Wednesday, November 22, 2006

Using TDI to feed ITIM

The document included with ITIM 4.6 and TDI 6.1 on using an HR Feed to ITIM using the JNDI connector works pretty well. You should find this in the ITIM_HOME/extensions/examples/idi_integration directory as well as your TDI_HOME/examples/idi_integration directory. Make sure you go through the entire document. I figured I was done after being half way through it and the TDI assembly line never worked.

It's important to have the jndiSearchBase as part of the $dn for the users being imported into TIM. I really didn't get this as first, but essentially the users are being added to a virtual container in TIM, then TIM uses the placement rule to determine where in the tree to put the users. If there is no placement rule then they will be added to the root of your org tree. This virtual container is referred to as the Naming Context in the IDI Feed Service you create in ITIM.
You will set this exact value in the JNDI connector -> Search Base parameter. So you then need to get this added to the $dn for the users being imported. The document describes doing this in the feed:

So in my case UpdateITIM is my JNDI connector and jndiSearchBase is the parameter that contained dc=HRLoad. I suppose I could have just hard coded this as well, but it's probably going to get more complicated later anyhow since I may have to create multiple IDI Feed Services for the many identity sources we will be using. Depending on how we actually lay out the org tree and how complex placement rules would need to be we may find the need to use more that one JNDI connector and multiple corresponding IDI Feed Services.

Then again, I haven't started playing around with the ITIM reconciliation stuff yet.


Anonymous said...


I am trying to connect Oracle to TIM through TDI. I have created one feed using JDBC connector to fetch data from oracle and one flow using JNDI Connector to pull data to TIM. But i am getting an "Invalid credentials error" bcoz of Naming parameter in field in JNDI connector. I am getting confused in $dn value, Naming parameter and serch base in IDI dervice.

Its pretty urgent. Any help would be appriciated.

Szaky said...

Hi anonymous,
You need to set the parameters both in ITIM and TDI, to allow them to communicate. Like this:

JNDI Login username must be equal to ITIM service's username

JNDI Login password must be equal to ITIM service's password

JNDI Search Base must be equal to ITIM service's Naming context

JNDI Authentication Method should be: Simple.

JNDI provider url should be:
http://<your server name>:9080/enrole/dsml2_event_handler

In TDI on the Output Map tab You must provide a $dn attribute, with the value <unique something>, <naming context>, for example:
ret.value="empNo=" + work.getString("empNo")+ "," + ITIM_Connector.getConnectorParam("jndiSearchBase");
where ITIM_Connector is the (ITIM) connector's name.

It should work fine.