Active Directory Connector Questions in 11.1.2.1

Hello All.  I am new to this version of IDM and I am trying to get through the setup and config.  I just installed a single instance of 11.1.2.1 with OUD, OAM, OIM.  I installed the Active Directory connector for User Management and I believe I have it configured. 
I followed the post at Weblogic Corner: Oracle Identity Manager: The Active Directory Connector Tutorial and got a lot of questions answered with that.  First, note that I was able to follow the guide and run the lookup recon jobs as well as the user and group recon in trusted mode, then target mode to create all of the users and groups.  I am also able to create a user in OIM, add an account and have that provisioned to AD. 
Here are my questions if you would be so kind:
1) When I create a user in AD and I run the user recon(target), the event says "No User Match Found".  I was kind of expecting it to create a new user for me.  I was also expecting to schedule the recon job in target mode and not have to ever switch back to trusted mode after the first full sync.  What did I miss here?
2) When I add an account to the user in OIM, the AD User form comes up with all the fields empty.  Is that the way it should work?  I was hoping that it would prepopulate some of the stuff from the OIM profile.
3) When I modify a field in OIM, say middle name, will that sync in the next recon run, or will the admin need to open the account, update the AD form also and submit the middle name in two places?
Thanks in advance!

1. Identity gets created in Oracle Identity Manager from an authoritative source. in case of target recon, it will just sync with the matched account in oim.
please have a look in the below link seccion 12.1.12
Managing Reconciliation - 11g Release 2 (11.1.2)
2.u can very well prepopulate filed in the process definition, even u can automate the provisioning process using  role based when provissioning process.
3.there should be some tasks available for each field. no need run the recon task or modify the account in AD. it will be updated in AD using the tasks. check the connector process definition.

Similar Messages

  • Active Directory Connector 9.1.1.7 for OIM 11.1.1.5.0

    Hi everyone,
    Do you know where I can download Active Directory Connector 9.1.1.7 on oracle website ? Cause everytime I do a search the only link I have is for downloading the most recent version (11.1.1.5.0).
    Thanks a lot !
    Thibault

    For future generations, the connector can be found at :
    http://download.oracle.com/otn/nt/ias/connectors/910/MSFT_AD_Base_9.1.1.7.0.zip

  • OIM 11.1.1.3 - Active Directory ADGroup question

    All,
    I have used MSFT_AD_Base_9.1.1.7.0 to install active directory connector and synchronized (provision and reconciliation) oim users with the AD. I can't seem to find documentation on how to sync oim roles with with AD groups. Can you provide me some pointers for this. the deployment documetnation (MS_ActiveDirectory_Guide.pdf) indicates that i cannot run ADGroupRecon if i am on 11.1.1... version (bug Bug 9799541).
    It also appears that a resource cannot be assigned at the role level in oim 11.1.1. is there something missing from our environment, i was able to add AD User reosource to user profiles.
    Basically i cannot provision or recon group at this time.
    any help with this is much appreciated. Please let me know if you need additional information.
    Best Regards,
    Prasad.
    Edited by: Prasad on Aug 5, 2011 6:12 AM

    I don't believe there has ever been code to create OIM Groups based on AD Groups and then add the OIM Users to those groups accordingly. You would need to create a custom scheduled task that creates for a group for every entry in the lookup for the AD Groups. Then you would also need to read every user's child table entry for their AD Groups and adds the user to each one of those groups. You could also have code the runs on every Add User to Group event, that adds the user to the OIM group as well as in AD. And you can do the same for removal.
    There are lots of options, but this is not part of the OOTB Connector. This would be your own customization.
    -Kevin

  • Active Directory Structure Questions

    I recently started working for a company that offers cloud services for our clients where we host our software as a service and we also migrate any other applications the client is using onto the servers that we host for them.
    My concern is that every client we have is in our domain. The structure of our servers is that our domain is the top of the organization and each client has their own dc and that dc is listed as an organizational unit in our AD. I have never seen anything
    like it. Most of the clients have their own domains and web sites but we do not migrate that portion of their IT into our cloud. We do however bring everything else over and we offer O365 to many of them.
    Imagine if you will opening ad users and computers and under the root all the OU's are named after clients and actually represent their servers all of which are dc's.
    I was wondering what if any precedent would support this type of configuration? I am just asking.
    Thanks
    Richard Tamboli

    No Special hardware is required for Active Directory
    Active Directory is builtin feature for most of the Windows Servers such as Windows Server 2003, 2008,2008R2,2012.
    It is a feature and part of Windows Server.
    Hope this may answer your questions.
    http://en.wikipedia.org/wiki/Active_Directory

  • Exchange 2010 and Active Directory connector

    Has anyone managed to provision an exchange 2010 mailbox with the dotnet connector bundle in the latest patch OW8.1.1.1/145769-01? ActiveDirectory.Connector-1.0.0.5143.zip and Exchange.Connector-1.0.0.5757.zip.
    Provisioning the Active Directory account works fine but as soon as I add an exchange attribute I get an error: java.lang.RuntimeException: The specified directory service attribute or value does not exist. (Exception from HRESULT: 0x8007200A)
    I checked everything I could think of. Either I'm missing something obvious or it does not work.
    Greetings,
    Marijke

    Have you had any luck with this?
    /hydrazine

  • Active directory change question regarding affects on exchange 2013

    Good day,
      I have some universal security groups that are meant to be distribution groups in a 2008 R2 active directory forest.  These groups are being utilized by exchange 2013, I plan on turning these groups into global distribution groups in active
    directory (all changes will be made in active directory only, not in exchange).
      Question is; What will happen to the mail boxes using this group? Will it break the mailbox? How will users be affected?
     I plan on doing testing of my own but if someone else has already done this and has ran into issues this will help me out greatly.

    Hi ,
    Mail enabled security groups can be used for two purposes.
    1.Used to distribute emails to its members.
    2.Unlike mail enabled Distribution groups , Mail enabled security groups will have SID value , so it can be mapped on any resources (for eg : share folder ) to get the access permissions to it members.
    In your case ,You would like to change the scopes for the mail enabled security groups ,Before changing the group scopes just have a look in to the following link which states clearly about the group scopes and its usage.
    http://technet.microsoft.com/en-us/library/cc755692(v=ws.10).aspx
    Please feel to reply me if you have any queries.
    Thanks & Regards S.Nithyanandham

  • Problems using native query in Active Directory connector v 9.1

    Hello,
    Has anyone ran into a problem when trying to do a query with a not operator?
    I want to import all users, but not computers.. so I tried the query (&(objectClass=user)(!objectclass=computer))
    I tried this query directly in the active directory and it worked.
    The problem is when I apply it to OIM it gives out the following error:
    DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ActiveDirectoryRecon::performReconciliation() Enter
    DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ActiveDirectoryRecon::setTaskSchedulerObjectName() Enter
    INFO,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],Starting Active Directory Trusted Reconciliation
    DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ActiveDirectoryRecon::setTaskSchedulerObjectName() Exit
    DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ADLookupMaps::getADFieldsArray() Enter
    DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ADLookupMaps::getADFieldsArray() Exit
    DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Enter
    DEBUG,29 Oct 2008 19:48:06,350,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Exit
    DEBUG,29 Oct 2008 19:48:06,350,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Enter
    DEBUG,29 Oct 2008 19:48:06,363,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Exit
    DEBUG,29 Oct 2008 19:48:06,363,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Enter
    DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Exit
    DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],ADReconTaskAttrs::parseAndSetMultiValAttrs() Enter
    DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],ADReconTaskAttrs::parseAndSetMultiValAttrs() Exit
    DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],ActiveDirectoryRecon/performReconciliation :query (&(&(objectClass=user)(!objectclass=computer))(whenChanged>=19000101000000.0Z))
    DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::searchResultPageEnum() Enter
    DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::connectToAvailableAD() Enter
    DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::hashTableEnvForDirContext() Enter
    DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::hashTableEnvForDirContext() Exit
    DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::hashTableEnvForLDAPContext() Enter
    DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],tcADUtilLDAPController::hashTableEnvForLDAPContext() Exit
    DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],tcADUtilLDAPController::validateCertificates() Enter
    DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],tcADUtilLDAPController::validateCertificates() Exit
    DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],Critical Extensions Supported
    DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],tcADUtilLDAPController::invalidateSSLSession() Enter
    DEBUG,29 Oct 2008 19:48:06,549,[OIMCP.ADCS],tcADUtilLDAPController::invalidateSSLSession() Exit
    DEBUG,29 Oct 2008 19:48:06,989,[OIMCP.ADCS],tcADUtilLDAPController::connectToAvailableAD() Exit
    ERROR,29 Oct 2008 19:48:06,989,[OIMCP.ADCS],The error occured in tcADUtilLDAPController::searchResultPageEnum():Unbalanced parenthesis
    DEBUG,29 Oct 2008 19:48:06,989,[OIMCP.ADCS],tcADUtilLDAPController::disconnect() Enter
    DEBUG,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],tcADUtilLDAPController::disconnect() Exit
    DEBUG,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],tcADUtilLDAPController::searchResultPageEnum() Exit
    DEBUG,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],ActiveDirectoryRecon::performReconciliation() Exit
    INFO,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],End of Active Directory Reconciliation....
    DEBUG,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],ActiveDirectoryReconTask/execute End
    Thanks in advance,
    Tomic

    Hi,
    Try this and it will work.I am using it.
    (&(objectClass=user)(!(objectClass=computer)))
    Regards
    Nitesh

  • Active Directory Connector server Error

    Dear All,
    I've faced this Exception while i've run AD reconciliation job  , the following is the connector server Error
    ConnectorServer.exe Information: 0 : Starting connector server: C:\Program Files (x86)\Identity Connectors\Connector Server
        DateTime=2013-06-26T08:24:23.3332424Z
    ConnectorServer.exe Information: 0 : Started connector server
        DateTime=2013-06-26T08:24:23.3801180Z
    ConnectorServer.exe Information: 0 : Server started on port: 8759
        DateTime=2013-06-26T08:24:23.3957432Z
    ConnectorServer.exe Information: 0 : Stopping connector server
        DateTime=2013-06-26T08:24:53.6617556Z
    ConnectorServer.exe Information: 0 : Stopped connector server
        DateTime=2013-06-26T08:24:53.6930060Z
    ConnectorServer.exe Information: 0 : Starting connector server: C:\Program Files (x86)\Identity Connectors\Connector Server
        DateTime=2013-06-26T08:47:53.0780484Z
    ConnectorServer.exe Information: 0 : Server started on port: 8759
        DateTime=2013-06-26T08:47:53.3749291Z
    ConnectorServer.exe Information: 0 : Started connector server
        DateTime=2013-06-26T08:47:53.3749291Z
    ConnectorServer.exe Information: 0 : Creating new pool: ConnectorKey( bundleName=ActiveDirectory.Connector bundleVersion=1.1.0.6380 connectorName=Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector )
        DateTime=2013-06-26T13:35:45.8003033Z
    ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: The server is not operational.
       at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.ExecuteQuery(ObjectClass oclass, String query, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 824
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.RawSearcherImpl`1.RawSearch(SearchOp`1 search, ObjectClass oclass, Filter filter, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1223
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.RawSearcherImpl`1.RawSearch(Object search, ObjectClass oclass, Filter filter, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1194
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.SearchImpl.Search(ObjectClass oclass, Filter originalFilter, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1156
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
       at ___proxy1.Search(ObjectClass , Filter , ResultsHandler , OperationOptions )
       at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
        DateTime=2013-06-26T13:46:24.7813215Z
    ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: The server does not support the requested critical extension.
       at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.ExecuteQuery(ObjectClass oclass, String query, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 824
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.RawSearcherImpl`1.RawSearch(SearchOp`1 search, ObjectClass oclass, Filter filter, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1223
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.RawSearcherImpl`1.RawSearch(Object search, ObjectClass oclass, Filter filter, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1194
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.SearchImpl.Search(ObjectClass oclass, Filter originalFilter, ResultsHandler handler, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1156
       at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
       at ___proxy1.Search(ObjectClass , Filter , ResultsHandler , OperationOptions )
       at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
        DateTime=2013-06-26T13:46:33.2346088Z
    ConnectorServer.exe Error: 0 : System.IO.IOException: Unable to write data to the transport connection: An established connection was aborted by the software in your host machine. ---> System.Net.Sockets.SocketException: An established connection was aborted by the software in your host machine
       at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
       at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       --- End of inner exception stack trace ---
       at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.IO.BufferedStream.FlushWrite()
       at System.IO.BufferedStream.Flush()
       at Org.IdentityConnectors.Framework.Impl.Serializer.Binary.BinaryObjectEncoder.Flush() in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\SerializerBinary.cs:line 291
       at Org.IdentityConnectors.Framework.Impl.Api.Remote.RemoteFrameworkConnection.Dispose() in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiRemote.cs:line 132
       at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.Run() in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 380
        DateTime=2013-06-26T13:46:33.3908618Z
    ConnectorServer.exe Error: 0 : System.IO.IOException: Unable to write data to the transport connection: An established connection was aborted by the software in your host machine. ---> System.Net.Sockets.SocketException: An established connection was aborted by the software in your host machine
       at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
       at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       --- End of inner exception stack trace ---
       at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.IO.BufferedStream.FlushWrite()
       at System.IO.BufferedStream.WriteByte(Byte value)
       at Org.IdentityConnectors.Framework.Impl.Serializer.Binary.InternalEncoder.WriteInt(Int32 v) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\SerializerBinary.cs:line 179
       at Org.IdentityConnectors.Framework.Impl.Serializer.Binary.InternalEncoder.WriteObject(ObjectEncoder encoder, Object obj) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\SerializerBinary.cs:line 112
       at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessRequest() in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 462
       at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.Run() in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 370
        DateTime=2013-06-26T13:46:33.3908618Z
    Thanks
    Shereen

    In the troubleshooting section of the guide, couple of reasons for this exception are mentioned. Maybe you can browse through them.
    Troubleshooting

  • OIM Integration with Active Directory Federation Services (ADFS)

    Hello friends
    I have a question about the integration of Oracle Identity Manager with Active Directory which is federated with another external directory for ADFS. My question is:
    What considerations should be to contemplate if I have an active directory federated environment when carrying out the integration with Identity Manager?
    I use version 9.1.0.2 of Oracle Identity Manager with Microsoft Active Directory Connector User Management 9.1.1.7
    Thanks for the support.

    First consideration is that the OIM's target ADFS - in the federated scenario, will that participate as a Service provider or identity provider. I would think identity provider.
    Next consideration: What all attributes are required to be played in the SAML assertion to the other end-point? All these attributes must be present and should be provisioned to the AD in this case.
    So, OIM should be set up (UDF etc) to provision all those attributes needed in the SAML.
    Next consideration: What all scenario to support? IdP initiated or SP initiated? If SP initiated, then process will hv to be defined if a user id does not exist in the AD of the OIM target. Will the request be failed or a in-time provisioning should happen.
    Hope this helps.

  • Recon and provisioning of user-defined object class ICF Active Directory

    I have followed the documentation instructions for reconciliation of a user-defined object class in the ICF Active Directory connector. I am using OIM 11gR2 with the ICF Active Directory 11.1.1.5 connector patched to 11.1.1.5.0A. The procedure states to create the new object class in AD and then change the objectClass value in the Lookup.Configuration.ActiveDirectory lookup. In my case I am using the existing ObjectClass of contact, rather than a new object class. Just for completeness I am using a clone of the AD User Resource Object which I call AD User Contact and so my lookup name is Lookup.Configuration.ActiveDirCon.
    When I changed the ObjectClass from User to Contact, and ran the Active DirCon User Target Recon scheduled job, with Object Type also = contact. The first issue I noticed was that the connector wanted a different set of lookups, which is not in the documentation. It is looking for a lookup in my Configuration lookup where code key=contact Configuration Lookup (which I should have expected since there are code keys for User, Group, and organizationalUnit). I added a line to the lookup where code key=contact Configuration Lookup and the Decode=Lookup.ActiveDirCon.CM.Configuration and then I created a new lookup by that name, assigning the 5 values to be the Lookup.ActiveDirCon.UM.xxx lookups. I did not see any need to create a new set of Lookup.ActiveDirCon.CM.xxx lookups with the exact same values.
    I re-ran the scheduled job and it ran successfully, but did not generate any Recon Events, even though I had objects in the OU and I have that same OU in the Lookup.ActiveDirCon.OrganizationalUnits lookup (from the Org Lookup Recon). Everything looks good but getting no results. Looked at the log file from the ConnectorServer and it is building the query properly and executing it properly with the correct syntax, getting no errors, but the SearchAndReturnObjects method is returning zero results.
    Looking to see if anyone has successfully reconciled in user-defined or other non-User objectClass objects from Active Directory, and if so, can you provide Lookup configuration and Connector Server information so I can troubleshoot.
    I resolved this issue by changing the recon lookups to a blank lookup called Lookup.ActiveDirCon.CM.ReconAttrMap and only added in the parameters that are used by a Contact object. Only populate the ReconAttrMap with parameters that exist for the custom object.
    Edited by: Keith Smith AptecLLC on Mar 27, 2013 6:31 AM

    Oracle Support answered this question via SR

  • Active Directory SSL Problem

    Hi everyone,
    I installed SSL certificate according to Active Directory Connector Guide(part 2.2.3.4.).
    But I have an error :
    ConnectorServer.exe Error: 0 : Error processing request
    System.NotSupportedException: The server mode SSL must use a certificate with the associated private key.
    Dou you have any idea ?
    Thanks.
    Best regards.

    Hi,
    I did all requirements but I have an error.
    In Connector Server log :
    ConnectorServer.exe Error: 0 : Error processing request
    System.NotSupportedException: The server mode SSL must use a certificate with the associated private key.
    In OIM diagnostic log :
    org.identityconnectors.framework.common.exceptions.ConnectorException: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    Do you have any idea ?
    Thanks.

  • Error running Organization Lookup Recon in OIM 11g R2 with Active Directory

    Hi all,
    I have an implementation of OIM 11g R2, with an Active Directory 11.1.1.5.0 connecting to an instance of Active Directory on Windows Server 2008. I am trying to run the "Active Directory Organization Lookup Reconciliation" scheduled task, but the job fails with this error:
    oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=ActiveDirectory.Connector bundleVersion=1.1.0.6380 connectorName=Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector ) not found
    This is the full stack trace from the oim_domain.log file:
    oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=ActiveDirectory.Connector bundleVersion=1.1.0.6380 connectorName=Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector ) not found
    at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:176)
    at oracle.iam.connectors.icfcommon.recon.AbstractReconTask.init(AbstractReconTask.java:115)
    at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:382)
    at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:135)
    at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
    at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
    at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
    at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
    at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
    at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:116)
    at sun.reflect.GeneratedMethodAccessor739.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:266)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.security.Security.runAs(Security.java:41)
    at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
    at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:75)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
    The Connector Server is installed on the AD instance, and the key has been set, and used appropriately in the Active Directory Connector Server IT Resource in OIM.
    Any advice on how to resolve this error or on any possible causes would be much appreciated, thank you.

    From the installation media, copy and extract contents of the bundle/ActiveDirectory.Connector-1.1.0.6380.zip file to the CONNECTOR_SERVER_HOME directory
    Refer http://docs.oracle.com/cd/E22999_01/doc.111/e20347/deploy.htm#CHDDJGIG

  • Error while trying to provision OIM user to Active Directory using SSL

    Hi All,
    I am able to see the users through LDAP browser using SSL but am getting the following error while trying to provision OIM users to AD using SSL.
    I am using Microsoft Active Directory connector type 9.11.
    Response: Connection Error encountered
    Response Description: Error encountered while connecting to target system
    I did some testing using "Diagnostic Dashboard" and the following are the results.
    Test Name: Target System SSL Trust Verification: Passed
    Test Name: Test Basic Connectivity: Failed
    Exceptions:
    ITResource information values are not correct. Enter the correct values.
    java.lang.reflect.InvocationTargetException
    javax.naming.CommunicationException: simple bind failed:
    unable to find valid certification path to requested target.Test Name: Test Provisioning:Failed
    Note: Without SLL all the above tests got Passed.
    Can anybody help me out from this issue.
    Thanks in advance.
    Pradeep Kumar.

    I am able to connect to AD using 636 port number from LDAP browser and as the following test got Passed i think that my certificatee should be correct.
    Test Name: Target System SSL Trust Verification.
    Input Parameters
    Target System: idm.orademo.com
    Port: 636 Certificate Store
    Location: /usr/java/jdk1.6.0_14/jre/lib/security/cacerts
    Result : Passed
    ITResource Values:
    ADAM LockoutThreshold Value     
    ADGroup LookUp Definition     Lookup.ADReconciliation.GroupLookup
    Admin FQDN     cn=Administrator,cn=Users,dc=orademo,dc=com
    Admin Password     *******
    Allow Password Provisioning     yes
    AtMap ADGroup     AtMap.ADGroup
    AtMap ADUser     AtMap.AD
    Invert Display Name     no
    Port Number     636
    Remote Manager Prov Lookup     AtMap.AD.RemoteScriptlookUp
    Remote Manager Prov Script Path     
    Root Context     dc=orademo,dc=com
    Server Address     idm.orademo.com
    Target Locale: TimeZone     GMT
    UPN Domain     orademo.com
    Use SSL     yes
    isADAM     no
    isLookupDN     no
    isUserDeleteLeafNode     no
    Thansk & Regards,
    Pradeep Kumar.

  • OID and MS Active Directory Synchronization

    Hi,
    I've read that these 2 LDAP services can be synchronized with the "Active Directory Connector" SO does this mean that if users and groups are stored in the MS active directory it is possible to have the users and groups synchronized with the OID so that these are available directly in Oracle Portal or do they still need to be added manually somehow into portal ??
    Thanks in advance,
    Brandon

    You can find documentation at :
    - http://www.oracle.com/technology/products/oid/oidhtml/sec_idm_training/html_masters/basics01.htm
    - http://www.oracle.com/technology/products/oid/oidhtml/sec_idm_training/html_masters/basics02.htm
    - Note 267153.1 (How To Setup OID Synchronization with Microsoft Active Directory Quick Start Guide) with related docs
    Best regards,
    Nicolas Stiévenard

  • OID and Active Directory

    1 Does Oracle OID integrate with Active Directory to synch data with Active Directory periodically?
    2 Marshall data from Active Directory on demand (live link)?
    3 Does Oracle Single Sign-on solution work with multiple directories (i.e. OID and AD both being used by Oracle Single Sign-on)
    4 Can Oracle Single-Sing-on work with a Desktop login into a Domain (also called NT Authentication or Desktop authentication).

    This is what I have to share with you....For further details refer link http://otn.oracle.com/products/oid/index.html and Oracle Internet Directory Administrator's Guide.
    1 Does Oracle OID integrate with Active Directory to synch data with Active Directory periodically?
    For synchronizing from Microsoft Active Directory to Oracle Internet Directory, you need to track changes in Microsoft Active Directory and configure your Active directory connector giving its URL, user account and password to be used by the Active Directory connector, its DIT info on domain which contain the users/groups. And in the Active Directory synchronization profile you'll have to set the mapping rule.
    2 Marshall data from Active Directory on demand (live link)?
    Yes, its possible to migrate data between directories. Configure your Active Directory connector and External auth Plug-in. And use the Directory Integration and Provisioning Assistant.
    3 Does Oracle Single Sign-on solution work with multiple directories (i.e. OID and AD both being used by Oracle Single Sign-on)
    Yes, its possible. When a user tries to log in, the OracleAS Single Sign-On server tries to verify the credentials the user enters against those stored in Oracle Internet Directory. If the user credentials are not there, then the Oracle directory server invokes the Active Directory external authentication plug-in. This plug-in verifies the user credentials in Microsoft Windows. If the verification is successful, then the Oracle directory server notifies the OracleAS Single Sign-On accordingly.
    4 Can Oracle Single-Sing-on work with a Desktop login into a Domain (also called NT Authentication or Desktop authentication).
    Oracle Application Server Single Sign-On enables native authentication, also called autologin, in a Microsoft Windows environment. Once logged into the Windows desktop, the user automatically has access to Oracle components. OracleAS Single Sign-On automatically logs the user into the Oracle environment using user's Kerberos credentials.

Maybe you are looking for