12-6 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform Figure 12–3 illustrates the provisioning data flow using the Pre-Data Entry and Post-Data Entry plug-ins. Figure 12–3 Provisioning Data Flow As illustrated in Figure 12–3 , the provisioning data flow follows this process: 1. Base user information is created. 2. The Pre-Data Entry plug-in is invoked, which populates fields according to policies. 3. The Post-Data Entry plug-in is invoked, which validates data entered by the user. 4. Depending on the provisioning approach, either asynchronous or synchronous provisioning procedures are invoked. If provisioning is performed with the Provisioning Console, then after the Pre-Data Entry Plug-in is invoked, but before the Post-Data Entry plug-in is invoked, an administrator can modify the application attributes.

12.4 Overview of Provisioning Methodologies

This section describes the procedures for provisioning users in Oracle Identity Management. It contains these topics: ■ Provisioning Users from the Provisioning Console ■ Provisioning Users that are Synchronized from an External Source ■ Provisioning Users Created with Command-Line LDAP Tools ■ Bulk Provisioning Using the provProfileBulkProv Tool ■ On-Demand Provisioning ■ Application Bootstrapping Understanding the Oracle Directory Integration Platform for Provisioning 12-7

12.4.1 Provisioning Users from the Provisioning Console

You can use the Provisioning Console to centrally manage user provisioning and deprovisioning of one or more users simultaneously. The console includes a wizard-based interface for creating, modifying, and deleting individual users, and for selectively provision and deprovision users for any provisioning-integrated applications. The Provisioning Console also supports bulk user creation, modification, and deletion of users from an LDIF file. See Bulk Provisioning Using the provProfileBulkProv Tool on page 12-7 for more information.

12.4.2 Provisioning Users that are Synchronized from an External Source

When Oracle Internet Directory is used as a central repository and enterprise user entries are synchronized from third-party directories to Oracle Internet Directory, each user identity is automatically provisioned according to the default provisioning policy of each provisioning-integrated application.

12.4.3 Provisioning Users Created with Command-Line LDAP Tools

Any tools developed by Oracle or third-party vendors that use standard command-line LDAP syntax can create user entries in Oracle Internet Directory. As with user entries that are synchronized from external sources, any user entries created with command-line LDAP tools or any other means are provisioned according to the default provisioning policies for each provisioning-integrated application.

12.4.4 Bulk Provisioning Using the provProfileBulkProv Tool

Use the provProfileBulkProv utility, located in the ORACLE_HOMEbin directory, to perform initial migration of data from an LDIF file to Oracle Internet Directory for a provisioning profile.

12.4.4.1 Syntax for provProfileBulkProv

provProfileBulkProv provProfileBulkProv -h HOST -p PORT -D wlsuser -file LDIF_FILE -realm REALM_DN [-ssl -keystorePath PATH_TO_KEYSTORE -keystoreType TYPE] [-encoding INPUT_ENCODING] [-help] Notes: ■ Best security practice is to provide a password only in response to a prompt from the command. ■ You must set the WLS_HOME and ORACLE_HOME environment variables before executing any of the Oracle Directory Integration Platform commands ■ The Oracle WebLogic Managed Server where Oracle Directory Integration Platform is deployed must be configured for SSL to execute this command in SSL mode. Refer to the Configuring SSL chapter in Oracle Fusion Middleware Securing Oracle WebLogic Server for more information.