
Installed provider Provider used to connect to the external database.

To configure the connection to a DB2 (LUW) database:

  1. Enter the connection parameters on the Database connection page. Enter all the parameters required by the database connector to create a connection with the selected database system.
    • To enter additional system-specific information about the system connection, click Advanced.

    The database system connection is tested the moment you click Next.

  1. Enter a display name and a unique identifier for the database connection on the Describe the database page.

    Table 10: Name of the database

    Property

    Description

    Display name of database

    Display name of the database for display in the One Identity Manager tools.

    System identifier

    Unique identifier of the database.

    IMPORTANT: The system identifier of the database must be unique. These identifiers help to differentiate between the databases. To prevent incorrect behavior and loss of data ensure that the system identifiers are unique within the One Identity Manager environment.

    • Identifiers may not be defined more than once.

    • Identifiers must not be changed after the connection is saved.

  2. You can enter a file on the Load configuration page from which the connection configuration can be loaded. This data is used in subsequent steps in the connection wizard and can be modified there.

  3. Select the time zone for the time zone data in the database on the page, Time zone selection. The time zone is required to convert the time saved in the database into the local time. The local time is displayed in the One Identity Manager tools.

  4. You can specify additional connection settings on the Initializing page. Write a script in the database syntax to specify number and date formats, language and data sort order, for example. This script is then executed every time you connect the system.

  1. On the Select partial schemas page, you can reduce the database schema by selecting partial schemas. If the database contains several schema, specify here, which schemas are loaded into the synchronization project.
    • Enable all the schemas to process in the Partial schemas / owner list.

  1. The database schema is loaded on the Schema detection page during which One Identity Manager tries to identify a known schema.

    • If a One Identity Manager schema is detected, the Fill in system description completely option is displayed. If you only want allow read-only access to the database, you can deactivate this option.

    If the schema is loaded successfully, the next step in the sequence can be carried out.

  1. On the Extend key information page, specify columns for each table to be used as unique keys for identifying objects.

    NOTE:

    • This page is only displayed if the schema of the external database there are tables with no identifiable unique keys.
    • Tables without unique keys are not used in the synchronization configuration.
    Table 11: Defining unique keys

    Property

    Description

    Hide unconfigured tables

    Specifies whether table are hidden if no settings have been changed.

    Schema

    Tables without a unique key.

    Column is key

    Specifies whether the column contains a unique key.

    Column group

    Button for editing column groups. Create a column group, if a unique key can only be made of a combination of more than one column.

    • To create a column group, click Add

    • To edit or remove an existing column group, click Edit or remove

    Table 12: Column group properties

    Property

    Description

    Key name

    Column group identifier. Permitted characters are letters and underscore. A virtual schema property is formed from the column group with the name vrtColumnGroup<column group>.

    Columns

    Columns included in the column group. Mark all the columns that together make up the unique key.

  1. You can enter information about object relations in the Define data relations page.

    Table 13: Defining column relations

    Property

    Description

    Hide unconfigured tables

    Specifies whether table are hidden if no settings have been changed.

    Schema

    Database schema tables.

    Target(s)

    Columns to which the reference refers. Enter table and column names in the following syntax: [<schema>].<table name>.<column name>. If a reference points to several column, enter the targets in a comma delimited list. The target columns must be labeled as key columns.

    TIP: You can copy the column name of a referenced column using the Copy fully qualified column names item in the context menu and add this as a target.

    Referential integrity enabled

    Specifies whether the referential integrity of the data in the target table has been tested.

  2. You can enter additional schema information on the Complete schema page.

    Table 14: Additional schema information

    Property

    Description

    Hide unconfigured tables

    Specifies whether table are hidden if no settings have been changed.

    Schema

    Tables and schemas of the database schema.

    Display value

    Column used in the display pattern.

    • To use the column in the display pattern, click Add.

    Preferred key

    Specifies whether the column is to be primarily used for object identification. A preferred key can defined, if a table has more than one unique key. Only columns with the String data type can be selected.

    Contains sensitive data

    Specifies whether the column contains sensitive data.

    Revision counter

    Specifies whether the column contains the revision counter. The data in this column form the comparison value for revision filtering.

    Sort criteria for hierarchies

    Specify whether the column maps the path in an object hierarchy. Synchronization objects are sorted by this order. This makes it possible to resolve object dependencies. Only one column per table can be used as a sort criterion.

    Scope reference

    Specifies whether the column can be used to form the reference scope.

    Table 15: Table properties

    Property

    Description

    Display template

    Display pattern with which the objects in Synchronization Editor are displayed. The display pattern is, for example, used in error messages or test result from object matching rules. The display pattern is, for example, used in error messages or in the test results from object matching rules. Enter a display table for each display pattern.

    • To use a column in the display pattern, select a column and click Add.

  1. You can specify special operations for changing data in the external database on the Define data operations page. This is only required, if the default operations INSERT, UPDATE and DELETE cannot be used in the external database system.

    WARNING: A good knowledge of programming is required to implement data operations. Errors in this implementation can lead to loss of data.

    To define a data operation

    1. Select a table and mark the operation you want to define.

    2. Select a strategy.

    3. Enter the data operation you want to run in the Settings input field.

    Table 16: Defining data operations

    Property

    Description

    Hide unconfigured tables

    Specifies whether table are hidden if no settings have been changed.

    Table/operation

    Tables for which the data operations are to be defined.

    Strategy

    Strategy with which the data operation is created and run. A simple procedure can be called for a data operation or a script can be executed. Select the strategy you want use to define the data operation.

    Table 17: Strategies for running data operations

    Strategy

    Description

    Pattern-based

    Simple procedure call that runs the operation.

    Script-based

    Script that runs a complex data operation.

    You can use custom code snippets in the script. The code snippets must contain a keyword element with the DML keyword. For more detailed information about support for writing scripts, see the One Identity Manager Target System Synchronization Reference Guide.

    • Click to delete a data operation.

    Required columns

    List of required key columns in a script-based data operation. The columns must be entered if they are not part of the display name.

    Settings...

    Define the data operation that is to be run when objects are added, updated, or deleted. Enter the procedure call or create a script depending on the selected strategy.

    Example of a pattern-based data operation:

    exec CreateUser('%Uid%','%FirstName%','%LastName%')

    It has an advanced edit mode which provides additional actions. For detailed information about support for creating scripts, see the One Identity Manager Target System Synchronization Reference Guide.

Related Topics

Updating Schemas

All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up loading the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.

If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.

To include schema data that have been deleted through compressing and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:

  • A schema was changed by:

    • Changes to a target system schema

    • Customizations to the One Identity Manager schema

    • A One Identity Manager update migration

  • A schema in the synchronization project was shrunk by:

    • enabling the synchronization project

    • saving the synchronization project for the first time

    • compressing a schema

To update a system connection schema

  1. Select the category Configuration | Target systems.

    - OR -

    Select the category Configuration | One Identity Manager connection.

  2. Select the view General and click Update schema.

  3. Confirm the security prompt with Yes.

    This reloads the schema data.

To edit a mapping

  1. Select the category Mappings.

  2. Select a mapping in the navigation view.

    Opens the Mapping Editor. For more detailed information about mappings, see the One Identity Manager Target System Synchronization Reference Guide.

 NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.
Verwandte Dokumente