Retiree Data Flow Diagram
1
OID Attribute Flow This Data is stored in OID and synced via the DIP Servers OVD Common/Retrievable Attributes OID Attribute LDAP Attribute Attribute Notes LDAP User Storage Load Balancer (Oracle Virtual Directory) VIP: 0.0.0.0 sub.domain.com HCM DB Active Directory Provision User Data Identity Provisioning System Provisions users from HCM into Active Directory Get Data Synchronization Profile User: _svcaccount Source Container: ou=users,dc=companyA,dc=com Push data Retrieve or Update Data dc description orclSamAccountName domain Groupofuniquen ames orcladgroup uniquemember Groupofuniquen ames owner Groupofuniquen ames displayname orclgr oup Object Class departmentnumber inetorgperson mobile inetorgperson telephonenumber inetorgperson facsimiletelephonenumber inetorgperson ou organizationalu nit cn per son orclsourceobjectdn orcladobject sn per son employeenumber inetorgperson title organizationalp erson givenname inetorgperson uid inetorgperson mail inetorgperson category inetorgperson OID Data Provisioning name inetorgperson cn dnQualifier manager pwdchangedtime orclnormdn sn name title givenname uid mail category Within the Portal, the crawler uses the following ldp filter to crawl in any eligible retiree: (&(|(category=Retiree1)(destinationIndicator=RetireeOU))(cn=*)) destinationindicator Connects to LB The Portal uses this field as the “User Name Attribute”, “User Authentication Attribute”, “User Unique Name Attribute”, & “Group Name Attribute” objectclass createtimestamp HomeEmployeeID modifytimestamp employeeNumber The Login Page uses this as the user’s Alias to authenticate into the portal The Portal feeds this value through the “Profile Source” crawler. This is required to be present in the portal in order for the user to interact with portlet content. This value will tell you the last time the user changed the password Non Synced Non Synced Non Synced Non Synced Non Synced Non Synced Provisions users with Status of (T or R) as enabled if they have a valid Retiree Code value from HCM. Will show up in the downstream field called “Category” users users Author: M.REAMS Prints 8 ½” x 17" userPassword Non Synced Retiree login uses this to store user’s password pwdaccountlockedtime Non Synced This field will tell you when a user’s account was locked out Virtual Server 2 0.0.0.0 Virtual Server 1 0.0.0.0 Cluster LDAP Web Service Connects to LB Identity Services Portal Crawler Help Desk Admins DIP Servers (OID Sync Tool) Virtual Server 2 0.0.0.0 Virtual Server 1 0.0.0.0 Load Balancer (Oracle Internet Directory) VIP: 0.0.0.0 sub.domain.com Virtual Server 2 0.0.0.0 Virtual Server 1 0.0.0.0 Cluster users
-
Upload
mike-reams -
Category
Technology
-
view
155 -
download
0
Transcript of Retiree Data Flow Diagram
OID Attribute FlowThis Data is stored in OID and synced
via the DIP Servers
OVD
Common/Retrievable
Attributes
OID Attribute
LDAP Attribute
Attribute Notes
LDAP User Storage
Load Balancer
(Oracle Virtual Directory)
VIP: 0.0.0.0
sub.domain.com
HCM DB
Active Directory
Provision User Data
Identity Provisioning System
Provisions users
from HCM into Active Directory
Get Data
Synchronization ProfileUser: _svcaccountSource Container:
ou=users,dc=companyA,dc=com
Push data
Retrieve or Update Data
dc
description
orclSamAccountName
domain
Groupofuniquenames
orcladgroup
uniquememberGroupofuniquen
ames
ownerGroupofuniquen
ames
displaynameorclgroup
ObjectClass
departmentnumberinetorgperson
mobileinetorgperson
telephonenumberinetorgperson
facsimiletelephonenumberinetorgperson
ouorganizationalu
nit
cnperson
orclsourceobjectdnorcladobject
snperson
employeenumberinetorgperson
titleorganizationalp
erson
givennameinetorgperson
uidinetorgperson
mailinetorgperson
categoryinetorgperson
OID Data Provisioning
nameinetorgperson
cn
dnQualifier
manager
pwdchangedtime
orclnormdn
sn
name
title
givenname
uid
categoryWithin the Portal, the crawler uses the following ldp filter to crawl in any eligible retiree:(&(|(category=Retiree1)(destinationIndicator=RetireeOU))(cn=*))
destinationindicator
Connects to LB
The Portal uses this field as the “User Name Attribute”, “User Authentication Attribute”, “User Unique Name Attribute”, & “Group Name Attribute”
objectclass
createtimestamp
HomeEmployeeID
modifytimestamp
employeeNumber
The Login Page uses this as the user’s Alias to authenticate into the portal
The Portal feeds this value through the “Profile Source” crawler. This is required to be present in the portal in order for the user to interact with portlet content.
This value will tell you the last time the user changed the password
Non Synced
Non Synced
Non Synced
Non Synced
Non Synced
Non Synced
Provisions users with Status of (T or R) as enabled if
they have a valid Retiree Code value from HCM. Will
show up in the downstream field called “Category”
users
users
Author: M.REAMSPrints 8 ½” x 17"
userPasswordNon Synced
Retiree login uses this to store user’s password
pwdaccountlockedtimeNon Synced This field will tell you when a user’s account was locked out
Virtual Server 2
0.0.0.0
Virtual Server 1
0.0.0.0
Cluster
LDAP Web Service
Connects to LBIdentity
Services
Portal CrawlerHelp Desk
Admins
DIP Servers (OID Sync Tool)
Virtual Server 2
0.0.0.0
Virtual Server 1
0.0.0.0
Load Balancer
(Oracle Internet Directory)
VIP: 0.0.0.0
sub.domain.com
Virtual Server 2
0.0.0.0
Virtual Server 1
0.0.0.0
Cluster
users
