Configuring User Attributes 13-19 c. Add the following entry to the end of the target-fields tag: field name=employeeid typestringtype requiredfalserequired field d. Add the following entry to the end of the attribute-maps tag: attribute-map entity-attributeEmployee IDentity-attribute target-fieldemployeeidtarget-field attribute-map e. Import the LDAPUser.xml file in the metadataiam-features-ldap-sync directory in MDS. 3. To propagate the attribute value from LDAP to Oracle Identity Manager, perform these steps: a. Extend the RA_LDAPUSER table by adding a new column. For example, add the RECON_EMPLOYEE_ID column. b. Export the reconciliation profile, dbLDAPUser from MDS. c. Add the following entry to the end of the reconFields tag: reconAttr oimFormDescriptiveNameEmployee IDoimFormDescriptiveName reconFieldName xmlns:xsi=http:www.w3.org2001XMLSchema-instance xmlns:xs=http:www.w3.org2001XMLSchema xsi:type=xs:stringemployeeidreconFieldName reconColNameRECON_EMPLOYEE_IDreconColName emDataTypestringemDataType formFieldType targetattr keyfield=false encrypted=false required=false type=String name=usr_employee_id reconAttr d. Add the following entry to the end of the reconToOIMMappings tag: reconAttr oimFormDescriptiveNameEmployee IDoimFormDescriptiveName reconFieldName xmlns:xsi=http:www.w3.org2001XMLSchema-instance xmlns:xs=http:www.w3.org2001XMLSchema xsi:type=xs:stringemployeeidreconFieldName reconColName RECON_EMPLOYEE_ID reconColName emDataTypestringemDataType formFieldType targetattr keyfield=false encrypted=false required=false type=String name= usr_employee_id Note: Oracle Identity Manager does not support provisioning or reconciling Boolean-type attributes to LDAP. 13-20 Oracle Fusion Middleware Administrators Guide for Oracle Identity Manager Transformation name=OneToOne Parameter name= employeeid fieldname= employeeid Transformation targetattr reconAttr e. Import the xml file back into MDS. After importing, verify that the full path in MDS is dbLDAPUser. f. Export the dbRA_LDAPUSER.xml file from MDS. g. Add the following entry to the end of the entity-attributes tag: attribute name=Employee ID typestringtype requiredfalserequired attribute-groupBasicattribute-group searchabletruesearchable attribute h. Add this entry to the end of the target-fields tag: field name= RECON_EMPLOYEE_ID typestringtype requiredfalserequired field i. Add the following entry to the end of the attribute-maps tag: attribute-map entity-attributeEmployee IDentity-attribute target-field RECON_EMPLOYEE_ID target-field attribute-map j. Import the RA_LDAPUSER.xml file back into MDS. After importing, verify that the full path in MDS is dbRA_LDAPUSER.xml.

13.5.2 Synchronizing UDFs Between Oracle Identity Manager and LDAP By Using the ldapsyncudf Utility

You can automate the synchronization of UDFs between Oracle Identity Manager and LDAP by using the ldapsyncudf.sh utility. This utility takes care of both provisioning and reconciliation of UDFs, and it is recommended that you synchronize UDFs by using this utility. If you want to provision UDFs without reconciliation, or if you want to reconcile UDFs without provisioning, then you must run the process manually as described in Synchronizing the Attribute Manually on page 13-18. Using the ldapsyncudf.sh script is described in the following sections: ■ Configuring the Properties File ■ Configuring the Input File ■ Running the Utility

13.5.2.1 Configuring the Properties File

You can configure properties in the ldapconfig.props file before running the ldapsyncudf.sh script to achieve UDF synchronization. These properties are used by the client to connect to the service provided by Oracle Identity Manager. These