Using ITDI with ITIM
The following information will aim to identify references of interest involving ITDI in conjunction with or
in support of IBM Tivoli Identity Manager.
Using ITDI to provide HR Identify Feeds
Your first port of call should always be the information and examples provided with the product and Redbooks.
- Using a web browser open the following file on your ITIM server %ITIM-HOME%/extensions/examples/idi_integration/Readme.html. This document provides information and examples of how to create your own HR feed using ITDI.
Tip
- Consider creating a custom Person objectclass to be used in place of the standard ITIM Person objectclass. This will allow you greater flexibility to create a Person objectclass that better reflects your companies requirements. It will also make adding future attribute changes much easier.
Tivoli provide many ITIM adapters for operating systems and applications. Where no adapter exists the ITIM Adapter Development Tool (ADT)
provides a development environment. ITDI plays a part in the creation of new adapters and the ADT will create the basic adapter frame work and stubbed assembly lines. You just need to add the logic to make the assembly lines run.
Sample ITDI Assembly lines for use with ITIM
ITDI is a great tool to create simple tools to aid and supplement ITIM administration task. ITIM has both LDAP and database data stores containing lots of useful data and ITDI has connectors for these resources ready for you to use now. For example why not query simple things like orphan accounts direct from the LDAP data store and get real time information not the stale data provided by the ITIM built in reporting tools which requires a time consuming data syncronization to move the data from LDAP to DB2 database tables.
- Example assembly line which uses a series of lookups to query the ITIM LDAP for orphan accounts ITIMorphanAcc.xml (right click and use 'Save as').
- Assembly line to identify dis-allowed accounts. This example uses a JDBC connector to query the ITIM DB2 database for the information. This would work equally well if the LDAP was queried like the above example. However it provides a good JDBC example in its current form. ITIMdisallowedAcc.xml (right click and use 'Save as').
- This example queries the ITIM DB2 database for reconciliation failures within the last 24 hour period. It then goes on to identify the service and service owner. An email notification is sent to the service owner using the contact information retrieved from the ITIM data store. ReconFailuresNotify.xml
ITIM Web Sites
--
AndyParker - 10 Feb 2009