ibm security identity manager: peopletools adapter user...

IBM Security Identity ManagerVersion 7.0

PeopleTools Adapter User Guide

IBM

ii IBM Security Identity Manager: PeopleTools Adapter User Guide

Contents

Figures . . . . . . . . . . . . . . . v

Tables . . . . . . . . . . . . . . . vii

Chapter 1. Overview . . . . . . . . . 1Prerequisites . . . . . . . . . . . . . . 1Starting the adapter . . . . . . . . . . . . 2

Chapter 2. User account management . . 3Reconciling accounts. . . . . . . . . . . . 3Adding user accounts . . . . . . . . . . . 4

Attributes for adding user accounts. . . . . . 4Alternate user ID . . . . . . . . . . . . 5User supervisor . . . . . . . . . . . . 6Specification of email addresses . . . . . . . 6ID Type specification . . . . . . . . . . 6Permission . . . . . . . . . . . . . . 7Role names . . . . . . . . . . . . . . 7

Modifying user accounts . . . . . . . . . . 7Suspending user accounts . . . . . . . . . . 8

Restoring user accounts. . . . . . . . . . . 8Deleting user accounts . . . . . . . . . . . 8

Chapter 3. Troubleshooting . . . . . . 9Error logs . . . . . . . . . . . . . . . 9Error messages and warnings. . . . . . . . . 9

Chapter 4. Reference . . . . . . . . 13Adapter attributes . . . . . . . . . . . . 13Adapter customization for collection attributes . . 14Customizing the PeopleTools account form . . . . 15

Modifying the CompIntfc.jar file . . . . . . 16Attributes in the adapter profile . . . . . . 16Mapping attributes of Component Interfacessupported by IBM Security Identity Manager . . 18Mapping attributes of Component Interfaces notsupported by IBM Security Identity Manager . . 22

Index . . . . . . . . . . . . . . . 27

iii

iv IBM Security Identity Manager: PeopleTools Adapter User Guide

Figures

v

vi IBM Security Identity Manager: PeopleTools Adapter User Guide

Tables

1. Prerequisites checklist . . . . . . . . . 12. Required attributes for adding user accounts 43. Specific error messages and recommended

actions . . . . . . . . . . . . . . 94. General error messages, warnings, and

corrective actions. . . . . . . . . . . 11

5. Attributes on the PeopleTools account form,their corresponding names on the IBM TivoliDirectory Server, and the PeopleSoft server . . 13

6. Assembly line icons . . . . . . . . . . 19

vii

viii IBM Security Identity Manager: PeopleTools Adapter User Guide

Chapter 1. Overview

An adapter is an interface between a managed resource and the IBM® SecurityIdentity server. The PeopleTools Adapter provides connectivity between IBMSecurity Identity Manager and the PeopleSoft server.

The adapter runs as a service, independent of whether you are logged on to IBMSecurity Identity Manager.

The PeopleTools Adapter automates the following tasks:

User account management

v Adding user accountsv Modifying user accountsv Deleting user accountsv Suspending and restoring user accountsv Retrieving user accountsv Reconciling user accounts

PrerequisitesUse the Prerequisites checklist to install and configure the adapter before youperform any of the user account, group, or role management tasks, whereapplicable.

Table 1. Prerequisites checklist

Task For more information, see

Install the adapter. See the adapter's Installation andConfiguration Guide

Import the adapter profile into the IBMSecurity Identity server.

See the adapter's Installation andConfiguration Guide

Create an adapter service. See the adapter's Installation andConfiguration GuideNote: After you create a PeopleToolsAdapter service, the IBM Security IdentityManager server creates a defaultprovisioning policy for the adapter service.You can customize a provisioning policy forthe PeopleTools Adapter service according tothe requirements of your organization. Formore information, see the section aboutCustomizing a provisioning policy in the IBMSecurity Identity Manager productdocumentation.

Configure the adapter. See the adapter's Installation andConfiguration Guide

Perform a reconciliation operation to retrieveuser accounts and store them in the IBMSecurity Identity server.

Managing reconciliation schedules in the IBMSecurity Identity Manager productdocumentation

1

Table 1. Prerequisites checklist (continued)

Task For more information, see

Adopt orphan accounts on IBM SecurityIdentity Manager.

Assigning an orphan account to a user in theIBM Security Identity Manager productdocumentation

Start the adapter. “Starting the adapter”

Starting the adapterStart the adapter. before your perform any management task.

About this task

All IBM Tivoli® Directory Integrator based adapters require the Dispatcher for theadapters to function correctly. Run the dispatcher, which in turn runs the adapter.

Procedurev Run in service mode.

1. In the Windows control panel, double-click Administrative Tools.2. Double-click Services.3. Right-click the IBM Security Identity Manager Adapter service, and click

Start.v Run in console mode

1. Go to the adapter installation directory and run the following command:ibmdisrv -s "Adapter solution directory" -c ITIM_RMI.xml –d

2 IBM Security Identity Manager: PeopleTools Adapter User Guide

Chapter 2. User account management

IBM Security Identity Manager manages user accounts stored on the PeopleSoftserver using the PeopleTools Adapter.

You can perform the following operations:v Add, modify, or delete an accountv Suspend or restore an accountv Reconcile accounts

You can manage:v Accounts for a specific personv Accounts for a service instancev Specific accounts by using the search function of IBM Security Identity Manager

Reconciling accountsReconciliation synchronizes the accounts and supporting data between IBMSecurity Identity server and the managed server. Reconciliation is required so thatdata is consistent and up-to-date.

The reconciliation operation retrieves the user account information from thePeopleSoft server and stores it in the directory server of IBM Security IdentityManager.

You can schedule reconciliation to run at specific times and to return specificparameters. Running a reconciliation before its schedule time does not cancel thescheduled reconciliation. For more information about scheduling reconciliation andrunning a scheduled reconciliation, see the IBM Security Identity Manager productdocumentation.

You can perform the following reconciliation tasks at any time from IBM SecurityIdentity Manager:v Reconciling support datav Reconciling a single user account

Reconciling supporting data

Supporting data for a PeopleSoft user account includes the following information:v Language codesv Currency codesv Permission Listsv Role

For more information about each of these attributes, see the PeopleSoftdocumentation.

To reconcile only the supporting data, without reconciling the user accounts:1. Log on to IBM Security Identity Manager as an administrator.

3

2. In the My Work pane, click Manage Services. The Manage Services page isdisplayed.

3. Select the type of service from the Service type list and click Search.4. Select the name of the service that you created for the PeopleTools Adapter.5. Click the View popup menu icon and select Reconcile Now from the pop-up

menu. The Reconcile Now page is displayed.6. Click Define query.7. Select the Reconcile supporting data only check box and click Submit.

Adding user accountsYou can add user accounts at any time for either an existing person or a newperson in the organization.

Adapter attributes define the accounts on the account form. For specificprocedures, see the IBM Security Identity Manager product documentation.

Attributes for adding user accountsTo add user accounts to the PeopleSoft server, specify the required attributes onthe PeopleTools account form.

Table 2. Required attributes for adding user accounts

Attribute Description

User ID User ID of the account.

Symbolic ID Symbolic ID of the account. The symbolic ID is used to retrieve theaccess ID and the access password of a user. You must type thecorrect symbolic ID associated with a user. For more informationabout the symbolic ID, see the PeopleTools documentation.

When you specify the User ID and the Symbolic ID attributes on the PeopleToolsaccount form, the PeopleTools Adapter sets the following attributes on thePeopleSoft server:v User IDv Symbolic IDv ID Type

Note: If no ID Type is specified, the adapter automatically sets the value of the IDType attribute to None.

In addition to the required attributes, you can also specify the following optionalattributes on the PeopleTools account form:v Descriptionv Language Codev Multi Language Enabledv Enable Expert Entryv Navigator Homepagev Process Profilev Primaryv Row Securityv User Supervisor


v Alternate User IDv Effective Datev To Datev Routing - Worklist Userv Routing - E-mail Userv E-mail Addressesv Currency Codev Roles

Alternate user IDIf a user is temporarily unavailable, you can assign the role of the unavailable userto an available Peoplesoft user. Specify the user ID of the alternate user as thevalue of the Alternate User ID attribute.

Note: The value of the User ID and the Alternate User ID attributes must bedifferent.

When you specify the Alternate User ID attribute, you must also specify thefollowing attributes on the PeopleTools account form:

Effective Date: DateThe start date from when the alternate user ID is effective. The defaultvalue of this attribute is Never. To specify a date, follow these steps:1. Clear the Never check box.2. Click the View Calendar icon and select the month, year, and date.3. Click OK.

Effective Date: TimeThe Effective Date attribute on IBM Security Identity Manager is of typedate which has independent controls for specifying the date and timevalues. You can enter the date and time values of this attribute by usingthe Effective Date: Date and Effective Date: Time controls on IBMSecurity Identity Manager. The Effective Date attribute maps to the FromDate attribute in the PeopleSoft pure internet architecture user interfacethat does not take the time value. Therefore, when you submit the add ormodify request, the adapter does not take the value specified for theEffective Date: Time control.

To Date: DateThe end date up to which the alternate user ID is effective. The defaultvalue of this attribute is Never. To specify a date, follow these steps:1. Clear the Never check box.2. Click the View Calendar icon and select the month, year, and date.3. Click OK.

To Date: TimeThe To Date attribute on IBM Security Identity Manager is of type datewhich has independent controls for specifying the date and time values.You can enter the date and time values of this attribute by using the ToDate: Date and To Date: Time controls on IBM Security Identity Manager.The To Date attribute maps to the To Date attribute in the PeopleSoft pureinternet architecture user interface that does not take the time value.Therefore, when you submit the add or modify request, the adapter doesnot take the value specified for the To Date: Time control.

Chapter 2. User account management 5

User supervisorIf a user has a supervisor, specify the user ID of the supervisor as the value of theUser Supervisor attribute on the PeopleTools account form.

The PeopleTools Adapter maps the User Supervisor attribute to the SupervisingUser ID attribute on the PeopleSoft server.

Note: The value of the User ID and the User Supervisor attributes must bedifferent.

Specification of email addressesTo create multiple email addresses for a user account, specify the E-mail Addressesattribute on the PeopleTools account form.

The E-mail Addresses attribute is a collection of the following attributes:

E-mail TypeSpecify the type of email address, such as Blackberry, Business, Home,Other, or Work, as the value of this attribute.

E-mail AddressSpecify an email address for the user account as the value of this attribute.You can specify multiple email addresses for a user account. However, youcan specify only one email address per type.

Primary e-mailSelect this check box to assign the specified email address as a primaryemail address. You can assign only one email address as a primary emailaddress for a user account. By default, the adapter selects the first emailaddress as a primary email.

ID Type specificationTo create ID Types for a user, you must modify the adapter profile to specify theID Types attribute on the account form.

The ID Types attribute is a collection attribute that has the child attributesOPRALIASTYPE and ID Type. You specify the value for the ID Types with aname-value pair, separated by a $.attribute_name$attribute_value

For example, to add an Employee ID Type with the EmplID attribute the valueformat sent to the adapter is:EMP#Empl ID$1234

where EMP is the Employee ID and 1234 is employee ID you want to set.

If an ID Type has multiple attributes the name-value pairs are separated by a |.attribute_name$attribute_value|attribute_name2$attribute_value

For example, if you have a custom typed defined as Custom with two attributes,MyCustAttr1 and MyCustAttr2, the format is:Custom#MyCustAttr1$Myvalue1|MyCustAttr2$Myvalue2

where Myvalue1 and Myvalue2 are values you want to set.


After you import the modified profile, use the Design Forms function of IBMSecurity Identity Manager to add the attribute to the account form. Then you canuse the drop-down menu on the account form to assign ID Types such asEmployee, Vendor, or None to the user.

PermissionFor displaying purpose, the permission list displays permission code andpermission description in the format of “Permission code : Permissiondescription”. However, only the permission code value is sent to the adapter.

Role namesFor displaying purpose, the role list displays role name and role description in theformat of “Role Name : Role Description”. However, only the role name value issent to the adapter.

Modifying user accountsYou can modify user account attributes at any time in IBM Security IdentityManager.v Symbolic IDv Descriptionv Email Addressesv Language Codev Multi Language Enabledv Currency Codev Enable Expert Entryv Navigator Homepagev Process Profilev Primaryv Row Securityv Rolesv User Supervisorv Alternate User IDv Effective Datev To Datev Routing - Worklist Userv Routing - Email Userv ID Types and Values

Note: The User Id attribute cannot be modified.

Password change of user accounts

You can change the password of any of the PeopleTools accounts that exist on IBMSecurity Identity Manager. For information about changing passwords, see the IBMSecurity Identity Manager product documentation.

Chapter 2. User account management 7

Suspending user accountsWhen you suspend a user account, the status of the user account on IBM SecurityIdentity Manager becomes inactive and the user account becomes unavailable foruse.

Suspending a user account does not remove the user account from IBM SecurityIdentity Manager. For more information about suspending user accounts, see theIBM Security Identity Manager product documentation.

When you suspend a user account from IBM Security Identity Manager, thePeopleTools Adapter sets the value of the Account Locked Out attribute on thePeopleSoft server to TRUE.

Restoring user accountsThe restore operation reinstates the suspended user accounts to IBM SecurityIdentity Manager.

When you restore a user account from IBM Security Identity Manager, thePeopleTools Adapter sets the value of the Account Locked Out attribute on thePeopleSoft server to FALSE.

After restoring a user account, the status of the user account on IBM SecurityIdentity Manager becomes active. For more information about restoring useraccounts, see the IBM Security Identity Manager product documentation.

Deleting user accountsUse the IBM Security Identity Manager deprovision feature to delete user accounts.

For more information about deleting user accounts, see the IBM Security IdentityManager product documentation.


Chapter 3. Troubleshooting

Troubleshooting is the process of determining why a product does not function asit is designed to function. This topic provides information and techniques foridentifying and resolving problems that are related to the adapter, includingtroubleshooting errors that might occur when managing the accounts or groups,where applicable.

Error logsWhen an operation fails, the corresponding error messages and warnings arelogged in the ibmdi.log file. This file is in the adapters solution/logs directory.The adapters solution directory is a Tivoli Directory Integrator work directory forIBM Security Identity Manager adapters.

You can display the error logs in the user interface by running the Dispatcher fromthe command prompt. You can also configure logging information for the adapter.For more information about displaying logs in the user interface and configuringlogging information, see the adapter's Installation and Configuration Guide.

Error messages and warningsA warning or error message might be displayed in the user interface to provideinformation about the adapter or when an error occurs.

The table lists the error messages and warnings that might occur while performingthe user account or group management tasks, where applicable.It also includes thecorrective actions to resolve the errors.

Table 3. Specific error messages and recommended actions

Error code Error messages Corrective actions

CTGIMT001E The following error occurred.

Error: Unable to connect to PeopleSoftApplication server.

Verify that:

v The PeopleSoft server is running.

v The credentials specified on the adapter serviceform are correct.

v The PeopleSoft administrator user name andpassword specified on the adapter service formare correct.

v The psft.jar and psjoa.jar files exist in theITDI_HOME\jars\3rdparty\others directory.

InitializeError:java.lang.ClassNotFoundException:com.microsoft.jdbc.sqlserver.SQLServerDriver

This error might occur when the adapter fails tofind the JDBC_driver.jar file. This file is requiredto establish a connection with the database.

Ensure that the JDBC_driver.jar file exists in theITDI_HOME\jars\3rdparty\others directory.

For more information about the JDBC_driver.jarfile, see the Directory Integrator-Based PeopleToolsAdapter Installation and Configuration Guide andsearch for the section about PeopleSoftresource-specific jar files.

9

Table 3. Specific error messages and recommended actions (continued)

Error code Error messages Corrective actions

CTGIMT003E The account already exists. The user account exists on the PeopleSoft server.This error might occur when you attempt to adda user to the PeopleSoft server, and IBM SecurityIdentity Manager is not synchronized with thePeopleSoft server. To fix this problem, schedule areconciliation between IBM Security IdentityManager and the PeopleSoft server. See theonline help documentation for information aboutscheduling a reconciliation.

CTGIMT009E The account username cannot be modifiedbecause it does not exist.

This error might occur when you attempt to:

v Modify a user from IBM Security IdentityManager and the user does not exist on thePeopleSoft server.

v Change the password of a user account fromIBM Security Identity Manager and the userdoes not exist on the PeopleSoft server.

The reason could be either the user was notcreated on the PeopleSoft server or the user wasdeleted directly from the PeopleSoft server.

Create the user on the PeopleSoft server andschedule a reconciliation. See the IBM SecurityIdentity Manager production documentation forinformation about scheduling a reconciliation.

CTGIMT015E An error occurred while deleting the usernameaccount because the account does not exist.

This error might occur when you attempt to:

v Delete a user from IBM Security IdentityManager and the user does not exist on thePeopleSoft server.

v Change the password of a user account fromIBM Security Identity Manager and the userdoes not exist on the PeopleSoft server.

The reason could be either the user was notcreated on the PeopleSoft server or the user wasdeleted directly from the PeopleSoft server.

Create the user on the PeopleSoft server andschedule a reconciliation. See the IBM SecurityIdentity Manager production documentation forinformation about scheduling a reconciliation.

CTGIMT600E An error occurred while establishingcommunication with the Tivoli DirectoryIntegrator server.

Verify that:

v The Tivoli Directory Integrator-based adapterservice is running.

v The URL specified for the Tivoli DirectoryIntegrator on the adapter service form iscorrect.


Table 4. General error messages, warnings, and corrective actions

Error messages Corrective actions

LoadConnectors:java.lang.NoClassDefFoundError:psft/pt8/joa/JOAException

This error might occur when the adapter fails to find thepsjoa.jar file.

Ensure that the psjoa.jar file exists in theITDI_HOME\jars\3rdparty\others directory.

For more information about the psjoa.jar file, see theDirectory Integrator-Based PeopleTools Adapter Installationand Configuration Guide and search for the section aboutPeopleSoft resource-specific jar files.

InitConnectors:java.lang.Exception: Unable toGetComponent Interface ABC_XYZ

This error might occur when the adapter fails to find thePeopleSoft Component Interface classes.

Verify that:

v The CompIntfc.jar file that contains theENROLE_AGENT Component Interface project classesexists in the ITDI_HOME\jars\3rdparty\othersdirectory.

v The CompIntfc.jar file contains classes for therequired ENROLE_AGENT Component Interfaceproject.

For more information about the CompIntfc.jar file, seethe Directory Integrator-Based PeopleTools AdapterInstallation and Configuration Guide and search for thesection about PeopleSoft resource-specific jar files.

v A system error occurred while adding an account. Theaccount was not added.

v A system error occurred while modifying an account.The account was not changed.

v A system error occurred while deleting an account.The account was not deleted.

v The search failed due to a system error.

Ensure that:

v The CompIntfc.jar and psjoa.jar files are copied tothe ITDI_HOME\jars directory on the workstationwhere the adapter is installed.

v The ENROLE_AGENT Component Interface project isdeployed on the PeopleSoft server.

v The network connection between IBM Security IdentityManager and Tivoli Directory Integrator, or TivoliDirectory Integrator and the PeopleSoft server is notslow.

v The account was added but some attributes failed.

v The account was modified but some attributes failed.

v The account was deleted successfully, but additionalsteps failed.

The account was created, modified, or deleted, but someof the attributes specified in the request were not set.

See the list of attributes that failed and the correspondingerror message for the error description. Correct the errorsassociated with each attribute and perform the operationagain.

v Search filter error

v Invalid search filter

The filter specified in the search request is not correct.Specify the correct filter and perform the searchoperation again.

Adapter profile is not displayed in the user interfaceafter installing the profile.

Stop and restart the IBM Security Identity Managerserver or wait until the cache times out (up to 10minutes) for IBM Security Identity Manager to refreshthe list of attribute names.

Chapter 3. Troubleshooting 11

Table 4. General error messages, warnings, and corrective actions (continued)

Error messages Corrective actions

v A PeopleSoft error occurred while saving theattributes.

v Please specify all Attribute Values for all ID Types ofPSOPRALIAS attribute.

Verify that all attribute names for all ID Types andValues are specified correctly.


Chapter 4. Reference

Reference information is organized to help you locate particular facts quickly suchas adapter attributes, application programming interfaces, files and commands,where applicable..

Adapter attributesThe IBM Security Identity server communicates with the adapter by usingattributes, which are included in transmission packets that are sent over a network.

The following table lists the attributes that are displayed on the PeopleToolsaccount form, and their corresponding names on the IBM Tivoli Directory Serverand the name by which the attribute is referred on the PeopleSoft.

Table 5. Attributes on the PeopleTools account form, their corresponding names on the IBM Tivoli Directory Server,and the PeopleSoft server

Attribute name on the PeopleToolsaccount form

Attribute name on the IBM TivoliDirectory Server

Attribute name on the PeopleSoftserver

Alternate User ID erpt84xaltid ROLEUSER_ALT

Currency Code erpt84xcurrcode CURRENCY_CD

Description erpt84xdescription OPRDEFNDESC

Effective Date : Date erpt84xstartdate EFFDT_FROM

Effective Date : Time

E-mail Addresses erpt84xemailadd PSUSEREMAIL

Enable Expert Entry erpt84xexpertentry EXPENT

ID Types and Values erpt84xopraliastype ID Type

Language Code erpt84xlangcode LANGUAGE_CD

Multi Language Enabled erpt84xmultilang MULTILANG

Navigator Homepage erpt84xhomepagepl DEFAULTNAVHP

Password erPassword OPERPSWD

Primary erpt84xprimarypl OPRCLASS

Process Profile erpt84xprofilepl PRCSPRFLCLS

Roles erpt84xrole PSROLEUSER_VW

Routing - E-mail User erpt84xemailuser EMAIL_USER_SW

Routing - Worklist User erpt84xworklistuser WORKLIST_USER_SW

Row Security erpt84xrowpl ROWSECCLASS

Symbolic ID erpt84xsymbid SYMBOLICID

To Date : Date erpt84xenddate EFFDT_TO

To Date : Time

User ID erUid OPRID

User Supervisor erpt84xusersupr ROLEUSER_SUPR

13

Adapter customization for collection attributesPeopleSoft has a constraint of setting the values of a collection attribute in aspecific sequence. Tivoli Directory Integrator does not necessarily pass the valueson to the connector in the sequence they are received.

To support such attributes you must modify the assembly lines, adapter profile,and the connector. You might also need to create a PeopleSoft component interface.

A collection attribute is an attribute that has child attributes. These child attributesmight also be collection attributes. For example, the PSOPRALIAS attribute.PSOPRALIAS

- OPRALIASTYPE- PSOPRALIASFIELD

-PSOPRALIASNAME-PSOPRALIASVALUE-PSOPRALIASDESCR

OPRALIASTYPE and PSOPRALIASFIELD are child attributes of PSOPRALIAS.PSOPRALIASFIELD is a collection attribute with the child attributes PSOPRALIASNAME,PSOPRALIASVALUE, and PSOPRALIASDESCR.

To meet the PeopleSoft sequence constraint, add an attribute in the assembly lineto define the sequence in which the values of the collection are set. For thePSOPRALIAS attribute, add the following code to define the sequence:var attributeSequence = new ArrayList();attributeSequence.add("OPRALIASTYPE");attributeSequence.add("PSOPRALIASFIELD");fullOprAliasEntry.setAttribute("sequence",attributeSequence);

This sequence attribute instructs the connector to first set the OPRALIASTYPEattribute in the collection. Typically PeopleSoft populates the collection with therequired attributes and values.

If you are setting a custom type that needs multiple attributes, you need to instructthe connector to update the values for the attribute on the resource. For example,you want to set OPRALIASTYPE to Custom with two attributes, MyCustAttr1 andMyCustAttr2, the structure is:PSOPRALIAS

- OPRALIASTYPE Custom- PSOPRALIASFIELD [1]

-PSOPRALIASNAME MyCustAttr1-PSOPRALIASVALUE-PSOPRALIASDESCR

- PSOPRALIASFIELD [2]-PSOPRALIASNAME MyCustAttr2-PSOPRALIASVALUE-PSOPRALIASDESCR

If the connector adds the values on the resource, MyCustAttr2 generates an errorthat the value is already set. You must add the getItemByAttribute attribute to theadapter assembly line.psOprAliasedFieldEntry.setAttribute("getItemByAttribute","ATTRNAME")

For this example ATTRNAME is PSOPRALIASNAME.


The connector parses the getItemByAttribute attribute and gets the valueATTRNAME associated with it. The connector does not set the value for this fieldwhich is already set on the resource.

For information about customizing attributes, see “Customizing the PeopleToolsaccount form.”

After customizing the attributes and the profile, you must import the profile toIBM Security Identity Manager. For information about importing the adapterprofile, see PeopleTools Adapter Installation and Configuration Guide. You can use theDesign forms function of IBM Security Identity Manager to modify the accountform to include the customized attributes.

Customizing the PeopleTools account formYou can add attributes of different Component Interfaces to the PeopleToolsaccount form. These Component Interfaces can be supported or not supported byIBM Security Identity Manager.

About this task

The Project file PT850_Component.zip for PeopleTools 8.50, 8.51, and 8.52, whichcontains Component Interfaces, is provided with the IBM Security IdentityManager PeopleTools Adapter software. These interfaces are in the ENROLE_AGENTsubdirectory. This subdirectory is imported into the PeopleTools ApplicationDesigner as a PeopleTools Project.

Procedure1. Modify the CompIntfc.jar file. For more information about modifying the

CompIntfc.jar file, see “Modifying the CompIntfc.jar file” on page 16.2. Log on to the workstation where the PeopleTools Adapter is installed.3. Copy the PeopleToolsProfile.jar file to the \temp directory.4. Extract the contents of the PeopleToolsProfile.jar file to the \temp directory

by running the following command:cd c:\tempjar -xvf PeopleToolsProfile.jar PeopleToolsProfile

This command creates the c:\temp\PeopleToolsProfile directory.5. Add the attribute to the PeopleTools Adapter profile. For more information

about adding an attribute to the adapter profile, see “Attributes in the adapterprofile” on page 16.

6. Map the attribute to the assembly lines.v To map an attribute of a Component Interface supported by IBM Security

Identity Manager, see “Mapping attributes of Component Interfacessupported by IBM Security Identity Manager” on page 18.

v To map an attribute of a Component Interface not supported by IBMSecurity Identity Manager, see “Mapping attributes of Component Interfacesnot supported by IBM Security Identity Manager” on page 22.

7. Go to the Tivoli Directory Integrator installation directory, and run thefollowing command to break the assembly lines:

Chapter 4. Reference 15

java –classpath ITDI_HOME\jars\ITLMToolkit.jar;ITDI_HOME\jars\miconfig.jar;ITDI_HOME\jars\miserver.jar;ITDI_HOME\jars\mmconfig.jar;ITDI_HOME\jars\diserverapi.jar;ITDI_HOME\jars\log4j-1.2.8.jar;ITDI_HOME\jars\itdiAgents-common.jar com.ibm.di.utils.IDIConfigHelper"c:\temp\PeopleToolsAdapterALs.xml""c:\temp"

In this command, ITDI_HOME is the name of the IBM Security IdentityManager installation directory and c:\temp\PeopleToolsAdapterALs.xml is thepath of the PeopleToolsAdapterALs.xml file.

8. Create a JAR file by using the files in the \temp directory by running thefollowing command:cd c:\tempjar -cvf PeopleToolsProfile.jar PeopleToolsProfile

9. Import the PeopleToolsProfile.jar file to the IBM Security Identity Managerserver. For more information about importing the PeopleToolsProfile.jar file,see the PeopleTools Adapter Installation and Configuration Guide. In the sectionthat describes installing the PeopleTools Adapter, search for the topic aboutimporting the adapter profile into the IBM Security Identity Manager server.

10. Stop and start the IBM Security Identity Manager server.

Modifying the CompIntfc.jar fileTo add an attribute to a Component Interface, modify the CompIntfc.jar file.

Procedure1. Logon to PeopleSoft Application Designer.2. Open the ENROLE_AGENT Component Interface project.3. Open the Component Interface by double clicking the Component Interface, for

example, ENROLE_USERS.4. If the name of the attribute is not listed in the right pane of the Component

Interface window, then drag the attribute from the left pane to the right pane.5. Save the changes and generate the CompIntfc.jar file. For more information

about generating CompIntfc.jar file, see the PeopleTools Adapter Installation andConfiguration Guide and under the topic about configuring the PeopleToolsAdapter, search for the section that describes generating the CompIntfc.jar file.

Attributes in the adapter profileYou must update the profiles or specifications of new attributes.

Update the attributes in these files:

CustomLabels.propertiesThe CustomLabels.properties file contains a list of attributes that aresupported by IBM Security Identity Manager and their correspondinglabels.

For example, you want to add an attribute erpt84xuseridalias to the LogonInformation page of the PeopleTools account form. This attribute issupported by the ENROLE_USERS Component Interface of IBM SecurityIdentity Manager. The following example shows theCustomLabels.properties file with the specifications of theerpt84xuseridalias attribute:### erpt84xuseraccount Login Tab

erpt84xuseridalias=User ID Alias

In this example:


erpt84xuseraccount Login TabDefines the tab on which the erpt84xuseridalias attribute isdisplayed.

erpt84xuseridalias=User ID AliasDefines the label, User ID Alias, for the erpt84xuseridaliasattribute. IBM Security Identity Manager recognizes the newattribute by the name erpt84xuseridalias.

erpt84xuseraccount.xmlAll the information about the structure of the PeopleTools account formexist in the erpt84xuseraccount.xml file. When you specify a structure foran attribute, you must specify the structure under the tab where you wantto display that attribute.

Following is an example of the erpt84xuseraccount.xml file that definesthe structure for the erpt84xuseridalias attribute:<tabbedForm><tab index="0" selected="true"><title>$erpt84xlogintab</title><formElement name="data.erpt84xuseridalias" label="$erpt84xuseridalias"><input name="data.erpt84xuseridalias" size="30" type="text"/></formElement></tab>

In this example, a text box element on the Logon Information page of thePeopleTools account form is mapped to the erpt84xuseridalias attribute.

schema.dsmlDefines an attribute. It contains the schema for attributes and object classesin the profile. Following is an example of the schema.dsml file that definesthe erpt84xuseridalias attribute and adds the erpt84xuseridalias attributeto the erpt84xuseraccount class:

<attribute-type single-value = "true"><name>erpt84xuseridalias</name><description>User ID Alias</description><object-identifier>1.3.6.1.4.1.6054.3.145.2.34</object-identifier><syntax>1.3.6.1.4.1.1466.115.121.1.15</syntax></attribute-type>

<class superior="top"><name>erpt84xuseraccount</name><description>PeopleTools Account</description><object-identifier>1.3.6.1.4.1.6054.3.145.1.1</object-identifier>

<attribute ref = "erpt84xuseridalias" required = "false"/></class>

In this example:

<attribute-type single-value = "true">Specifies the value of the attribute type as single.

<name>erpt84xuseridalias</name>Defines the name of the erpt84xuseridalias attribute.

<description>User ID Alias</description>Provides the description of the erpt84xuseridalias attribute.

<object-identifier>1.3.6.1.4.1.6054.3.145.2.34</object-identifier>Specifies the unique identifier for the erpt84xuseridalias attribute.

<syntax>1.3.6.1.4.1.1466.115.121.1.15</syntax>Refers to the syntax of the erpt84xuseridalias attribute type.

<class superior="top"><name>erpt84xuseraccount</name><description>PeopleTools Account</description><object-identifier>1.3.6.1.4.1.6054.3.145.1.1</object-identifier><attributeref = "erpt84xuseridalias" required = "false"/></class>

Adds the erpt84xuseridalias attribute to the erpt84xuseraccountclass.

Note: Each attribute must have a unique identifier. In addition, the identifier mustbe unique in the directory server where the attribute is stored.

Mapping attributes of Component Interfaces supported by IBMSecurity Identity Manager

You can map the newly added attributes of Component Interfaces supported byIBM Security Identity Manager to the assembly lines.

Procedure1. Run the Tivoli Directory Integrator.2. Click File > Open.3. Select the PeopleToolsAdapterALs.xml file from the temporary folder where

the PeopleTools Adapter profile was extracted, and click Open.4. In the navigation pane, expand the AssemblyLines tree, and perform these

steps:v Select the PeopleToolsAddAL assembly line and map the attributes to the

PeopleToolsAddAL assembly line. For more information about mappingattributes to the PeopleToolsAddAL assembly line, see “Mapping attributesto the PeopleToolsAddAL assembly line” on page 19.

v Select the PeopleToolsModifyAL assembly line and map the attributes to thePeopleToolsModifyAL assembly line. For more information about mappingattributes to the PeopleToolsModifyAL assembly line, see “Mappingattributes to the PeopleToolsModifyAL assembly line” on page 20.

v Select the PeopleToolsSearchAL assembly line and map the attributes to thePeopleToolsSearchAL assembly line. For more information about mappingattributes to the PeopleToolsSearchAL assembly line, see “Mapping attributesto the PeopleToolsSearchAL assembly line” on page 21.

5. Save the changes to the assembly lines.

Assembly line iconsAssembly line icons of the Tivoli Directory Integrator are used while mappingattributes.


Table 6. Assembly line icons

Icon Name

Add a new Attribute to the Attribute map

Switch between List, Detail and Schema view

Connect to the data source

Read the next entry

Add new Link Criteria

Mapping attributes to the PeopleToolsAddAL assembly lineYou can add a value to an attribute by mapping the attribute to thePeopleToolsAddAL assembly line.

About this task

To view the list of assembly line icons used while mapping attributes see Table 6.

For example, you can map the erpt84xuseridalias attribute of the ENROLE_USERSComponent Interface to the PeopleToolsAddAL assembly line.

Procedure1. Select the PeopleToolsAddAL assembly line. The PeopleToolsAddAL page

opens.2. Click the Call/Return tab. The Initial Work Entry page opens.

a. Click the Add a new Attribute to the Attribute map toolbar button.b. Type the name of the new attribute as erpt84xuseridalias, and click OK.

The erpt84xuseridalias attribute is listed in the Work Attribute list.3. Click the Data Flow tab. The Data Flow page opens.

a. In the left pane, expand the Flow folder and select conAddUser.b. On the Data Flow page, click the Config tab. The Config page opens.c. Type the PeopleSoft server, port, login, and Component Interface details.

4. Click the Output Map tab. The Output Map page opens.a. Click the Switch between List, Detail and Schema view toolbar button

until you see the Schema pane.b. Click the Connect to the data source toolbar button.c. Click the Read the next entry toolbar button. All the attributes supported

by the ENROLE_USERS Component Interface are displayed in the Schemapane.

d. Click the Switch between List, Detail and Schema view toolbar buttonuntil you see the Attribute Map details pane.

e. Select the erpt84xuseridalias check box to map the erpt84xuseridaliasattribute to the PeopleToolsAddAL assembly line.


Note:

v The erpt84xuseridalias attribute is a simple attribute; that is, asingle-valued attribute. To map a collection attribute; that is, a collectionof simple attributes, you must select the Advance Mapping Settingscheck box on the Output Map page, and write scripts to map thecollection attribute to the PeopleToolsAddAL assembly line.

v The Tivoli Directory Integrator version 7.0 fix pack 6 and higher does notallow Java objects such as, com.ibm.di.entry.Entry,com.ibm.di.entry.Attribute, and so on in advanced attribute mapping inthe Ouput Map page. You must move these mappings to the BeforeExecute connector hook. For example, see the mapping of attributeserpt84xemailadd and erpt84xrole in Before Execute connector hook andthe attributes PSUSEREMAIL and PSROLEUSER_VW in the Output Mappage of connector conAdduser in the PeopleToolsAddAL assembly line.

5. Save the changes to the PeopleToolsAddAL assembly line.

Mapping attributes to the PeopleToolsModifyAL assembly lineYou can make an attribute modifiable by mapping the attribute to thePeopleToolsModifyAL assembly line.

About this task

To view the list of assembly line icons used while mapping attributes see Table 6on page 19.

For example, you can map the erpt84xuseridalias attribute of the ENROLE_USERSComponent Interface to the PeopleToolsModifyAL assembly line.

Procedure1. Select the PeopleToolsModifyAL assembly line. The PeopleToolsModifyAL

page opens.2. Click the Call/Return tab. The Initial Work Entry page opens.



a. In the left pane, expand the Flow folder and select conModifyUser.b. On the Data Flow page, click the Config tab. The Config page opens.c. Type the PeopleSoft server, port, login, and Component Interface details.





e. Select the erpt84xuseridalias check box to map the erpt84xuseridaliasattribute to the PeopleToolsModifyAL assembly line.

Note:


v The erpt84xuseridalias attribute is a simple attribute; that is, asingle-valued attribute. To map a collection attribute; that is, a collectionof simple attributes, you must select the Advance Mapping Settingscheck box on the Output Map page, and write scripts to map thecollection attribute to the PeopleToolsModifyAL assembly line.

v The Tivoli Directory Integrator version 7.0 fix pack 6 and higher does notallow Java objects such as, com.ibm.di.entry.Entry,com.ibm.di.entry.Attribute, and so on in advanced attribute mapping inthe Ouput Map page. You must move these mappings to the BeforeModify connector hook. For example, see the mapping of attributeserpt84xemailadd and erpt84xrole in Before Modify connector hook andthe attributes PSUSEREMAIL and PSROLEUSER_VW in the Output Mappage of connector conModifyuser in the PeopleToolsModifyAL assemblyline.

5. Save the changes to the PeopleToolsModifyAL assembly line.

Mapping attributes to the PeopleToolsSearchAL assembly lineYou can make the value of an attribute reconcilable by mapping the attribute to thePeopleToolsSearchAL assembly line.

About this task


For example, you can map the erpt84xuseridalias attribute of the ENROLE_USERSComponent Interface to the PeopleToolsSearchAL assembly line.

Procedure1. Select the PeopleToolsSearchAL assembly line. The PeopleToolsSearchAL page

opens.2. Click the Call/Return tab. The Initial Work Entry page opens.



a. In the left pane, expand the Feeds folder and select conGetUsers.b. On the Data Flow page, click the Config tab. The Config page opens.c. Type the PeopleSoft server, port, login, and Component Interface details.

4. Click the Input Map tab. The Input Map page opens.a. Click the Switch between List, Detail and Schema view toolbar button




e. Select the erpt84xuseridalias check box to map the erpt84xuseridaliasattribute to the PeopleToolsSearchAL assembly line.

Note:


v The erpt84xuseridalias attribute is a simple attribute; that is, asingle-valued attribute. To map a collection attribute; that is, a collectionof simple attributes, you must select the Advance Mapping Settingscheck box on the Input Map page, and write scripts to map the collectionattribute to the PeopleToolsSearchAL assembly line.

v The Tivoli Directory Integrator version 7.0 fix pack 6 and higher does notallow Java objects such as com.ibm.di.entry.Entry,com.ibm.di.entry.Attribute, and so on in advanced attribute mapping inthe Input Map page. You must move these mappings to the AfterGetNext connector hook. For example, see the in the Input Map of theconnector conGetUsers PeopleToolsSearchAL to map collection attributesto work attributes without using objects of type com.ibm.di.entry.Entryand com.ibm.di.entry.Attribute.

5. Save the changes to the PeopleToolsSearchAL assembly line.

Mapping attributes of Component Interfaces not supported byIBM Security Identity Manager

You can add attributes of the Component Interfaces not supported by IBM SecurityIdentity Manager. However, the value of the create key and the find key of theComponent Interfaces must be OPRID.

Procedure1. Run the Tivoli Directory Integrator.2. Click File > Open.3. Select the PeopleToolsAdapterALs.xml file from the temporary folder where

the PeopleTools Adapter profile was extracted, and click Open.4. In the navigation pane, expand the AssemblyLines tree, and perform these

steps:v Select the PeopleToolsAddAL assembly line and map the attributes to the

PeopleToolsAddAL assembly line. For more information about mappingattributes to the PeopleToolsAddAL assembly line, see “Mapping attributesto the PeopleToolsAddAL assembly line.”

v Select the PeopleToolsModifyAL assembly line and map the attributes to thePeopleToolsModifyAL assembly line. For more information about mappingattributes to the PeopleToolsModifyAL assembly line, see “Mappingattributes to the PeopleToolsModifyAL assembly line” on page 23.

v Select the PeopleToolsSearchAL assembly line and map the attributes to thePeopleToolsSearchAL assembly line. For more information about mappingattributes to the PeopleToolsSearchAL assembly line, see “Mapping attributesto the PeopleToolsSearchAL assembly line” on page 25.

Mapping attributes to the PeopleToolsAddAL assembly lineYou can add a value to an attribute by mapping the attribute to thePeopleToolsAddAL assembly line.

About this task

To view the list of assembly line icons used while mapping attributes, see Table 6on page 19.

Procedure1. Select the PeopleToolsAddAL assembly line. The Data Flow page opens.


2. On the Data Flow page, right-click the Flow folder, and click Add connectorcomponent. The Select Connector window opens.a. Select ibmdi.PeopleSoftConnector.b. In the Name field, type a name for the add connector component, for

example, add_users.c. From the Mode list, select AddOnly.d. Click OK.

Note: On the Data Flow page, ensure that the value of the State list is Enabled.3. Click the Call/Return tab. The Initial Work Entry page opens.

a. Click the Add a new Attribute to the Attribute map toolbar button.b. Type a name for the new attribute and click OK. The new attribute is listed

in the Work Attribute list.4. Click the Data Flow tab. The Data Flow page opens.

a. In the left pane, expand the Flow folder and select the new connectorcomponent, add_users.

b. On the Data Flow page, click the Config tab. The Config page opens.c. Type the PeopleSoft server, port, login, and Component Interface details.


until you see the Schema pane.b. Drag the attribute to the Connector Attribute pane. The attribute is listed in

the Connector Attribute pane.c. Click the Connect to the data source toolbar button.d. Click the Read the next entry toolbar button. All the attributes supported

by the Component Interface are displayed in the Schema pane.e. Click the Switch between List, Detail and Schema view toolbar button

until you see the Attribute Map details pane.f. Select the checkbox corresponding to the newly added attribute.

Note:

v To map a collection attribute; that is, a collection of simple attributes, youmust select the Advance Mapping Settings check box on the Output Mappage, and write scripts to map the collection attribute to thePeopleToolsAddAL assembly line.

v The Tivoli Directory Integrator version 7.0 fix pack 6 and higher does notallow Java objects such as com.ibm.di.entry.Entry,com.ibm.di.entry.Attribute, and so on in advanced attribute mapping inthe Ouput Map page. You must move these mappings to the BeforeExecute connector hook. For example, see the mapping of attributeserpt84xemailadd and erpt84xrole in Before Execute connector hook andthe attributes PSUSEREMAIL and PSROLEUSER_VW in the Output Mappage of connector conAdduser in the PeopleToolsAddAL assembly line.

6. Save changes to the PeopleToolsAddAL assembly line.7. Define the newly added connector component in the service.def file. The

service.def file is available in the \temp directory where the adapter profilewas extracted.

Mapping attributes to the PeopleToolsModifyAL assembly lineYou can make an attribute modifiable by mapping the attribute to thePeopleToolsModifyAL assembly line.


About this task

To view the list of assembly line icons used while mapping attributes, see Table 6on page 19.

Procedure1. Select the PeopleToolsModifyAL assembly line. The Data Flow page opens.2. Right-click the Flow folder, and click Add connector component. The Select

Connector window opens.a. Select ibmdi.PeopleSoftConnector.b. In the Name field, type a name for the add connector component, for

example, mod_users.c. From the Mode list, select Delta.d. Click OK.

Note: On the Data Flow page, ensure that the value of the State list is Enabled.3. Click the Call/Return tab. The Initial Work Entry page opens.

a. Click the Add a new Attribute to the Attribute map toolbar button.b. Type a name for the new attribute and click OK. The new attribute is listed

in the Work Attribute list.4. Click the Data Flow tab. The Data Flow page opens.

a. In the left pane, expand the Flow folder and select the new connectorcomponent, mod_users.



until you see the Schema pane.b. Drag the attribute to the Connector Attribute pane. The attribute is listed in

the Connector Attribute pane.c. Click the Connect to the data source toolbar button.d. Click the Read the next entry toolbar button. All the attributes supported

by the Component Interface are displayed in the Schema pane.e. Click the Switch between List, Detail and Schema view toolbar button

until you see the Attribute Map details pane.f. Select the checkbox corresponding to the newly added attribute.

Note:

v To map a collection attribute; that is, a collection of simple attributes, youmust select the Advance Mapping Settings check box on the Output Mappage, and write scripts to map the collection attribute to thePeopleToolsModifyAL assembly line.

v The Tivoli Directory Integrator version 7.0 fix pack 6 and higher does notallow Java objects such as com.ibm.di.entry.Entry,com.ibm.di.entry.Attribute, and so on in advanced attribute mapping inthe Ouput Map page. You must move these mappings to the BeforeModify connector hook. For example, see the mapping of attributeserpt84xemailadd and erpt84xrole in Before Modify connector hook and theattributes PSUSEREMAIL and PSROLEUSER_VW in the Output Map pageof connector conModifyuser in the PeopleToolsModifyAL assembly line.


6. Click the Link Criteria tab.a. Click the Add new Link Criteria toolbar button.b. From the Connector Attribute list, select OPRID.c. From the Operator list, select equals.d. From the Value list, select $erUid.e. Click OK.

7. From the Flow folder, select conModifyUser, and click the Hooks tab.a. Expand the Data Flow folder and select Delta Successful. The Delta

Successful pane opens to the right.b. Type // before the line work.removeAllAttributes();.

8. Save the changes to the PeopleToolsModifyAL assembly line.9. Define the newly added connector component in the service.def file. The


Mapping attributes to the PeopleToolsSearchAL assembly lineYou can make the value of an attribute reconcilable by mapping the attribute to thePeopleToolsSearchAL assembly line.

About this task


Procedure1. Select the PeopleToolsSearchAL assembly line. The Data Flow page opens.2. Right-click the Flow folder, and click Add connector component. The Select

Connector window opens.a. Select ibmdi.PeopleSoftConnector.b. In the Name field, type a name for the add connector component, for

example, recon_users.c. From the Mode list, select Lookup.d. Click OK.

3. From the State list, select Passive.4. Click the Call/Return tab. The Initial Work Entry page opens.

a. Click the Add a new Attribute to the Attribute map toolbar button.b. Type a name for the new attribute, and click OK. The new attribute is

listed in the Work Attribute list.5. Click the Data Flow tab. The Data Flow page opens.

a. In the left pane, expand the Flow folder and select the new connectorcomponent, recon_users.


6. Click the Input Map tab. The Input Map page opens.a. Click the Switch between List, Detail and Schema view toolbar button

until you see the Schema pane.b. Drag the attribute to the Connector Attribute pane. The attribute is listed

in the Connector Attribute pane.c. Click the Connect to the data source toolbar button.


d. Click the Read the next entry toolbar button. All the attributes supportedby the Component Interface are displayed in the Schema pane.

e. Click the Switch between List, Detail and Schema view toolbar buttonuntil you see the Attribute Map details pane.

f. Select the checkbox corresponding to the newly added attribute.

Note:

v To map a collection attribute; that is, a collection of simple attributes,you must select the Advance Mapping Settings check box on the InputMap page, and write scripts to map the collection attribute to thePeopleToolsSearchAL assembly line.

v The Tivoli Directory Integrator version 7.0 fix pack 6 and higher does notallow Java objects such as com.ibm.di.entry.Entry,com.ibm.di.entry.Attribute, and so on in advanced attribute mapping inthe Input Map page. You must move these mappings to the AfterGetNext connector hook. For example, see the in the Input Map of theconnector conGetUsers PeopleToolsSearchAL to map collection attributesto work attributes without using objects of type com.ibm.di.entry.Entryand com.ibm.di.entry.Attribute.

7. Click the Link Criteria tab.a. Click the Add new Link Criteria toolbar button.b. From the Connector Attribute list, select OPRID.c. From the Operator list, select equals.d. From the Value list, select $erUid.e. Click OK.

8. Click the Hooks tab.a. Expand the DataFlow folder and select GetNext Successful.b. Type the following code in the GetNext Successful pane:

gpsConn1 = task.getConnector("connectorName");gpsConnCfg1 = gpsConn1.getConfiguration();gConnConfig1 = gpsConnCfg1.getConnectionConfig();gpsConn1.lookup(work);var abc = work.getString("attributeName");work.setAttribute("attributeName",abc);fLogMessage("INFO","FINAL DUMPING");main.dumpEntry(work);

where connectorName is the name of the connector component, andattributeName is the name of the new attribute.

9. Save the changes to the PeopleToolsSearchAL assembly line.10. Define the newly added connector component in the service.def file. The



Index

Aaccount form

customization 15structure 16

adapterattributes 13introduction 1overview 1troubleshooting errors 9user account management tasks 3

adding user accounts 4alternate user ID 5assembly lines

icons 19PeopleToolsAddAL assembly line 19,

22PeopleToolsModifyAL assembly

line 20, 24PeopleToolsSearchAL assembly

line 21, 25assigning

alternate user ID 5email addresses 6user supervisor 6

attributesadding user accounts 4customization 14ID Type 6

Cchecklist, configuring IBM Security

Identity Manager 1collection attributes, customization 14CompIntfc.jar file 15, 16customization

account forms 15collection attributes 14

CustomLabels.properties file 16

Ee-mail address attribute 6erpt84xuseraccount.xml file 16error

logsaccessing 9warnings and messages 9

errors, troubleshooting 9

Ffiles

CompIntfc.jar file 15, 16CustomLabels.properties file 16erpt84xuseraccount.xml file 16schema.dsml file 16

IID type attribute 6

Llogs

accessing errors 9warnings and messages 9

Mmapping attributes of Component

Interfacesnot supported 22supported 18

mapping attributes toPeopleToolsAddAL assembly line 19,

22PeopleToolsModifyAL assembly

line 20, 24PeopleToolsSearchAL assembly

line 21, 25

Ooperations

adding 4deletion 8modification 7restoration 8suspend 8

overview 1

PPeopleTools

account form 4PeopleToolsAddAL assembly line 19, 22PeopleToolsModifyAL assembly line 20,

24PeopleToolsSearchAL assembly line 21,

25permission

code 7description 7list 7

primary e-mail 6

Rrole names 7

Sschema.dsml file 16

Ttroubleshooting

adapter errors 9

Uuser account

adding 4deletion 8modification 7reconciliation 3restoration 8suspension 8

user supervisor 6

27

IBM®

Printed in USA

ibm security identity manager: peopletools adapter user...

Documents