Reconciling with custom scripts

You can run reconciliation with either the reconciliation script bundled with the adapter or your own customized reconciliation script that is optimized for your setup.

Before you begin

Ensure that these conditions are true:
  • The customized reconciliation script name is user definable, and must be present in the timsol folder.
  • You must have executable permission on reconciliation script. You must have similar permissions on the specified folder as on the /tmp folder.
  • The reconciliation script and folder cannot contain double quotation marks or spaces.
  • The names of the reconciliation script and folder must follow the naming conventions of the operating system.

About this task

To use this feature, select the Use recon script from this folder on managed resource attribute on the service form. The adapter uses the reconciliation script present at that location. If this option is not selected, then the standard reconciliation script that is bundled with the adapter is used.
Note:
  1. If a value for both Location of temporary files on resource and Use recon script from this folder on managed resource are selected, then Use recon script from this folder on managed resource is used.
  2. If a folder is specified on the managed resource without a script file name, the adapter looks for the standard reconciliation script name. The script name is based on the operating system type in the specified folder. On an AIX® operating system, if the file path given for this attribute is /reconfolder, the adapter looks for the /reconfolder/AixPConnRes.sh file.

Procedure

  1. Edit the profile JAR file.
    1. Log in to the system where the UNIX and Linux Adapter is installed.
    2. Copy the JAR file into a temporary directory.
    3. Extract the contents of the JAR file into the temporary directory. Run the following command. The following example applies to the Linux adapter profile.
    4. Type the name of the JAR file for your operating system. 
      #cd /tmp
#jar -xvf PosixLinuxProfile.jar

      The jar command extracts the files into the PosixLinuxProfile directory.

    5. Edit the Service.xml file for your respective profile. For example, erPosixLinuxRMIService.xml in the case of the Linux adapter.
    6. Add the attribute erPosixReconScriptLocation on the Service form for your respective profile. 
      <formElement direction="inherit" label="$erposixreconscriptlocation" name="data.erposixreconscriptlocation">
                    <input type="text" name="data.erposixreconscriptlocation"/>
                </formElement>
    7. Save the changes.
  2. Import the file.
    1. Create a JAR file by using the files in the /tmp directory Run the following command: 
      #cd /tmp
#jar -cvf PosixLinuxProfile.jar PosixLinuxProfile
    2. Import the JAR file into the IBM® Security Identity Governance and Intelligence server.
    3. Stop and start the IBM Security Identity server.
    4. Restart the adapter service.
  3. Once the steps above are performed, erPosixReconScriptLocation attribute is visible on the service form.