Share via

FIM 2010 R2: How to Make a Connection to Oracle Database 11g

  • Article

Prerequisites

Install FIM 2010 R2 on Windows 2008, SQL 2008. If you are using Windows 2012 or SQL 2012 then install FIM 2010 R2 SP1
2. Get the following Oracle database information from the Oracle DB Admin    

  • Name of the Oracle server
  • Name of Oracle DB instance
  • Name of the Oracle View – If connection is a view
  • Name of the Anchor field
  • Attribute info, any reference, numeric, string fields
  • Account name and password to connect to the Oracle Database 
  • Port to connect to Oracle database

Install Oracle client 11g on the FIM Server

If you are using Windows 2012 see this statement from Oracle on the minimum client version to use. I would advise going with the 12g client (64bit). For Windows 2008, I used the 11gR1 client.
The Oracle Management Agent utilizes the OLEDB functionality of the Oracle client.  If you are doing an Administrator install, be sure to include the OLEDB Provider.

  • Go to \Win64_11g_Client – make sure it is the Windows 64bit client
  • Click setup.exe
  • Click Next
  • Change path to install drive say D
  • Click Next
  • Select Runtime
  • Click Next.
  • Click Next
  • Check the first 2 boxes - Checking Operating Systems requirements and Checking service pack requirements
  • Click Next
  • Click Install
  • Installation is running and finishes
  • Click Next
  • Click finish
  • Click Exit
  • Click Yes to exit
  • Go to D:\app\product\11.1.0\client_1\network\admin
  • Open tnsnames.ora with notepad
  • Enter Oracle database information.

Sample

Oracleserver_DNS_name= 
  
               (Description =  
  
                 (Address_list - 
  
                    (Address = (Protocol = TCP)(Host = Oracleserver)(Port = 5555)) 
  
                ) 
  
                (Connect_data = 
  
                   (Service_Name = OracleDBname) 
  
                ) 
  
               )

 

  • Save the file
  • Open the sqlnet.ora with notepad
  • Enter the line below. This will make FIM always send Oracle DB account info.

sqlnet.authentication_service=(none)

  • Save the file.
  • Test connectivity to the Oracle DB from a command prompt. The package will install a command prompt client.

Configure_Oracle_MA

1.1  MA Configuration and Connectivity Details

The following table outlines the details of the MA configuration and connectivity to the Oracle server.

MA Type

Oracle

MA Name

OracleMA

 1.2  Connect to Database

FIM needs to connect to the Oracle database to get schema information. Use data obtained from Oracle Administrator 

1.3  Configure columns

The schema imported from the database will have the following columns listed. 

Database Data Name

Type

Comments

FIRSTNAME

String

 

EMPLOYEEID

String

Use this as ANCHOR

MANAGER

Reference

 

 1.4  Connector Filter Rules

Connector filter rules are used to determine whether or not a connector space object is processed during synchronization.  These are utilized to remove objects meeting specific criteria from the scope of FIM processing.  Any connected data source objects which match a connector filter rule will not be synchronized with the Metaverse. 

1.5  Join and Projection Rules

Join and projection rules govern how connector space objects are connected to the FIM Synchronization Service Metaverse.  Join rules are first applied to determine if a disconnected object (disconnector) can be joined to the Metaverse based upon defined criteria.  A projection is when a user object is projected to the Metaverse as a new object.

1.6  Attribute Flow Rules

Attribute flow rules manage how data is synchronized between a connected data source and the corresponding Metaverse object.  Attributes can be configured to import data from the connected data source to the Metaverse or export data from the Metaverse to a connected data source.  Additionally, attributes can be mapped through direct attribute mapping, advanced attribute mapping, or via a customized rules extension.

1.7  Deprovisioning Rules

Deprovisioning rules are utilized to specify what should happen to the connector space objects when they are disconnected from the Metaverse by either a provisioning rules extension or when the joined Metaverse object is deleted. 

1.8  Extensions

Extensions are utilized to configure advanced features for the management agent. Specify if any extensions file will be used

Oracle DB Connectivity Tips

  • The FIM Oracle DB MA does not support numeric type for attributes, only string or reference. This can be a problem if you are flowing the data to an attribute in the remote directory that is numeric type. An example the Countycode field in Active Directory (AD). This field is numeric which means that the Metaverse (MV) field must be numeric as well. If this data is coming from the oracle DB, the field type will be string. You have to write an extension code to convert the string data format to numeric and store it in the MV.
  • It takes between 5-10 minutes for FIM to establish the connection to the Oracle DB each time it runs. But the import and export should be fairly quick, about 15 minutes for 10000 objects.
  • Use a DB view to connect to sensitive data systems such as a Human Resource Database.
  • If a change is made to the Oracle DB view or to the Oracle DB, connectivity is lost. This may require a restart of the FIM service or a reboot of the FIM server.When connectivity is lost, the default reason assumed by FIM is that a change was made to schema. So you may find sometimes a service restart or server reboot does not fix the connectivity problem. It is advisable that each time connectivity is lost to go to the properties of the Oracle MA, connectivity page, enter the account password and click yes to the do a schema refresh. if after doing this connectivity is not restored then take a look at the Oracle client on the FIM server. Test native connectivity to the Oracle DB from the FIM server using the command prompt Oracle client.
  • Some Oracle databases especially one with sensitive information may have a database firewall controlling access to the  database. Work with the DB firewall administrator to allow connectivity from the FIM server

Oracle MA Troubleshooting tips

From FIM 2010 With ORACLE MA:
For issues connecting to the Oracle Database in the MA configuration:

  • Set (or create) the ORACLE_HOME environment variable. Should have a value of the installation path up to the client_X folder.
  • Add to the PATH environment variable the value leading up to the path where you have placed your TNSNAMES file.
  • Give access to the Synchronization Service account to the ORACLE client installation folder (make sure they are inherited up to the folder where your TNSNAMES file is stored).
  •  Verify the Oracle OLEDB provider is installed - Depending on the Oracle client installed, this may require an additional install of the Oracle ODAC components (or a custom install of the initial client) - Additional OLEDB provider for Oracle management agent