14-24 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management ?xml version=1.0 encoding=UTF-8? container-rules user rule expressionCountry=INexpression containercn=Users,dc=idm,dc=sun,dc=comcontainer rule rule expressionDefaultexpression containercn=Users,dc=mycompany,dc=comcontainer descriptionUserContainerdescription rule user role rule expressionDefaultexpression containercn=Groups,dc=mycompany,dc=comcontainer descriptionRoleContainerdescription rule role container-rules 2. Import this configuration to MDS. Modify the weblogic.properties file under OIM_ORACLE_HOMEbin as follows. wls_servername=OIM server name For example, WLS_OIM1. application_name=OIMMetadata metadata_from_loc = u01tmp metadata_files=dbLDAPContainerRules.xml 3. Set the OIM_ORACLE_HOME environment variable to the appropriate directory. 4. Run the following command to import the configuration file into MDS. The file weblogicImportMetadata.sh is located under OIM_ORACLE_HOMEbin sh .weblogicImportMetadata.sh Please enter your username [weblogic] :weblogic Please enter your password [weblogic] :Weblogic user password Please enter your server URL [t3:localhost:7001 :t3:ADMINVHN.mycompany.com:7001 5. To activate the new rules, restart the Oracle Identity Manager Servers wls_oim1 and wls_oim2 as described in Section 20.1, Starting and Stopping Oracle Identity Management Components.

14.17.2 Updating IT Resource for Oracle Identity Manager Integration

Using the Oracle Identity Manager advanced console, update the directory server IT resource with Oracle Virtual Directory information. The steps are as follows: Note: This is only used to load the data, so it is only necessary to specify one Oracle Identity Manager server. Extending the Domain with Oracle Identity Manager 14-25 1. Log in to the OIM Console at: https:sso.mycompany.com:443oim

2. Click Advanced to go to the advanced console.

3. On the advanced console page, in the Configuration section, click the link for Manage IT Resource . The Manage IT Resource window appears.

4. In the Manage IT Resource window, under IT Resource Type, choose Directory

Server , then click Search. 5. In the resulting list of resources in the IT Resource Name section, choose the Directory Server link for that instances information. The View IT Resource window appears.

6. Click Edit in the View IT Resource window and enter your LDAP server

information. ■ Admin Login: Bind dn to connect to the Oracle Virtual Directory server ■ Admin Password: Bind password to connect to the Oracle Virtual Directory server ■ Search Base: LDAP Container DefaultnamingContext for all users and groups ■ Server URL: Oracle Virtual Directory host and port, ldap:idmhost1.mycompany.com:389 ■ Server SSL URL: ldaps:idmhost1.mycompany.com:636 ■ User Reservation Container: Container used for reserving user id, for example: l=reserve,dc=mycompany,dc=com

7. Click Update and close the window.

14.17.3 Updating the Incremental Reconciliation Changelog Number

Whenever the environment is initially set up as a non-split profile and then converted to a split profile, some incremental jobs were run before the conversion. As a result, the last changelog number field is not in a format that the split profile environment can decipher. This results in all subsequent incremental jobs failing with the error message: Failed:oracle.iam.scheduler.exception.RequiredParameterNotSetException: The value is not supported. To resolve the error, you must update the last changelog number needs to 0, as follows: 1. Log in to the OIM Console at: https:sso.mycompany.com:443oim

2. Click Advanced on the top right pane.

3. Click Search Scheduled Jobs.

4. On the navigation bar in the left pane, perform a search on LDAP.

5. Click LDAP User Create and Update Reconciliation Job.

6. Click Search Scheduled Jobs.

7. On the navigation bar in the left pane, perform a search on LDAP.

8. Click LDAP User Create and Update Reconciliation Job.

14-26 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management 9. Update the entry to 0.

10. Click Apply.

11. Click Run Now.

Repeat Steps 1-11 for all the incremental reconciliation jobs: ■ LDAP Role Create and Update Reconciliation ■ LDAP Role Membership Reconciliation ■ LDAP Role Hierarchy Reconciliation ■ LDAP User Delete Reconciliation ■ LDAP Role Delete Reconciliation

14.18 Backing Up the Application Tier Configuration