Siebel JDBAdapter Installation and Configuration Guide · PDF fileIBM Security Identity Manager Version 6.0 Siebel JDBAdapter Installation and Configuration Guide SC27-4417-02

IBM Security Identity ManagerVersion 6.0

Siebel JDB Adapter Installation andConfiguration Guide

SC27-4417-02

��

IBM Security Identity ManagerVersion 6.0

Siebel JDB Adapter Installation andConfiguration Guide

SC27-4417-02

��

NoteBefore using this information and the product it supports, read the information in “Notices” on page 51.

Edition notice

Note: This edition applies to version 6.0 of IBM Security Identity Manager (product number 5724-C34) and to allsubsequent releases and modifications until otherwise indicated in new editions.

© Copyright IBM Corporation 2012, 2014.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

Figures . . . . . . . . . . . . . . . v

Tables . . . . . . . . . . . . . . . vii

Preface . . . . . . . . . . . . . . . ixAbout this publication . . . . . . . . . . . ixAccess to publications and terminology . . . . . ixAccessibility . . . . . . . . . . . . . . xTechnical training. . . . . . . . . . . . . xSupport information . . . . . . . . . . . . xStatement of Good Security Practices . . . . . . x

Chapter 1. Overview of the adapter . . . 1Features of the adapter . . . . . . . . . . . 1Architecture of the adapter . . . . . . . . . 1Supported configurations . . . . . . . . . . 2

Chapter 2. Preparation for the adapterinstallation . . . . . . . . . . . . . 3Preinstallation roadmap . . . . . . . . . . 3Installation roadmap. . . . . . . . . . . . 3Prerequisites to install the adapter . . . . . . . 3Prerequisites to use the adapter . . . . . . . . 4Installation worksheet for the adapter . . . . . . 5Software download for the Seibel JDB adapter . . . 5

Chapter 3. Adapter installation . . . . . 7Dispatcher installation . . . . . . . . . . . 7Installing the adapter . . . . . . . . . . . 7Adapter components on IBM Tivoli DirectoryIntegrator . . . . . . . . . . . . . . . 8Start, stop, and restart of the adapter service forSiebel JDB Adapter . . . . . . . . . . . . 8Importing the adapter profile into the IBM SecurityIdentity Manager server . . . . . . . . . . 9Verification of the adapter profile installation . . . 10Adapter user account . . . . . . . . . . . 10Creating a service . . . . . . . . . . . . 10

Chapter 4. First steps after installation 17Adapter configuration . . . . . . . . . . . 17

Customizing the adapter profile . . . . . . 17Configuration of view mode of businesscomponents . . . . . . . . . . . . . 19Removing the Responsibilities in LDAP attributefrom the account form for databaseauthentication . . . . . . . . . . . . 23

Configuration properties of the dispatcher . . . 23Password management when restoring accounts . . 23Language pack installation for the Siebel JDBadapter . . . . . . . . . . . . . . . . 24Verifying that the Siebel JDB adapter is workingcorrectly . . . . . . . . . . . . . . . 24

Chapter 5. Troubleshooting of theadapter errors . . . . . . . . . . . 27Techniques for troubleshooting problems . . . . 27Warning and error messages. . . . . . . . . 29

Chapter 6. Adapter upgrade. . . . . . 31Connector upgrade . . . . . . . . . . . . 31Dispatcher upgrade. . . . . . . . . . . . 31Upgrade of the existing adapter profile . . . . . 31

Chapter 7. Siebel JDB Adapteruninstallation . . . . . . . . . . . . 33Removing the adapter from the IBM TivoliDirectory Integrator server . . . . . . . . . 33Removal of the adapter profile from the IBMSecurity Identity Manager server . . . . . . . 33

Chapter 8. Adapter reinstallation . . . 35

Appendix A. Adapter attributes . . . . 37

Appendix B. Custom XML details . . . 41Supported attributes for the custom XML file . . . 41

Appendix C. Definitions for ITDI_HOMEand ISIM_HOME directories . . . . . . 43

Appendix D. Support information . . . 45Searching knowledge bases . . . . . . . . . 45Obtaining a product fix . . . . . . . . . . 46Contacting IBM Support . . . . . . . . . . 46

Appendix E. Accessibility features forIBM Security Identity Manager . . . . 49

Notices . . . . . . . . . . . . . . 51

Index . . . . . . . . . . . . . . . 55

© Copyright IBM Corp. 2012, 2014 iii

iv IBM Security Identity Manager: Siebel JDB Adapter Installation and Configuration Guide

Figures

1. The architecture of the Siebel JDB Adapter 12. Example of a single server configuration . . . 2

3. Example of a multiple server configuration 2

© Copyright IBM Corp. 2012, 2014 v

vi IBM Security Identity Manager: Siebel JDB Adapter Installation and Configuration Guide

Tables

1. Preinstallation roadmap . . . . . . . . . 32. Installation roadmap . . . . . . . . . . 33. Prerequisites to install the adapter . . . . . 44. Required information to install the adapter 55. Adapter components . . . . . . . . . . 86. XML files used for user management and for

various support data attributes . . . . . . 207. Values for business components in viewMode 228. Messages and actions . . . . . . . . . 299. Attributes, descriptions, and corresponding

Siebel attributes for erTDISblJDBAccount . . . 3710. Attributes, descriptions, and corresponding

Siebel attributes for erTDISblResponsibility . 38

11. Attributes, descriptions, and correspondingSiebel attributes for erTDISblPosition. . . . 38

12. Attribute, description, and correspondingSiebel attribute for erTDISblTZones . . . . . 39

13. Attribute, description, and correspondingSiebel attribute for erTDISblTitles . . . . . 39

14. Attribute, description, and correspondingSiebel attribute for erTDISblEmpNotify . . . 39

15. Attribute, description, and correspondingSiebel attribute for erTDISblEmpAvail . . . . 39

16. Attributes, descriptions, and correspondingSiebel attributes for erTDISblBU . . . . . . 39

17. Attribute information for the custom XML file 41

© Copyright IBM Corp. 2012, 2014 vii

viii IBM Security Identity Manager: Siebel JDB Adapter Installation and Configuration Guide

Preface

About this publication

The Siebel JDB Adapter Installation and Configuration Guide provides the basicinformation that you can use to install and configure the IBM® Security IdentityManager Siebel Java™ Data Beans Adapter (Siebel JDB Adapter).

The Siebel JDB Adapter enables connectivity between the IBM Security IdentityManager server and a Siebel Server. The IBM Security Identity Manager server isthe server for your IBM Security Identity Manager product.

Access to publications and terminologyThis section provides:v A list of publications in the “IBM Security Identity Manager library.”v Links to “Online publications.”v A link to the “IBM Terminology website.”

IBM Security Identity Manager library

For a complete listing of the IBM Security Identity Manager and IBM SecurityIdentity Manager Adapter documentation, see the online library(http://www-01.ibm.com/support/knowledgecenter/SSRMWJ/welcome).

Online publications

IBM posts product publications when the product is released and when thepublications are updated at the following locations:

IBM Security Identity Manager libraryThe product documentation site (http://www-01.ibm.com/support/knowledgecenter/SSRMWJ/welcome) displays the welcome page andnavigation for the library.

IBM Security Systems Documentation CentralIBM Security Systems Documentation Central provides an alphabetical listof all IBM Security Systems product libraries and links to the onlinedocumentation for specific versions of each product.

IBM Publications CenterThe IBM Publications Center site ( http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss) offers customized search functionsto help you find all the IBM publications you need.

IBM Terminology website

The IBM Terminology website consolidates terminology for product libraries in onelocation. You can access the Terminology website at http://www.ibm.com/software/globalization/terminology.

© Copyright IBM Corp. 2012, 2014 ix

http://www-01.ibm.com/support/knowledgecenter/SSRMWJ/welcome



https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/IBM%20Security%20Systems%20Documentation%20Central/page/Welcome

http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss

http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss

http://www.ibm.com/software/globalization/terminology

http://www.ibm.com/software/globalization/terminology

AccessibilityAccessibility features help users with a physical disability, such as restrictedmobility or limited vision, to use software products successfully. With this product,you can use assistive technologies to hear and navigate the interface. You can alsouse the keyboard instead of the mouse to operate all features of the graphical userinterface.

Technical trainingFor technical training information, see the following IBM Education website athttp://www.ibm.com/software/tivoli/education.

Support informationIBM Support provides assistance with code-related problems and routine, shortduration installation or usage questions. You can directly access the IBM SoftwareSupport site at http://www.ibm.com/software/support/probsub.html.

Appendix D, “Support information,” on page 45 provides details about:v What information to collect before contacting IBM Support.v The various methods for contacting IBM Support.v How to use IBM Support Assistant.v Instructions and problem-determination resources to isolate and fix the problem

yourself.

Note: The Community and Support tab on the product information center canprovide additional support resources.

Statement of Good Security PracticesIT system security involves protecting systems and information throughprevention, detection and response to improper access from within and outsideyour enterprise. Improper access can result in information being altered, destroyed,misappropriated or misused or can result in damage to or misuse of your systems,including for use in attacks on others. No IT system or product should beconsidered completely secure and no single product, service or security measurecan be completely effective in preventing improper use or access. IBM systems,products and services are designed to be part of a comprehensive securityapproach, which will necessarily involve additional operational procedures, andmay require other systems, products or services to be most effective. IBM DOESNOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES AREIMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THEMALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

x IBM Security Identity Manager: Siebel JDB Adapter Installation and Configuration Guide

http://www.ibm.com/software/tivoli/education

http://www.ibm.com/software/support/probsub.html

Chapter 1. Overview of the adapter

An adapter provides an interface between a managed resource and the IBMSecurity Identity Manager server.

Adapters might reside on the managed resource. The IBM Security IdentityManager server manages access to the resource by using your security system.Adapters function as trusted virtual administrators on the target platform. Theyperform tasks, such as creating, suspending, and restoring user accounts, and otheradministrative functions that are performed manually. The adapter runs as aservice, independently of whether you are logged on to the IBM Security IdentityManager server.

Features of the adapterThe adapter automates user account management tasks.

The adapter automates the following tasks:v Reconciling user accounts and support datav Adding, suspending, restoring, and deleting user accountsv Modifying user account attributes

Architecture of the adapterYou must install several components for the adapter to function correctly.

The adapter requires the following components:v The Dispatcherv The IBM Tivoli® Directory Integrator connectorv The IBM Security Identity Manager adapter profile

You need to install the Dispatcher and the adapter profile; however, the TivoliDirectory Integrator connector might already be installed with the base TivoliDirectory Integrator product.

Figure 1 describes the components that work together to complete the user accountmanagement tasks in a Tivoli Directory Integrator environment.

For more information about Tivoli Directory Integrator, see the Quick Start Guide inthe IBM Security Identity Manager product documentation.

RMI callsIBM SecurityIdentityManagerServer

DispatcherService(an instanceof the IBMTivoliDirectoryIntegrator)

Adapterresource

Figure 1. The architecture of the Siebel JDB Adapter

© Copyright IBM Corp. 2012, 2014 1

http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itim.doc/welcome.htm

Supported configurationsThe adapter supports both single server and multiple server configurations.

The fundamental components in each environment are:v The IBM Security Identity Manager serverv The Tivoli Directory Integratorv The managed resourcev The adapter

The adapter must reside directly on the server running the Tivoli DirectoryIntegrator.

Single server configuration

In a single server configuration, install the IBM Security Identity Manager server,the Tivoli Directory Integrator, and the Siebel JDB Adapter on one server toestablish communication with the Siebel server.

The Siebel server is installed on a different server as described in Figure 2.

Multiple server configuration

In a multiple server configuration, the Tivoli Directory Integrator server, the TivoliDirectory Integrator, the Siebel JDB Adapter, and the Siebel server are installed ondifferent servers.

Install the Tivoli Directory Integrator and the Siebel JDB Adapter on the sameserver as described in Figure 3.

IBM SecurityIdentity Manager Server

Tivoli DirectoryIntegrator Server

Adapter

Managed

resource

Figure 2. Example of a single server configuration

IBM SecurityIdentity Managerserver

Tivoli DirectoryIntegrator server Managed

resource

Adapter

Figure 3. Example of a multiple server configuration

2 IBM Security Identity Manager: Siebel JDB Adapter Installation and Configuration Guide

Chapter 2. Preparation for the adapter installation

Installing and configuring the adapter involves several steps that you mustcomplete in an appropriate sequence.

Review the road maps before you begin the installation process.

Preinstallation roadmapBefore you install the adapter, you must prepare the environment.

Perform the tasks that are listed in Table 1.

Table 1. Preinstallation roadmap

Task For more information

Obtain the installation software. Download the software from PassportAdvantage. See “Software download for theSeibel JDB adapter” on page 5.

Verify that your environment meets thesoftware and hardware requirements for theadapter.

See “Prerequisites to install the adapter” and“Prerequisites to use the adapter” on page 4.

Obtain the necessary information for theinstallation and configuration.

See “Installation worksheet for the adapter”on page 5.

Installation roadmapTo install the adapter, you must complete the tasks in the roadmap.

Table 2. Installation roadmap

Task For more information

Verify the Dispatcher installation. See “Dispatcher installation” on page 7.

Install the adapter. See “Installing the adapter” on page 7.

Verify the installation. See “Adapter components on IBM TivoliDirectory Integrator” on page 8.

Import the adapter profile. See “Importing the adapter profile into theIBM Security Identity Manager server” onpage 9.

Verify the profile installation. See “Verification of the adapter profileinstallation” on page 10.

Create an adapter user account. See “Adapter user account” on page 10.

Create a service. See “Creating a service” on page 10.

Configure the adapter. See “Adapter configuration” on page 17.

Prerequisites to install the adapterVerify that your environment meets all the prerequisites before installing theadapter.


Ensure that you install the adapter on the same workstation as the Tivoli DirectoryIntegrator server. Table 3 identifies the software and operating system prerequisitesfor the adapter installation.

Table 3. Prerequisites to install the adapter

Prerequisite Description

IBM Tivoli Directory Integrator Version 7.1 fix pack 5 or later

Version 7.1.1

IBM Security Identity Manager server Version 6.0

Siebel server 7.7, 7.8, 8.0

System Administrator AuthorityTo complete the adapter installationprocedure, you must have systemadministrator authority.

Tivoli Directory Integrator adapters solutiondirectory

A Tivoli Directory Integrator adapterssolution directory is a Tivoli DirectoryIntegrator work directory for IBM SecurityIdentity Manager adapters. See theDispatcher Installation and Configuration Guide.

You must install the adapter on those IBM Tivoli Directory Integrator platformsthat support the managed resource libraries or jars that the adapter uses. Forinformation about the prerequisites and supported operating systems for IBMSecurity Identity Manager, see the IBM Tivoli Directory Integrator 7.1: AdministratorGuide.

Prerequisites to use the adapterYou must meet the following Java Data Beans requirement to run the Siebel JDBAdapter.

The Siebel JDB connector communicates with the Siebel Enterprise server by usingthe Java Data Beans (JDB). The Java Data Beans is an integration method exposedby Siebel to communicate with external Java applications. The Java Data Bean codein the Siebel JDB connector has dependency on the following JAR files on themanaged resource:v Siebel.jarv SiebelJI_lang.jar. (where lang is the installed language pack; for example,

SiebelJI_enu.jar for English or SiebelJI_jpn.jar for Japanese).

These JAR files must be copied from SiebelInstall\siebsrvr\CLASSES” on themanaged resource to the Tivoli Directory Integrator workstation, so that theadapter can access them. Copy the JAR files to ITDI_HOME/jars/3rdparty/othersdirectory.

The JAR files corresponding to the JDBC driver that is used for communicatingwith the database must be copied to the ITDI_HOME/jars/3rdparty/othersdirectory.

For example, if you are using the Microsoft SQL Server driver to connect toMS-SQL, copy the following driver JAR files:v Msbase.jar


v Msutil.jarv Mssqlserver.jar

These JAR files are available as part of the Microsoft SQL Server driver for JDBC.

Installation worksheet for the adapterTable 4 identifies the information that you need before installing the adapter.

Table 4. Required information to install the adapter

Required information Description Value

Tivoli DirectoryIntegrator HomeDirectory(ITDI_HOME)

The ITDI_HOME directory containsthe jars/connectors subdirectory thatcontains adapter jars. For example,the jars/connectors subdirectorycontains the jar for the UNIXadapter.

If Tivoli DirectoryIntegrator is automaticallyinstalled with your IBMSecurity Identity Managerproduct, the defaultdirectory path for TivoliDirectory Integrator is asfollows:

Windows:

v for version 7.1:

drive\ProgramFiles\IBM\TDI\V7.1

UNIX:

v for version 7.1:

/opt/IBM/TDI/V7.1

Solution Directory(ADAPTER_SOLDIR)

When you install the dispatcher, theadapter prompts you to specify a filepath for the solution directory. Formore information about the solutiondirectory, see the DispatcherInstallation and Configuration Guide.

The default solutiondirectory is:

Windows:

v for version 7.1

drive\ProgramFiles\IBM\TDI\V7.1\timsol

UNIX:

v for version 7.1:

/opt/IBM/TDI/V7.1/timsol

Software download for the Seibel JDB adapterDownload the software through your account at the IBM Passport Advantage®

website.

Go to IBM Passport Advantage.

See the IBM Security Identity Manager Download Document for instructions.

Note:

You can also obtain additional adapter information from IBM Support.

Chapter 2. Preparation for the adapter installation 5

http://www.ibm.com/software/howtobuy/passportadvantage/pao_customers.htm


Chapter 3. Adapter installation

All the Tivoli Directory Integrator-based adapters require the Dispatcher for theadapters to function correctly.

If the Dispatcher is installed from a previous installation, do not reinstall it unlessthere is an upgrade to the Dispatcher. See “Dispatcher installation.”

After verifying the Dispatcher installation, you might need to install the TivoliDirectory Integrator connector. Depending on your adapter, the connector mightalready be installed as part of the Tivoli Directory Integrator product and nofurther action is required.

Dispatcher installationIf this installation is the first Tivoli Directory Integrator-based adapter installation,you must install the Dispatcher before you install the adapter.

You must install the Dispatcher on the same Tivoli Directory Integrator serverwhere you want to install the adapter.

Obtain the dispatcher installer from the IBM Passport Advantage website,http://ww.ibm.com/software/howtobuy/passportadvantage/pao_customers.htm.For information about Dispatcher installation, see the Dispatcher Installation andConfiguration Guide.

Installing the adapterYou must complete several steps to install the adapter.

Before you begin

Do the following tasks: :v Verify that your site meets all the prerequisite requirements. See “Prerequisites to

install the adapter” on page 3.v Obtain a copy of the installation software. See “Software download for the Seibel

JDB adapter” on page 5.v Obtain system administrator authority. See “Prerequisites to install the adapter”

on page 3.

About this task

The adapter uses the IBM Tivoli Directory Integrator Siebel JDB connector. Thisconnector is not available with the base Tivoli Directory Integrator product. Theadapter installation involves Tivoli Directory Integrator Siebel JDB connectorinstallation. Before you install the adapter, make sure that the Dispatcher isinstalled. See “Dispatcher installation.”

Procedure

To install the adapter, complete the following steps:


http://www.ibm.com/software/howtobuy/passportadvantage/pao_customers.htm

1. Create a temporary directory on the workstation where you want to install theadapter.

2. Extract the contents of the compressed file in the temporary directory.3. Copy the SiebelJDBConnector.jar file to the ITDI_HOME/jars/connectors

directory.4. Copy all XML files from resource directory in the installation package to the

ADAPTER_SOLDIR/SiebelCustomXMLs directory.5. Restart the IBM Security Identity Manager adapter (Dispatcher) service.

For guidance on starting and stopping the adapter service, see the DispatcherInstallation and Configuration Guide.

What to do next

After you finish the adapter installation, do the following tasks:v Verify that the installation completed successfully. See “Adapter components on

IBM Tivoli Directory Integrator.”v Import the adapter profile. See “Importing the adapter profile into the IBM

Security Identity Manager server” on page 9.v Create a user account for the adapter on IBM Security Identity Manager. See

“Adapter user account” on page 10.

Adapter components on IBM Tivoli Directory IntegratorWhen the adapter is installed correctly, you can find the adapter components onIBM Tivoli Directory Integrator.

Table 5. Adapter components

Directory Adapter component

On the Windows operating system:ITDI_HOME\jars\connectors\

On the UNIX operating system:ITDI_HOME/jars/connectors/

SiebelJDBConnector.jar

On the Windows operating system:ADAPTER_SOLDIR\SiebelCustomXmls

On the UNIX operating system:ADAPTER_SOLDIR/SiebelCustomXmls

v AvailStatusTypes.xml

v Employee.xml

v NotificationTypes.xml

v Organization.xml

v PersonalTitle.xml

v Positions.xml

v Responsibility.xml

v TimeZone.xml

v UserList.xml

v Validator.dtd

If this installation is to upgrade a connector, send a request from IBM SecurityIdentity Manager and verify that the version number in the ibmdi.log matches theversion of the connector.

Start, stop, and restart of the adapter service for Siebel JDB AdapterTo start, stop, or restart the adapter, you must start, stop, or restart the Dispatcher.


The adapter does not exist as an independent service or a process. The adapter isadded to the Dispatcher instance, which runs all the adapters that are installed onthe same Tivoli Directory Integrator instance.

See the topic about starting stopping, and restarting the dispatcher service in theDispatcher Installation and Configuration Guide.

Importing the adapter profile into the IBM Security Identity Managerserver

Use the adapter profile to create an adapter service on IBM Security IdentityManager server and establish communication with the adapter.

Before you begin

An adapter profile defines the types of resources that the IBM Security IdentityManager server can manage.

Verify that the following conditions are met:v The IBM Security Identity Manager server is installed and running.v You have root or Administrator authority on IBM Security Identity Manager.

About this task

Before you can create an adapter service, the IBM Security Identity Manager servermust have an adapter profile to recognize the adapter. The files that are packagedwith the adapter include the adapter profile JAR file. You can import the adapterprofile as a service profile on the server with the Import feature of IBM SecurityIdentity Manager.

The SiebelJDBProfile.jar file includes all the files that are required to define theadapter schema, account form, service form, and profile properties. You can extractthe files from the JAR file to modify the necessary files and package the JAR filewith the updated files.

Procedure1. Log on to the IBM Security Identity Manager server by using an account that

has the authority to perform administrative tasks.2. In the My Work pane, expand Configure System and click Manage Service

Types.3. On the Manage Service Types page, click Import to display the Import Service

Types page.4. Specify the location of the SiebelJDBProfile.jar file in the Service Definition

File field by taking one of the following actions:v Type the complete location of where the file is stored.v Use Browse to navigate to the file.

5. Click OK.

Note: When you import the adapter profile and if you receive an error relatedto the schema, see the trace.log file for information about the error. Thetrace.log file location is specified by using the handler.file.fileDir propertydefined in the IBM Security Identity Manager enRoleLogging.properties file.The enRoleLogging.properties file is installed in the ISIM_HOME\data directory.

Chapter 3. Adapter installation 9

What to do next

Restart IBM Security Identity Manager for the change to take effect.

Verification of the adapter profile installationAfter you install the adapter profile, verify that the installation was successful.

An unsuccessful installation:v Might cause the adapter to function incorrectly.v Prevents you from creating a service with the adapter profile.

To verify that the adapter profile is successfully installed, create a service with theadapter profile. For more information about creating a service, see “Creating aservice.”

If you are unable to create a service using the adapter profile or open an accounton the service, the adapter profile is not installed correctly. You must import theadapter profile again.

Adapter user accountYou must create a user account for the adapter on the managed resource. You mustprovide the account information when you create a service.

The accounts must be able to remotely connect to the Siebel Server and theassociated database or LDAP directory. The account must also have sufficientprivileges to administer Siebel users.

For more information about creating a service, see “Creating a service.”

Creating a serviceAfter the adapter profile is imported on IBM Security Identity Manager, you mustcreate a service so that IBM Security Identity Manager can communicate with theadapter.

About this task

To create or change a service, you must use the service form to provideinformation for the service. Service forms might vary depending on the adapter.

Note: If the following fields on the service form are changed for an existingservice, the IBM Security Identity Manager Adapter service on the Tivoli DirectoryIntegrator server must be restarted.

SIEBEL JDB CONNECTION tab:

v Administrator Password

v Language

v Authentication Type

SIEBEL DATABASE CONNECTION tab:

v Database Type

v JDBC URL for the database

v JDBC Driver to be used


v Database Name

v Database User Name

v Database User Password

SIEBEL LDAP CONNECTION tab:

v Directory Server Location

v Administrator Name

v Administrator Password

v User Base DN

v Responsibilities Attribute

v Remove LDAP User on Delete?

DISPATCHER ATTRIBUTE tab:

v AL FileSystem Path

v Max Connection Count

Procedure1. Log on to the IBM Security Identity Manager server with an account that has

the authority to perform administrative tasks.2. In the My Work pane, click Manage Services and click Create.3. On the Select the Type of Service page, select Siebel JDB Profile.4. Click Next to display the adapter service form.5. Complete the following fields on the service form:

ITIM Siebel JDB Service

Service NameSpecify a name that defines the adapter service on the IBMSecurity Identity Manager server.

Note: Do not use forward (/) or backward slashes (\) in theservice name.

DescriptionOptional: Specify a description that identifies the service foryour environment.

IBM Tivoli Directory Integrator locationOptional: Specify the URL for the Tivoli Directory Integratorinstance. The valid syntax for the URL is rmi://ip-address:port/ITDIDispatcher, where ip-address is the TivoliDirectory Integrator host and port is the port number for theDispatcher. The default URL isrmi://localhost:1099/ITDIDispatcher

For information about changing the port number, see theDispatcher Installation and Configuration Guide.

OwnerOptional: Specify a IBM Security Identity Manager user as aservice owner.

Service prerequisiteOptional: Specify the IBM Security Identity Manager servicethat is a prerequisite to this service.

Siebel JDB connection


Connect stringSpecify the web address that contains the information toconnect to any Siebel server component. The generic form ofthe syntax for the connect string is:siebel[[.transport][.[encryption][.[compression]]]]://host:port/EnterpriseServer/AppObjMgr

transportSpecify the network protocol used for communicationbetween the Siebel JDB connector and the Siebel server.Typical values are TCP/IP or HTTP.

encryptionSpecify the type of encryption used for communicationbetween the Siebel JDB connector and the Siebel server.Typical values are none or mscrypto.

compressionSpecify the type of data compression used forcommunication between the Siebel JDB connector andthe Siebel server. Typical values are none or zlib.

host The value used for the host portion of the connectstring depends on Siebel system configuration:v If the Siebel system configuration contains only one

Siebel server, specify the host name or IP address ofthe computer where the Siebel server is running.

v If the Siebel system configuration contains multipleSiebel servers and uses third-party load balancing,specify the virtual IP address of the third-party loadbalancer.

v If the Siebel system configuration contains multipleSiebel servers and uses Siebel native load balancing,specify the host name or IP address of any computerwhere a Siebel server is running.

port The value used for the port portion of the connectstring depends on Siebel system configuration:v If the Siebel system configuration contains only one

Siebel server, specify the port number for SCBrokeron that server. The default port for SCBroker is 2321.

v If the Siebel system configuration contains multipleSiebel servers and uses third-party load balancing,specify the virtual port number in the third-partyload balancer that maps to the physical workstationsrunning the Siebel server.

v If the Siebel system configuration contains multipleSiebel servers and uses Siebel native load balancing,specify the port number that SCBroker uses on theSiebel server that you specified for the host portionof the connect string.

EnterpriseServerSpecify the name of the Siebel enterprise.

AppObjMgrSpecify the Application Object Manager.


Note: For Java Data Beans, the Siebel JDB Adaptermust connect to the EAIObjMgr_<lang>.

The specific connect string can be found in the file Siebelinstallation home\ SWEApp\BIN\eapps.cfg, under the heading[eai_lang]>], where lang is the language pack installed.

Administrator nameSpecify the Siebel administrator. This user must have sufficientpermissions to perform User Provisioning operations on themanaged resource.

Administrator PasswordSpecify the password of the Siebel administrator.

LanguageSpecify the installed language pack. Select the appropriatelanguage from the drop-down menu of all languages supportedby the Siebel server.

Authentication TypeSiebel resource can be configured to use different authenticationmechanisms at various levels namely. Enterprise, Siebel server,or components on the Siebel server. Specify the Siebelauthentication mechanism in use for the EAI Object Manager(EAIObjMgr) component. Depending on the choice given here,either database connection related or LDAP connection-relatedparameters given in the next two tabs are used. Ifauthentication type is DB Authentication, then fill parameterson the Siebel database connection tab. If authentication type isLDAP Authentication, then fill parameters on the Siebel LDAPconnection tab.

Siebel database connectionIf authentication type is DB Authentication, then fill parameters on theSiebel database connection tab, otherwise you might ignore this tab.

Database typeSpecify the type of database that the adapter uses. For example,MS-SQL or Oracle.

JDBC URL For DatabaseSpecify the JDBC web address to connect to the database.

JDBC driver to be usedSpecify the JDBC driver class name.

Database nameSpecify the instance name of the database that Siebel uses.

Database user nameSpecify the user name to connect to the database. The usermust have privileges to add, delete, and modify logins andusers to the specified database instance.

Database user passwordSpecify the password for the database user.

Siebel LDAP connectionIf authentication type is LDAP Authentication, then fill parameters onthe Siebel LDAP connection tab, otherwise you might ignore this tab.


Directory Server LocationSpecify the LDAP web address in ldap://host:port format.The default value is ldap://localhost:389

Administrator NameSpecify the full distinguished name (DN) for the LDAPadministrator that is stored in the directory.

Administrator PasswordSpecify the password for the specified administrator.

User Base DNSpecify the base DN under which users are stored.

Responsibilities AttributeSpecify the LDAP attribute in which user responsibilities arestored. You can configure the Siebel server to use any attributefrom the iNetOrgPerson objectclass to store responsibilities.This attribute must be multi-valued to store more than oneresponsibility because Siebel-supported security adapterscannot read more than one responsibility from a single-valueattribute. User can select one of the attributes from thedropdown list which lists of all multi-valued attributes fromLDAP objectclass iNetOrgPerson.

Remove LDAP User on Delete?Specify whether to remove the LDAP user on user deleteoperation. The Siebel server does not remove the LDAP userfrom directory. The adapter can remove it by using the LDAPconnector.

Dispatcher Attributes

Disable AL CachingSelect the check box to disable the assembly line (test, add,modify, delete) caching in the dispatcher for the service.

AL FileSystem PathSpecify the file path from where the dispatcher loads theassembly lines. If you do not specify a file path, the dispatcherloads the assembly lines received from IBM Security IdentityManager. For example, you can specify the following file pathto load the assembly lines from the profiles directory of theWindows operating system: c:\Files\IBM\TDI\V7.1\profilesor you can specify the following file path to load the assemblylines from the profiles directory of the UNIX and Linuxoperating systems:system:/opt/IBM/TDI/V7.1/profiles

Max Connection CountSpecify the maximum number of assembly lines that thedispatcher can run simultaneously for the service. For example,enter 10 when you want the dispatcher to run maximum 10assembly lines simultaneously for the service. If you enter 0 inthe Max Connection Count field, the dispatcher does not limitthe number of assembly lines that run simultaneously for theservice.

On the Status and information tabThis page contains read only information about the adapter andmanaged resource. These fields are examples. The actual fields varydepending on the type of adapter and how the service form is


configured. The adapter must be running to obtain the information.Click Test Connection to populate the fields.

Last status update: DateSpecifies the most recent date when the Status and informationtab was updated.

Last status update: TimeSpecifies the most recent time of the date when the Status andinformation tab was updated.

Managed resource statusSpecifies the status of the managed resource that the adapter isconnected to.

Adapter versionSpecifies the version of the adapter that the IBM SecurityIdentity Manager service uses to provision request to themanaged resource.

Profile versionSpecifies the version of the profile that is installed in the IBMSecurity Identity Manager server.

TDI versionSpecifies the version of the Tivoli Directory Integrator on whichthe adapter is deployed.

Dispatcher versionSpecifies the version of the Dispatcher.

Installation platformSpecifies summary information about the operating systemwhere the adapter is installed.

Adapter accountSpecifies the account that running the adapter binary file.

Adapter up time: DateSpecifies the date when the adapter started.

Adapter up time: TimeSpecifies the time of the date when the adapter started.

Adapter memory usageSpecifies the memory usage for running the adapter.

If the connection fails, follow the instructions in the error message. Alsov Verify the adapter log to ensure that the IBM Security Identity

Manager test request was successfully sent to the adapter.v Verify the adapter configuration information.v Verify IBM Security Identity Manager service parameters for the

adapter profile. For example, verify the work station name or the IPaddress of the managed resource and the port.

6. Click Finish.



Chapter 4. First steps after installation

After you install the adapter, you must perform several other tasks. The tasksinclude configuring the adapter, setting up SSL, installing the language pack, andverifying the adapter works correctly.

Adapter configurationYou can change the configuration options for the Siebel JDB Adapter.v “Customizing the adapter profile”v “Configuration of view mode of business components” on page 19v “Removing the Responsibilities in LDAP attribute from the account form for

database authentication” on page 23

See the Dispatcher Installation and Configuration Guide for additional configurationoptions such as:v JVM propertiesv Dispatcher filteringv Dispatcher propertiesv Dispatcher port numberv Logging configurationsv Secure Sockets Layer (SSL) communication

Customizing the adapter profileTo customize the adapter profile, you must modify the Siebel JDB Adapter JARfile.

About this task

You might customize the adapter profile to change the account form or the serviceform. You can also change the labels on the forms using the Form Designer orCustomLabels.properties. Each adapter has a CustomLabels.properties file forthat adapter.

The JAR file is included in the Siebel JDB Adapter compressed file that youdownloaded from the IBM website.

Note: The adapter supports a set of ready-to-use attributes. To customize the set ofattributes that the adapter supports, see the Directory Integrator-Based Siebel JDBAdapter User Guide.

The following files are included in the SiebelJDBProfile JAR file:v CustomLabels.propertiesv erTDISblJDBAccount.xmlv erTDISblJDBRMIService.xmlv SiebelJDBAdapter.xmlv siebelJDBAdd.xmlv siebelJDBDelete.xmlv siebelJDBModify.xml


v siebelJDBSearch.xmlv siebelJDBTest.xmlv schema.dsmlv service.def

After you edit the file, you must import the file into the IBM Security IdentityManager server for the changes to take effect.

Procedure1. Edit the JAR file.

a. Log on to the workstation where the Siebel JDB Adapter is installed.b. Copy the JAR file into a temporary directory.c. Extract the contents of the JAR file into the temporary directory. Run the

following command. The following example applies to the Siebel JDBAdapter profile. Type the name of the JAR file for your operating system.#cd /tmp#jar -xvf SiebelJDBProfile.jar

The jar command extracts the files into the SiebelJDBProfile directory.d. Edit the file that you want to change.

2. Import the file.a. Create a JAR file using the files in the /tmp directory Run the following

command:#cd /tmp#jar -cvf SiebelJDBProfile.jar SiebelJDBProfile

b. Import the JAR file into the IBM Security Identity Manager applicationserver. For more information about importing the JAR file, see “Importingthe adapter profile into the IBM Security Identity Manager server” on page9.

c. Stop and start the IBM Security Identity Manager server.d. Stop and start the Siebel JDB Adapter service. See “Start, stop, and restart of

the adapter service for Siebel JDB Adapter” on page 8 for information aboutstopping and starting the Siebel JDB Adapter service.

LDAP Password attribute change for LDAP authenticationTo manage users on Siebel Server having LDAP authentication, Siebel JDB Adapterneeds the LDAP password attribute name for the LDAP user, which isuserPassword by default.

The LDAP password attribute LDAPPwdAttribute is a dispatcher parameter and isdefined in the service.def file as:<dispatcherParameter name="LDAPPwdAttribute">

<default>userPassword</default></dispatcherParameter>

You can change default value by editing the service.def file. See the Siebel JDBAdapter white paper for more details on modifying Siebel JDB Profile.

Note: The dispatcher parameter LDAPPwdAttribute is ignored, if the Siebel server isusing database authentication.


Editing Siebel JDB adapter profiles on the UNIX or Linuxoperating systemThe adapter profile .jar file might contain ASCII files that are created by using theMS-DOS ASCII format.

About this task

If you edit an MS-DOS ASCII file on the UNIX operating system, you might see acharacter ^M at the end of each line. These characters indicate new lines of text inMS-DOS. The characters can interfere with the running of the file on UNIX orLinux systems. You can use tools, such as dos2unix, to remove the ^M characters.You can also use text editors, such as the vi editor, to remove the charactersmanually.

Example

You can use the vi editor to remove the ^M characters. From the vi commandmode, run the following command and press Enter::%s/^M//g

When you use this command, enter ^M or Ctrl-M by pressing ^v^M or Ctrl V CtrlM sequentially. The ^v instructs the vi editor to use the next keystroke instead ofissuing it as command.

Configuration of view mode of business componentsThe Siebel JDB connector uses custom XML files that specify which user attributesto set or get and which support data attributes to get.

You can edit these XML files or create a new one to change the business object, thebusiness component, and the set of attributes under that business component.These XML files for the ready-to-use attributes that the adapter supports areshipped along with the Siebel JDB Adapter, and are in theAdapter_solution_directory/SiebelCustomXMLs/ directory.

See “View Mode specification in XML file” on page 20.

View modeThe view modes of a business component determine the allowable access controlmechanisms that can be applied to the business component in any view.

When a view is based on a particular business component, the view must use oneof the view modes specified for the business component. For example, theResponsibility business component can only be used in Organization view mode.Each view mode also determines how data is associated with a user to determinewhether the user has access. For example, a business component that allowspersonal access control might connect the data to the person by comparing thedata Owner Id field to the person’s user ID. Another business component mightapply personal access control through the data Created by field.

Use Siebel Tools to work with properties of business components.

Note: If a business component has no listed view modes, then no access controlbased on the business component exist for views that are based on that businesscomponent.

Chapter 4. First steps after installation 19

Viewing the view mode and visibility fields of a businesscomponentYou can use Siebel Tools to see the view mode details of a particular businesscomponent.

Procedure1. Launch Siebel Tools.2. In the Siebel Objects Object folder, click + (the plus sign) next to Business

Component to expand the Business Component object type. The BusinessComponent sub-tree is displayed.

3. Select the required Business Component and click the BusComp View Modeicon. The business component view mode details are displayed. A record inBusiness Component View Modes represents one view mode the businesscomponent can assume.

View Mode specification in XML fileThe adapter supports various ready-to- use attributes for view mode.

This table shows the XML files for the ready-to-use attributes that the adaptersupports.

Table 6. XML files used for user management and for various support data attributes

Used forBusiness object:business component XML file name

Defaultview modeof businesscomponent

Default view modes ofMVBBusComoponets andPicklistBusComponents

User management User List: User UserList.xml 5MVGBusComponent

v name="EmployeeOrganization"viewMode="9"

v

name="Responsibility"viewMode="9"

v name="Position"viewMode="9"

PicklistBusComponent

v name="Time Zone"viewMode="9"

v name="PersonalTitle" viewMode="9"

v name="AvailabilityStatus"viewMode="9"

v name="StandardNotification"viewMode="9"

v name="EmergencyNotification"viewMode="9"


Table 6. XML files used for user management and for various support data attributes (continued)

Used forBusiness object:business component XML file name

Defaultview modeof businesscomponent

Default view modes ofMVBBusComoponets andPicklistBusComponents

User management Employee: Employee Employee.xml 5MVGBusComponent

v name="EmployeeOrganization"viewMode="9"

v

name="Responsibility"viewMode="9"

v name="Position"viewMode="9"

PicklistBusComponent

v name="Time Zone"viewMode="9"

v name="PersonalTitle" viewMode="9"

v name="AvailabilityStatus"viewMode="9"

v name="StandardNotification"viewMode="9"

v name="EmergencyNotification"viewMode="9"

Support data -Availability

List Of Values: ListOf Values

AvailStatusTypes.xml 9 (not used) Not applicable

Support data -Standard/EmergencyNotification


NotificationTypes.xml 9 (not used) Not applicable

Support data -Organization

Organizations:Organization

Organization.xml 9 Not applicable

Support data -Personal title(Mr./Mrs.)


PersonalTitle.xml 9 (not used) Not applicable

Support data -Position

Employee: Position Positions.xml 9 Not applicable

Support data -Responsibility

Employee:Responsibility

Responsibility.xml 9 Not applicable

Support data - TimeZone

Time Zone: TimeZone

TimeZone.xml 9 Not applicable

This table lists the integer values allowed in the definition of the businesscomponent for viewMode and their meaning:


Table 7. Values for business components in viewMode

Value View name Meaning

0 SalesRepView Users can access records owned by them or canaccess records whose team contains their position.

1 ManagerView Users can access records associated with theirown position and positions that report directly tothem.

2 PersonalView Users can access records with which their personrecords are associated.

3 AllView Users can access all records, except those with amissing or an invalid owner.

5 OrganizationView Users can access records that are associated witha single organization or with multipleorganizations to which their position is linked.

6 ContactView Users can access records that are associated witha single organization to which their position islinked.

7 GroupView Users can access categories of master data that areassociated with any of the access groups withwhich they are associated. Users are associatedwith an access group if during the currentsession, they are associated with a position,organization, account, household, or a user listthat is a member of the access group.

8 CatalogView Users can access a flat (uncategorized) list of datain all of the categories across catalogs to which allof the user’s access groups have access. Users areassociated with an access group if during thecurrent session, they are associated with aposition, organization, account, household, or auser list that is a member of the access group.

9 SubOrganizationView Users can access records associated with theiractive organization or a descendant organization.

You can edit the XML file and set the required view mode accordingly. TheviewMode is redundant in those XML files that have searchSpecificationAttributeor searchSpecificationValue specified for the business component. These XML filesare PersonalTitle.xml, NotificationTypes.xml, and AvailStatusTypes.xml. ButviewMode cannot be removed due to redundancy, because it is a required attributein the definition of BusinessComponent.

The following sample of the Responsibility.xml file specifies view mode as 9,SubOrganizationView for business component Responsibility:<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE BusinessObject SYSTEM "Validator.dtd"><BusinessObject name="Employee">

<BusinessComponent name = "Responsibility" viewMode = "9">

<Attribute name = "Name" isUnique = "true" isRequired = "true"> </Attribute><Attribute name = "Primary Organization Id"> </Attribute><Attribute name = "Description"> </Attribute></BusinessComponent></BusinessObject>


Removing the Responsibilities in LDAP attribute from theaccount form for database authentication

If the authentication type used by the Siebel server is database authentication, thenaccount form attribute Responsibilities in LDAP can be removed. It is not neededbecause all responsibilities are stored in a database for database authentication.

About this task

This attribute can be removed from the profile manually. It can also be removedfrom IBM Security Identity Manager by using form customization, after the SiebelJDB profile is imported to the IBM Security Identity Manager server.

Note: Even if this attribute is present, it is ignored by the adapter if theauthentication type is database authentication.

Procedure1. Log on to IBM Security Identity Manager with an account that has

administrative authority.2. Click Configure System.3. Click Design Forms.4. Double-click Account. A list of existing account class definitions is displayed.5. Double-click SiebelJDBAccount. Various account form tabs are displayed.

Attributes are displayed on each tab.6. Click $ertdisblaccesscontrol. The attributes for access control are displayed.7. Delete the attribute ertdisblldaprelresponsibilit.

a. Click ertdisblldaprelresponsibilit.b. Click Attribute.c. Click Delete Attribute. The ertdisblldaprelresponsibilit attribute is

removed from the list of attributes.8. Click Close.

Configuration properties of the dispatcherThe solution.properties file and the itim_listener.properties file contain theconfiguration properties for the Dispatcher.

To configure the dispatcher properties, follow the configuration instructionsincluded in the dispatcher download package.

Password management when restoring accountsWhen an account is restored from being previously suspended, you are promptedto supply a new password for the reinstated account.

However, in some cases you might not want to be prompted for a password.

The password requirement to restore an account falls into two categories: allowedand required.

Note: A password is required for the restore operation, if the authentication isLDAP authentication.


How each restore action interacts with its corresponding managed resourcedepends on either the managed resource, or the business processes that youimplement. Certain resources reject a password when a request is made to restorean account. In this case, you can configure IBM Security Identity Manager toforego the new password requirement. You can set the Siebel JDB Adapter torequire a new password when the account is restored, if your company has abusiness process in place that dictates that the account restoration process must beaccompanied by resetting the password.

In the service.def file, you can define whether a password is required as a newprotocol option. When you import the adapter profile, if an option is not specified,the adapter profile importer determines the correct restoration password behaviorfrom the schema.dsml file. Adapter profile components also enable remote servicesto determine if you discard a password that is entered by the user in a situationwhere multiple accounts on disparate resources are being restored. In thissituation, only some of the accounts being restored might require a password.Remote services discard the password from the restore action for those managedresources that do not require them.

Edit the service.def file to add the new protocol options, for example:<Property Name = "com.ibm.itim.remoteservices.ResourceProperties.

PASSWORD_NOT_REQUIRED_ON_RESTORE"<value>true</value></property><Property Name = "com.ibm.itim.remoteservices.ResourceProperties.

PASSWORD_NOT_ALLOWED_ON_RESTORE"<value>false</value></property>

By adding the two options in the example above, you are ensuring that you arenot prompted for a password when an account is restored.

Note: Before you set the property password_not_required_on_restore to true,ensure that the operating system supports restoring of an account without apassword.

Language pack installation for the Siebel JDB adapterThe adapters use a separate language package from the IBM Security IdentityManager.

See the IBM Security Identity Manager library and search for information aboutinstalling the adapter language pack.

Verifying that the Siebel JDB adapter is working correctlyAfter you install and configure the adapter, take steps to verify that the installationand configuration are correct.

Procedure1. Test the connection for the service that you created on IBM Security Identity

Manager.2. Run a full reconciliation from IBM Security Identity Manager.3. Run all supported operations such as add, modify, and delete on one user

account.4. Verify the ibmdi.log file after each operation to ensure that no errors are

reported.


5. Verify the IBM Security Identity Manager log file trace.log to ensure that noerrors are reported when you run an adapter operation.



Chapter 5. Troubleshooting of the adapter errors

Troubleshooting can help you determine why a product does not function properly.

These topics provide information and techniques for identifying and resolvingproblems with the adapter. It also provides information about troubleshootingerrors that might occur during the adapter installation.

Techniques for troubleshooting problemsTroubleshooting is a systematic approach to solving a problem. The goal oftroubleshooting is to determine why something does not work as expected andhow to resolve the problem. Certain common techniques can help with the task oftroubleshooting.

The first step in the troubleshooting process is to describe the problem completely.Problem descriptions help you and the IBM technical-support representative knowwhere to start to find the cause of the problem. This step includes asking yourselfbasic questions:v What are the symptoms of the problem?v Where does the problem occur?v When does the problem occur?v Under which conditions does the problem occur?v Can the problem be reproduced?

The answers to these questions typically lead to a good description of the problem,which can then lead you to a problem resolution.

What are the symptoms of the problem?

When starting to describe a problem, the most obvious question is “What is theproblem?” This question might seem straightforward; however, you can break itdown into several more-focused questions that create a more descriptive picture ofthe problem. These questions can include:v Who, or what, is reporting the problem?v What are the error codes and messages?v How does the system fail? For example, is it a loop, hang, crash, performance

degradation, or incorrect result?

Where does the problem occur?

Determining where the problem originates is not always easy, but it is one of themost important steps in resolving a problem. Many layers of technology can existbetween the reporting and failing components. Networks, disks, and drivers areonly a few of the components to consider when you are investigating problems.

The following questions help you to focus on where the problem occurs to isolatethe problem layer:v Is the problem specific to one platform or operating system, or is it common

across multiple platforms or operating systems?v Is the current environment and configuration supported?


v Do all users have the problem?v (For multi-site installations.) Do all sites have the problem?

If one layer reports the problem, the problem does not necessarily originate in thatlayer. Part of identifying where a problem originates is understanding theenvironment in which it exists. Take some time to completely describe the problemenvironment, including the operating system and version, all correspondingsoftware and versions, and hardware information. Confirm that you are runningwithin an environment that is a supported configuration; many problems can betraced back to incompatible levels of software that are not intended to run togetheror have not been fully tested together.

When does the problem occur?

Develop a detailed timeline of events leading up to a failure, especially for thosecases that are one-time occurrences. You can most easily develop a timeline byworking backward: Start at the time an error was reported (as precisely as possible,even down to the millisecond), and work backward through the available logs andinformation. Typically, you need to look only as far as the first suspicious eventthat you find in a diagnostic log.

To develop a detailed timeline of events, answer these questions:v Does the problem happen only at a certain time of day or night?v How often does the problem happen?v What sequence of events leads up to the time that the problem is reported?v Does the problem happen after an environment change, such as upgrading or

installing software or hardware?

Responding to these types of questions can give you a frame of reference in whichto investigate the problem.

Under which conditions does the problem occur?

Knowing which systems and applications are running at the time that a problemoccurs is an important part of troubleshooting. These questions about yourenvironment can help you to identify the root cause of the problem:v Does the problem always occur when the same task is being performed?v Does a certain sequence of events need to happen for the problem to occur?v Do any other applications fail at the same time?

Answering these types of questions can help you explain the environment inwhich the problem occurs and correlate any dependencies. Remember that justbecause multiple problems might have occurred around the same time, theproblems are not necessarily related.

Can the problem be reproduced?

From a troubleshooting standpoint, the ideal problem is one that can bereproduced. Typically, when a problem can be reproduced you have a larger set oftools or procedures at your disposal to help you investigate. Consequently,problems that you can reproduce are often easier to debug and solve.

However, problems that you can reproduce can have a disadvantage: If theproblem is of significant business impact, you do not want it to recur. If possible,


re-create the problem in a test or development environment, which typically offersyou more flexibility and control during your investigation.v Can the problem be re-created on a test system?v Are multiple users or applications encountering the same type of problem?v Can the problem be re-created by running a single command, a set of

commands, or a particular application?

For information about obtaining support, see Appendix D, “Support information,”on page 45.

Warning and error messagesA warning or error message might be displayed in the user interface to provideinformation about the adapter or when an error occurs.

A warning or error might be displayed in the user interface to provide informationthat the user needs to know about the adapter or when an error occurs. Table 8contains warnings or errors which might be displayed in the user interface whenthe Siebel JDB Adapter is installed on your system.

Table 8. Messages and actions

Message number Message Action

CTGIMT600E An error occurred while establishingcommunication with the TivoliDirectory Integrator server.

v Verify that the Tivoli Directory Integrator-BasedAdapter Service is running.

v Verify that the URL specified on the service form forTivoli Directory Integrator is correct.

CTGIMT001E The following error occurred.

Error: Error communicating withSiebel Server using Java Data Beans.Could not open a session in 4attempts. {1} (SBL-JCA-200) ORCode Page "UTF-8" is notsupported. Use "-encoding" optionto change the file encoding.(SBL-JCA-328)

v Verify that the Siebel server is running.

v Verify that the port specified in connect string can bereached from Tivoli Directory Integrator workstationand that no firewall or other security productprevents communication between them.

v Verify that the dispatcher JVM is not using the UTF-8code page (which is by default on Linux). The codepage for JVM can be changed using -Dfile.encodingoption.


Error: NoClassDefFoundError forclass:com.siebel.data.SiebelException

Ensure that Siebel.jar and SiebelJI_lang.jar files areplaced in the ITDI_HOME/jars/3rdparty/others directory.


Error: [JavaPackage com.ibm.di.utils. SiebelJDBAdapterUtils.Get[LDAP/JDBC]Connector] is nota function.

Ensure that the correct dispatcher is installed.


Error: SBL-SVR-00040: Internal:Informational, encrypted parameter.OR The following error occurred.Error: Siebel authentication error.

Verify that the Siebel Administrator name and passwordare correct.

Chapter 5. Troubleshooting of the adapter errors 29

Table 8. Messages and actions (continued)

Message number Message Action


Error: null

Verify that port number is specified in connect string.


Error: [error message]

Verify that the required parameter specified in the errormessage is given correctly.

CTGIMT003E The account already exists. The user has already been added to the resource. Thiserror might occur if you are attempting to add a user tothe managed resource and IBM Security IdentityManager is not synchronized with the resource. To fixthis problem, schedule a reconciliation between IBMSecurity Identity Manager and the resource. See theonline help for information about scheduling areconciliation.

For Siebel server using LDAP authentication this errormight occur if the Siebel user is not present but thecorresponding LDAP user exists.

CTGIMT015E An error occurred while deleting theusername account because theaccount does not exist.

This error might occur when you attempt to delete auser. This error might also occur if you attempt tochange the password for a user. To fix the problem,ensure that:

v The location specified for the managed resource iscorrect.

v The user was created on the resource.

v The user was not deleted from the resource.

v If the user does not exist on the resource, create theuser on the resource and then schedule areconciliation. See the online help for informationabout scheduling a reconciliation.

CTGIMT009E The account username cannot bemodified because it does not exist.

This error might occur when you attempt to modify auser. This error might also occur if you attempt tochange the password for a user. To fix the problem,ensure that:

v The location specified for the managed resource iscorrect.

v The user was created on the resource.

v The user was not deleted from the resource.

v If the user does not exist on the resource, create theuser on the resource and then schedule areconciliation. See the online help for informationabout scheduling a reconciliation.

CTGIMT211E The account was notadded/modified/deleted due to asystem error: An end of file errorhas occurred. Please continue or askyour systems administrator to checkyour application configuration if theproblem persists.(SBL-DAT-00393).

Verify that the Siebel.jar and SiebelJI_enu.jar files inITDI_HOME/jars/3rdparty/others directory are copiedfrom the same Siebel server being used to manage theusers.

CTGIMT222W The account is already suspended. This error might occur if you attempt to suspend anaccount that was already suspended.

CTGIMT224W The account is already restored. This error might occur if you attempt to restore anaccount that was already restored.


Chapter 6. Adapter upgrade

Upgrading the adapter involves tasks, such as upgrading the connector, dispatcherand the existing adapter profile.

To verify the required version of these adapter components, see the adapter releasenotes.

Connector upgradeThe new adapter package might require you to upgrade the connector.

Before you upgrade the connector, verify the version of the connector.v If the connector version mentioned in the release notes is later than the existing

version on your workstation, install the connector.v If the connector version mentioned in the release notes is the same or earlier

than the existing version, do not install the connector.

Dispatcher upgradeThe new adapter package might require you to upgrade the Dispatcher.

Before you upgrade the dispatcher, verify the version of the dispatcher.v If the dispatcher version mentioned in the release notes is later than the existing

version on your workstation, install the dispatcher.v If the dispatcher version mentioned in the release notes is the same or earlier

than the existing version, do not install the dispatcher.

Note: The dispatcher installer stops the dispatcher service before the upgrade andrestarts it after the upgrade is complete.

Upgrade of the existing adapter profileRead the adapter release notes for any specific instructions before importing a newadapter profile into IBM Security Identity Manager.

See “Importing the adapter profile into the IBM Security Identity Manager server”on page 9.

Note: Restart the dispatcher service after importing the profile. Restarting thedispatcher clears the assembly lines cache and ensures that the dispatcher runs theassembly lines from the updated adapter profile.



Chapter 7. Siebel JDB Adapter uninstallation

Before you uninstall the adapter, inform your users in advance that the adapter isunavailable.

If you take the server offline, completed adapter requests might not be recoveredwhen the server is back online.

Removing the adapter from the IBM Tivoli Directory Integrator serverUse this task to remove the connector file for the Siebel JDB Adapter.

Before you begin

Before you remove the adapter, inform your users that the Siebel JDB Adapter isgoing to be unavailable. If the server is taken offline, adapter requests that werecompleted might not be recovered when the server is back online.

About this task

Note: The Dispatcher is required for all IBM Tivoli Directory Integrator adapters. Ifyou uninstall the Dispatcher, none of the other installed adapters work. Touninstall the Dispatcher, see the Dispatcher Installation and Configuration Guide.

Procedure1. Stop the adapter service. See “Start, stop, and restart of the adapter service for

Siebel JDB Adapter” on page 8.2. Remove SiebelJDBConnector.jar from the ITDI_HOME\jars\connectors

directory.3. Remove the directory: ADAPTER_SOLDIR\SiebelCustomXMLs.

Removal of the adapter profile from the IBM Security Identity Managerserver

Before you remove the adapter profile, make sure that no objects exist on yourIBM Security Identity Manager server that reference the adapter profile.

Examples of objects on the IBM Security Identity Manager server that can referencethe adapter profile are:v Adapter service instancesv Policies referencing an adapter instance or the profilev Accounts

For specific information about removing the adapter profile, see the online help orthe IBM Security Identity Manager product documentation.



Chapter 8. Adapter reinstallation

There are no special considerations for reinstalling the adapter. You do not need toremove the adapter before reinstalling.

For more information, see Chapter 6, “Adapter upgrade,” on page 31.



Appendix A. Adapter attributes

The IBM Security Identity Manager server communicates with the Siebel JDBAdapter by using attributes that are included in transmission packets that are sentover a network.

This list describes the attributes used by the Siebel JDB Adapter account objectclass erTDISblJDBAccount and the corresponding counterparts in the User businesscomponent on Siebel.

Table 9. Attributes, descriptions, and corresponding Siebel attributes for erTDISblJDBAccount

Attribute name Description Required Siebel attribute

erUid User ID Yes Login Name

erPassword Password for theuser ID

No LDAP auth.: Passwordand Verify PasswordDB auth.:<In database>

erAccountStatus Status of theaccount(suspended/restored)

No LDAP auth.: <InLDAP> DB auth.: <Indatabase>

erTDISblIsEmployee Type of account(Employee/Contactuser)

No Employee Flag

erTDISblFirstName Given name Yes First Name

erTDISblLastName Surname Yes Last Name

erTDISblMiddleName Middle initial No Middle Name

erTDISblJobTitle Job title No Job Title

erTDISblAlias Alias No Alias

erTDISblTZone Time zone No Time Zone

erTDISblWorkPhone Work telephonenumber

No Phone #

erTDISblHomePhone Home telephonenumber

No Home Phone #

erTDISblFaxNo Fax number No Fax #

erTDISblEmail Email address No Email Addr

erTDISblEmpNo Employee number No EMP #

erTDISblCellPhone Cell telephonenumber

No Cell Phone #

erTDISblShortName Short name No Nick Name

erTDISblPagerNo Pager number No Pager Phone #

erTDISblPagerPin Pager PIN No Pager PIN

erTDISblEmergencyNtfy Emergencynotification

No Emergency Notification

erTDISblStndNotify Standardnotification

No Standard Notification

erTDISblAvail Availability No Availability Status


Table 9. Attributes, descriptions, and corresponding Siebel attributes forerTDISblJDBAccount (continued)

Attribute name Description Required Siebel attribute

erTDISblAvailUntil Overtimeavailability

No Availability Status Until

erTDISblRelPositions Positions No Position

erTDISblRelResponsibility Responsibilities No Responsibility

erTDISblPersonalTitle Name title(Mr./Mrs.)

No Personal Title

erTDISblBUnits Employeeorganizations

No Employee Organization

erTDISblPrimBUnit Primary employeeorganization

No Primary EmployeeOrganization

erTDISblPrimPosition Primary positionID

No Primary Position

erTDISblLDAPRelResponsibility Responsibilities inLDAP

No Responsibility in LDAP(Available for onlyLDAP authentication.)

erLastAccessDate Last Access Date No erLastAccessDate

This list describes the attributes used by the Siebel JDB Adapter responsibilitysupport DataObject class erTDISblResponsibility and the correspondingcounterparts in the Responsibility business component on Siebel.

Table 10. Attributes, descriptions, and corresponding Siebel attributes forerTDISblResponsibility

Object class attribute Description Required Siebel attribute

erTDISblRespName Name of theresponsibility

Yes Name

erTDISblRespDisplayName Display name on theIBM Security IdentityManager user interface

Yes Name + PrimaryOrganization ID +Description

erTDISblRespOrgName Responsibility nameand the primaryorganization ID itbelongs to

Yes Name + PrimaryOrganization ID

This list describes the attributes used by the Siebel JDB Adapter position supportDataObject class erTDISblPosition and the corresponding counterparts in thePosition business component on Siebel.

Table 11. Attributes, descriptions, and corresponding Siebel attributes for erTDISblPosition


erTDISblPostnId ID of position onresource

Yes Position ID

erTDISblPostnName Name of the position Yes Name + Division +Position ID + Description


This list describes the attribute used by the Siebel JDB Adapter time zone supportDataObject class erTDISblTZones and the corresponding counterpart in the TimeZone business component on Siebel.

Table 12. Attribute, description, and corresponding Siebel attribute for erTDISblTZones


erTDISblTZName Name of time zone Yes Name

This list describes the attribute used by the Siebel JDB Adapter personal titlesupport DataObject class erTDISblTitles and the corresponding counterpart in theList of Values business component on Siebel.

Table 13. Attribute, description, and corresponding Siebel attribute for erTDISblTitles


erTDISblTitle Name of title onresource

Yes Value

This list describes the attribute used by the Siebel JDB Adapter notification typesupport DataObject class erTDISblEmpNotify and the corresponding counterpart inthe List of Values business component on Siebel.

Table 14. Attribute, description, and corresponding Siebel attribute for erTDISblEmpNotify


erTDISblNotifyType Type of employeenotification

Yes Value

This list describes the attribute used by the Siebel JDB Adapter availability typesupport DataObject class erTDISblEmpAvail and the corresponding counterpart inthe List of Values business component on Siebel.

Table 15. Attribute, description, and corresponding Siebel attribute for erTDISblEmpAvail


erTDISblAvailType Type of employeeavailability

Yes Value

This list describes the attributes used by the Siebel JDB Adapter employeeorganization support DataObject class erTDISblBU and the correspondingcounterparts in the Organization business component on Siebel.

Table 16. Attributes, descriptions, and corresponding Siebel attributes for erTDISblBU


erTDISblBUnit Name of organization Yes Name

erTDISblBUnitId ID of organization Yes Organization ID

Appendix A. Adapter attributes 39


Appendix B. Custom XML details

The Siebel JDB connector uses custom XML files to specify objects, components,and attributes for the set and get operations.

The following example is a sample of the Custom XML file used by the Siebel JDBconnector. It specifies the business object, business component, and attributes thatthe connector sets or gets.<!-Start of file-><?xml version="1.0" encoding="UTF-8"?><!DOCTYPE BusinessObject SYSTEM "Validator.dtd"><BusinessObject name="User List"><BusinessComponent name = "User" viewMode = "9" ><Attribute name = "Employee Flag"> </Attribute><Attribute name = "Login Name" isUnique = "true" forceCase = "Upper"

isRequired = "true"></Attribute><Attribute name = "Password"> </Attribute><Attribute name = "Verify Password"> </Attribute><Attribute name = "Last Name" isRequired = "true"></Attribute><Attribute name = "First Name" isRequired = "true"></Attribute><Attribute name = "Middle Name"></Attribute><Attribute name = "Job Title"></Attribute><Attribute name = "Alias"></Attribute>

<PicklistBusComponent name="Time Zone"><Attribute name = "Name" isUnique = "true"

isRequired = "true"></Attribute></PicklistBusComponent>

<MVGBusComponent name="Responsibility"><Attribute name = "Name" isUnique = "true" isRequired = "true"></Attribute><Attribute name = "Primary Organization Id" isUnique = "true"

isRequired = "true"> </Attribute></MVGBusComponent></BusinessComponent></BusinessObject><!-End of file->

Supported attributes for the custom XML fileYou can use attributes to customize the XML files that define the set and getoperations for the Siebel JDB connector.

Table 17. Attribute information for the custom XML file

Node type Attribute Description Req

BusinessObject Name Name of the business object Yes


Table 17. Attribute information for the custom XML file (continued)

Node type Attribute Description Req

BusinessComponent Name Name of the businesscomponent

Yes

searchSpecificationAttribute Name of the searchspecification attribute thatspecifies the value to bematched insearchSpecificationValue.Only records that satisfy thiscondition are retrieved.

No

searchSpecificationValue searchSpecificationAttributevalue

No

viewMode View mode to search recordsPossible values and theirmeaning are:

0 - SalesRepView1 - ManagerView2 - PersonalView3 - AllView5 - OrganizationView6 - ContactView7 - GroupView8 - CatalogView9 - SubOrganizationView

Yes

MVGBusComponent Name Name of the MVG BusinessComponent

Yes

viewMode View mode to search records Yes

PicklistBusComponent Name Name of the PicklistBusiness Component

Yes

viewMode View mode to search records Yes

Attribute Name Name of the Attribute Yes

isUnique Specifies whether theattribute value is unique inthe business component.Allowed values are: true |false | TRUE | FALSE

No

isRequired Specifies whether theattribute value is requiredfor adding the businesscomponent. Allowed valuesare: true | false | TRUE |FALSE

No

forceCase Specifies whether theattribute value needs to beforced to a particular case.Allowed values are: upper |lower | Upper | Lower |UPPER | LOWER

No


Appendix C. Definitions for ITDI_HOME and ISIM_HOMEdirectories

ITDI_HOME is the directory where Tivoli Directory Integrator is installed.ISIM_HOME is the directory where IBM Security Identity Manager is installed.

ITDI_HOMEThis directory contains the jars/connectors subdirectory that contains filesfor the adapters.

Windowsdrive\Program Files\IBM\TDI\ITDI_VERSION

For example the path for version 7.1:C:\Program Files\IBM\TDI\V7.1

UNIX/opt/IBM/TDI/ITDI_VERSION

For example the path for version 7.1:/opt/IBM/TDI/V7.1

ISIM_HOMEThis directory is the base directory that contains the IBM Security IdentityManager code, configuration, and documentation.

Windowspath\IBM\isim

UNIXpath/IBM/isim



Appendix D. Support information

You have several options to obtain support for IBM products.v “Searching knowledge bases”v “Obtaining a product fix” on page 46v “Contacting IBM Support” on page 46

Searching knowledge basesYou can often find solutions to problems by searching IBM knowledge bases. Youcan optimize your results by using available resources, support tools, and searchmethods.

About this task

You can find useful information by searching the product documentation for IBMSecurity Identity Manager. However, sometimes you must look beyond the productdocumentation to answer your questions or resolve problems.

Procedure

To search knowledge bases for information that you need, use one or more of thefollowing approaches:1. Search for content by using the IBM Support Assistant (ISA).

ISA is a no-charge software serviceability workbench that helps you answerquestions and resolve problems with IBM software products. You can findinstructions for downloading and installing ISA on the ISA website.

2. Find the content that you need by using the IBM Support Portal.The IBM Support Portal is a unified, centralized view of all technical supporttools and information for all IBM systems, software, and services. The IBMSupport Portal lets you access the IBM electronic support portfolio from oneplace. You can tailor the pages to focus on the information and resources thatyou need for problem prevention and faster problem resolution. Familiarizeyourself with the IBM Support Portal by viewing the demo videos(https://www.ibm.com/blogs/SPNA/entry/the_ibm_support_portal_videos)about this tool. These videos introduce you to the IBM Support Portal, exploretroubleshooting and other resources, and demonstrate how you can tailor thepage by moving, adding, and deleting portlets.

3. Search for content about IBM Security Identity Manager by using one of thefollowing additional technical resources:v IBM Security Identity Manager version 6.0 technotes and APARs (problem

reports).v IBM Security Identity Manager Support website.v IBM Redbooks®.v IBM support communities (forums and newsgroups).

4. Search for content by using the IBM masthead search. You can use the IBMmasthead search by typing your search string into the Search field at the top ofany ibm.com® page.

5. Search for content by using any external search engine, such as Google, Yahoo,or Bing. If you use an external search engine, your results are more likely to


http://www.ibm.com/software/support/isa/

http://www.ibm.com/support/entry/portal/overview/software/tivoli/tivoli_identity_manager

https://www.ibm.com/blogs/SPNA/entry/the_ibm_support_portal_videos

http://www.ibm.com/support/search.wss?rs=644&apar=include&tc=SSTFWV&dc=DB520+D800+D900+DA900+DA800+DB550+D100&dtm&atrn=SWVersion&atrv=5.1

http://www.ibm.com/support/search.wss?rs=644&apar=include&tc=SSTFWV&dc=DB520+D800+D900+DA900+DA800+DB550+D100&dtm&atrn=SWVersion&atrv=5.1

http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliIdentityManager.html

http://publib-b.boulder.ibm.com/Redbooks.nsf/portals/Tivoli

http://www.ibm.com/software/sysmgmt/products/support/Tivoli_Communities.html

include information that is outside the ibm.com domain. However, sometimesyou can find useful problem-solving information about IBM products innewsgroups, forums, and blogs that are not on ibm.com.

Tip: Include “IBM” and the name of the product in your search if you arelooking for information about an IBM product.

Obtaining a product fixA product fix might be available to resolve your problem.

About this task

You can get fixes by following these steps:

Procedure1. Obtain the tools that are required to get the fix. You can obtain product fixes

from the Fix Central Site. See http://www.ibm.com/support/fixcentral/.2. Determine which fix you need.3. Download the fix. Open the download document and follow the link in the

“Download package” section.4. Apply the fix. Follow the instructions in the “Installation Instructions” section

of the download document.

Contacting IBM SupportIBM Support assists you with product defects, answers FAQs, and helps usersresolve problems with the product.

Before you begin

After trying to find your answer or solution by using other self-help options suchas technotes, you can contact IBM Support. Before contacting IBM Support, yourcompany or organization must have an active IBM software subscription andsupport contract, and you must be authorized to submit problems to IBM. Forinformation about the types of available support, see the Support portfolio topic inthe “Software Support Handbook”.

Procedure

To contact IBM Support about a problem:1. Define the problem, gather background information, and determine the severity

of the problem. For more information, see the Getting IBM support topic in theSoftware Support Handbook.

2. Gather diagnostic information.3. Submit the problem to IBM Support in one of the following ways:

v Using IBM Support Assistant (ISA):Any data that has been collected can be attached to the service request.Using ISA in this way can expedite the analysis and reduce the time toresolution.a. Download and install the ISA tool from the ISA website. See

http://www.ibm.com/software/support/isa/.b. Open ISA.


http://www.ibm.com/support/fixcentral/

http://www14.software.ibm.com/webapp/set2/sas/f/handbook/offerings.html

http://www14.software.ibm.com/webapp/set2/sas/f/handbook/getsupport.html

http://www.ibm.com/software/support/isa/

c. Click Collection and Send Data.d. Click the Service Requests tab.e. Click Open a New Service Request.

v Online through the IBM Support Portal: You can open, update, and view allof your service requests from the Service Request portlet on the ServiceRequest page.

v By telephone for critical, system down, or severity 1 issues: For the telephonenumber to call in your region, see the Directory of worldwide contacts webpage.

Results

If the problem that you submit is for a software defect or for missing or inaccuratedocumentation, IBM Support creates an Authorized Program Analysis Report(APAR). The APAR describes the problem in detail. Whenever possible, IBMSupport provides a workaround that you can implement until the APAR isresolved and a fix is delivered. IBM publishes resolved APARs on the IBM Supportwebsite daily, so that other users who experience the same problem can benefitfrom the same resolution.

Appendix D. Support information 47

http://www.ibm.com/software/support/

http://www.ibm.com/planetwide/


Appendix E. Accessibility features for IBM Security IdentityManager

Accessibility features help users who have a disability, such as restricted mobilityor limited vision, to use information technology products successfully.

Accessibility features

The following list includes the major accessibility features in IBM Security IdentityManager.v Support for the Freedom Scientific JAWS screen reader applicationv Keyboard-only operationv Interfaces that are commonly used by screen readersv Keys that are discernible by touch but do not activate just by touching themv Industry-standard devices for ports and connectorsv The attachment of alternative input and output devices

The IBM Security Identity Manager library, and its related publications, areaccessible.

Keyboard navigation

This product uses standard Microsoft Windows navigation keys.

Related accessibility information

The following keyboard navigation and accessibility features are available in theform designer:v You can use the tab keys and arrow keys to move between the user interface

controls.v You can use the Home, End, Page Up, and Page Down keys for more

navigation.v You can launch any applet, such as the form designer applet, in a separate

window to enable the Alt+Tab keystroke to toggle between that applet and theweb interface, and also to use more screen workspace. To launch the window,click Launch as a separate window.

v You can change the appearance of applets such as the form designer by usingthemes, which provide high contrast color schemes that help users with visionimpairments to differentiate between controls.

IBM and accessibility

See the IBM Human Ability and Accessibility Center For more information aboutthe commitment that IBM has to accessibility.


http://www.ibm.com/able


Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document inother countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right maybe used instead. However, it is the user's responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not give youany license to these patents. You can send license inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785 U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBMIntellectual Property Department in your country or send inquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan, Ltd.19-21, Nihonbashi-Hakozakicho, Chuo-kuTokyo 103-8510, Japan

The following paragraph does not apply to the United Kingdom or any othercountry where such provisions are inconsistent with local law :

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE.

Some states do not allow disclaimer of express or implied warranties in certaintransactions, therefore, this statement might not apply to you.

This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM Web sites are provided forconvenience only and do not in any manner serve as an endorsement of those Websites. The materials at those Web sites are not part of the materials for this IBMproduct and use of those Web sites is at your own risk.


IBM may use or distribute any of the information you supply in any way itbelieves appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged, should contact:

IBM Corporation2Z4A/10111400 Burnet RoadAustin, TX 78758 U.S.A.

Such information may be available, subject to appropriate terms and conditions,including in some cases payment of a fee.

The licensed program described in this document and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement or any equivalent agreementbetween us.

Any performance data contained herein was determined in a controlledenvironment. Therefore, the results obtained in other operating environments mayvary significantly. Some measurements may have been made on development-levelsystems and there is no guarantee that these measurements will be the same ongenerally available systems. Furthermore, some measurement may have beenestimated through extrapolation. Actual results may vary. Users of this documentshould verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers ofthose products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy ofperformance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.

All statements regarding IBM's future direction or intent are subject to change orwithdrawal without notice, and represent goals and objectives only.

This information contains examples of data and reports used in daily businessoperations. To illustrate them as completely as possible, the examples include thenames of individuals, companies, brands, and products. All of these names arefictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, whichillustrate programming techniques on various operating platforms. You may copy,modify, and distribute these sample programs in any form without payment toIBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operatingplatform for which the sample programs are written. These examples have notbeen thoroughly tested under all conditions. IBM, therefore, cannot guarantee orimply reliability, serviceability, or function of these programs. You may copy,modify, and distribute these sample programs in any form without payment to


IBM for the purposes of developing, using, marketing, or distributing applicationprograms conforming to IBM's application programming interfaces.

Each copy or any portion of these sample programs or any derivative work, mustinclude a copyright notice as follows:

If you are viewing this information softcopy, the photographs and colorillustrations might not appear.

© (your company name) (year). Portions of this code are derived from IBM Corp.Sample Programs. © Copyright IBM Corp. _enter the year or years_. All rightsreserved.

If you are viewing this information in softcopy form, the photographs and colorillustrations might not be displayed.

Trademarks

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks ofInternational Business Machines Corp., registered in many jurisdictions worldwide.Other product and service names might be trademarks of IBM or other companies.A current list of IBM trademarks is available on the Web at "Copyright andtrademark information" at http://www.ibm.com/legal/copytrade.shtml.

Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registeredtrademarks or trademarks of Adobe Systems Incorporated in the United States,other countries, or both.

IT Infrastructure Library is a registered trademark of the Central Computer andTelecommunications Agency which is now part of the Office of GovernmentCommerce.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo,Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks orregistered trademarks of Intel Corporation or its subsidiaries in the United Statesand other countries.

Linux is a trademark of Linus Torvalds in the United States, other countries, orboth.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks ofMicrosoft Corporation in the United States, other countries, or both.

ITIL is a registered trademark, and a registered community trademark of the Officeof Government Commerce, and is registered in the U.S. Patent and TrademarkOffice.

UNIX is a registered trademark of The Open Group in the United States and othercountries.

Cell Broadband Engine and Cell/B.E. are trademarks of Sony ComputerEntertainment, Inc., in the United States, other countries, or both and is used underlicense therefrom.

Notices 53

http://www.ibm.com/legal/copytrade.shtml

Java™ and all Java-based trademarks and logos are trademarks or registeredtrademarks of Oracle and/or its affiliates.

Privacy Policy Considerations

IBM Software products, including software as a service solutions, ("SoftwareOfferings") may use cookies or other technologies to collect product usageinformation, to help improve the end user experience, and to tailor interactionswith the end user or for other purposes. In many cases, no personally identifiableinformation is collected by the Software Offerings. Some of our Software Offeringscan help enable you to collect personally identifiable information. If this SoftwareOffering uses cookies to collect personally identifiable information, specificinformation about this offering’s use of cookies is set forth below.

This Software Offering does not use cookies or other technologies to collectpersonally identifiable information.

If the configurations deployed for this Software Offering provide you as customerthe ability to collect personally identifiable information from end users via cookiesand other technologies, you should seek your own legal advice about any lawsapplicable to such data collection, including any requirements for notice andconsent.

For more information about the use of various technologies, including cookies, forthese purposes, see IBM's Privacy Policy at http://www.ibm.com/privacy andIBM’s Online Privacy Statement at http://www.ibm.com/privacy/details/us/ensections entitled "Cookies, Web Beacons and Other Technologies and SoftwareProducts and Software-as-a Service".


http://www.ibm.com/privacy

http://www.ibm.com/privacy/details/us/en

Index

Aaccessibility x, 49account form 23adapter

attributes 37configuration 17features 1installation

Dispatcher requirement 7troubleshooting errors 27verifying 8, 24warnings 27worksheet 5

installing 7overview 1prerequisites 4profile

customization 17removal 33upgrade 31verifying 10

reinstallation 35removing 33requirements 4supported configurations 2uninstallation 33upgrade 31

attribute information 41attributes 37authentication

LDAP password attribute 18mechanism, Siebel resource 10

Bbusiness component

configuring view mode 19details, viewing 20view mode 19

Cconfigurations

Dispatcher properties 23configuring

adapter 17view mode for business

components 19connector, upgrading 31creating services 10custom XML file 41customizing the profile 17

Ddatabase authentication, removing LDAP

profiles 23dispatcher

architecture 1

dispatcher (continued)installation, verifying 7upgrading 31

Dispatcherconfiguration properties 23

download, software 5

Eeducation xerror messages 29

IIBM

Software Support xSupport Assistant x

IBM Support Assistant 46importing the adapter profile 9installation

adapter 7adapter profile 9first steps 17language pack 24roadmap 3verification

adapter 24verify 8verify dispatcher 7worksheet 5

ISA 46ISIM_HOME definition 43ITDI_HOME definition 43

Kknowledge bases 45

Llanguage pack

installation 24same for adapters and server 24

LDAP password for authentication 18

Mmessages

error 29warning 29

MS-DOS ASCII characters 19

Nnotices 51

Oonline

publications ixterminology ix

operating system prerequisites 4overview 1

Ppreinstallation roadmap 3preparation 3prerequisites, adapter 4problem-determination xprofile

editing on UNIX or Linux 19removal 33

profile, customization 17properties

configuring the Dispatcher 23publications

accessing online ixlist of ix

Rrequirements, adapter 4restoring accounts, password

requirements 23roadmaps

installation 3preinstallation 3steps 3

Sservice

restart 9start 9stop 9

service, creating 10software

download 5website 5

software requirements 4support contact information 46supported configurations

adapter 2overview 2

Tterminology ixtivoli directory integrator connector 1training xtroubleshooting

contacting support 46error messages 29getting fixes 46identifying problems 27


troubleshooting (continued)searching knowledge bases 45support website xtechniques for 27troubleshooting techniques 27warning messages 29

Uuninstallation

adapter 33advance notice to users 33

upgradingconnector 31dispatcher 31

Vverification

installation 24operating system

prerequisites 4requirements 4

softwareprerequisites 4requirements 4

vi command 19view mode 19, 20

Wwarning messages 29

XXML file 20XML files

customized 41


��

Printed in USA

SC27-4417-02

Documents

Siebel JDBAdapter Installation and Configuration Guide · PDF fileIBM Security Identity Manager Version 6.0 Siebel JDBAdapter Installation and Configuration Guide SC27-4417-02