Pre-requisites

• Install FIM 2010 R2 on Windows 2008, SQL 2008. If you are using Windows 2012 or SQL 2012 then install FIM 2010 R2 SP1
• Get the following Oracle database information from the Oracle DB Admin
  • Name of the Oracle server
  • Name of Oracle DB instance
  • Name of the Oracle View – If connection is a view
  • Name of the Anchor field
  • Attribute info, any reference, numeric, string fields
  • Account name and password to connect to the Oracle Database
  • Port to connect to Oracle database

Install Oracle client 11g on the FIM Server

If you are using Windows 2012 see this statement from Oracle on the minimum client version to use. I would advise go with the 12g client (64bit). For Windows 2008, I used the 11gR1 client.

• Go to \Win64_11g_Client – make sure it is the Windows 64bit client
• Click setup.exe
• Click Next
• Change path to install drive say D
• Click Next
• Select Runtime
• Click Next.
• Click Next
• Check the first 2 boxes - Checking Operating Systems requirements and Checking service pack requirements
• Click Next
• Click Install
• Installation is running and finishes
• Click Next
• Click finish
• Click Exit
• Click Yes to exit
• Go to D:\app\product\11.1.0\client_1\network\admin
• Open tnsnames.ora with notepad
• Enter Oracle database information.

Sample

Oracleserver_DNS_name=

               (Description =

                 (Address_list -

                    (Address = (Protocol = TCP)(Host = Oracleserver)(Port = 5555))

                )

                (Connect_data =

                   (Service_Name = OracleDBname)

                )

               )

• Save the file
• Open the sqlnet.ora with notepad
• Enter the line below. This will make FIM always send Oracle DB account info.

sqlnet.authentication_service=(none)

• Save the file.
• Test connectivity to the Oracle DB from a command prompt. The package will install a command prompt client.

Configure Oracle MA

1.1  MA Configuration and Connectivity Details

The following table outlines the details of the MA configuration and connectivity to the Oracle server.

MA Type	Oracle
MA Name	OracleMA

 1.2  Connect to Database

FIM needs to connect to the Oracle database to get schema information. Use data obtained from Oracle Administrator 

1.3  Configure columns

The schema imported from the database will have the following columns listed. 

Database Data Name	Type	Comments
FIRSTNAME	String
EMPLOYEEID	String	Use this as ANCHOR
MANAGER	Reference

 1.4  Connector Filter Rules

Connector filter rules are used to determine whether or not a connector space object is processed during synchronization.  These are utilized to remove objects meeting specific criteria from the scope of FIM processing.  Any connected data source objects which match a connector filter rule will not be synchronized with the Metaverse. 

1.5  Join and Projection Rules

Join and projection rules govern how connector space objects are connected to the FIM Synchronization Service Metaverse.  Join rules are first applied to determine if a disconnected object (disconnector) can be joined to the Metaverse based upon defined criteria.  A projection is when a user object is projected to the Metaverse as a new object.

1.6  Attribute Flow Rules

Attribute flow rules manage how data is synchronized between a connected data source and the corresponding Metaverse object.  Attributes can be configured to import data from the connected data source to the Metaverse or export data from the Metaverse to a connected data source.  Additionally, attributes can be mapped through direct attribute mapping, advanced attribute mapping, or via a customized rules extension.

1.7  Deprovisioning Rules

Deprovisioning rules are utilized to specify what should happen to the connector space objects when they are disconnected from the Metaverse by either a provisioning rules extension or when the joined Metaverse object is deleted. 

1.8  Extensions

Extensions are utilized to configure advanced features for the management agent. Specify if any extensions file will be used

Oracle DB connectivity tips

• The FIM Oracle DB MA does not support numeric type for attributes, only string or reference. This can be a problem if you are flowing the data to an attribute in the remote directory that is numeric type. An example the Countycode field in Active Directory (AD). This field is numeric which means that the Metaverse (MV) field must be numeric as well. If this data is coming from the oracle DB, the field type will be string. You have to write an extension code to convert the string data format to numeric and store it in the MV.
• It takes between 5-10 minutes for FIM to establish the connection to the Oracle DB each time it runs. But the import and export should be fairly quick, about 15minutes for 10000 objects.
• Use a DB view to connect to sensitive data systems such as a Human Resource Database.
• If a change is made to the Oracle DB view or to the Oracle DB, connectivity is lost. This may require a restart of the FIM service or a reboot of the FIM server.When connectivity is lost, the default reason assumed by FIM is that a change was made to schema. So you may find sometimes a service restart or server reboot does not fix the connectivity problem. It is advisable that each time connectivity is lost to go to the properties of the Oracle MA, connectivity page, enter the account password and click yes to the do a schema refresh. if after doing this connectivity is not restored then take a look at the Oracle client on the FIM server. Test native connectivity to the Oracle DB from the FIM server using the command prompt Oracle client.
• Some Oracle databases especially one with sensitive information may have a database firewall controlling access to the  database. Work with the DB firewall administrator to allow connectivity from the FIM server