AD group membership details during request

My requirement is for an AD User to become a member of several AD groups during request, i.e. the Group membership details is pre-populated. I tried to implement using Access Policy but it did not work. Hope you could give me other options.

You need to click the process form on the access policy, then from the drop down, chose for the child table. Then add your entries into the child table and then they will apply for the access policy.
-Kevin

Similar Messages

Pre-Populate group membership details while provision

Hi,
We are using AD Connector 9.1.0.1 to provision OIM user to ADAM.
While provision I need to pre-populate group membership details of user like other user attributes.
Is it possible to do this using pre-populate adapter; if so then please provide us details to do this or is there any other approach to achieve this?
-Hardew

Can you explain the FormInstanceOpsIntf piece in a little more detail? I'm having a similar issue as the other two posters above, except mine is with OID.
1) So focusing first on just creating the adapter...
a. Create a new adapter of type Entity.
b. Create the adapter variables here???
-> Three variables of type long, and one of type object???
c. Add an adapter task
-> Type: Utility Task -> Oracle Identity Manager Api
-> New Object Instance
-> Task Name: <not important>
??? (is this correct) -> Application API - Thor.API.Operations.tcFormInstanceOperationsIntf
??? (is this correct) -> Methods - 17. public abstract long Thor.API.Operations.tcFormInstanceOperationsIntf.addProcessFormChildData(long,long,java.util.Map)
d. Complete the Parameter Data Mapping
-> Input: long - ??? (what to map here?)
-> Output: long - ??? (what to map here?)
-> Input: long - ??? (what to map here?)
-> Input: java.util.Map - ??? (what to map here?)
2) After the adapter is created, I will look up the "OID User" form in the Data Object Manager, and add the adapter I created under "Post-Insert".
Thanks!

Invoke an adapter on change of User's Group Membership details

Hi
I need to invoke an adapter on change of User’s Group Membership details. I am not able to figure out from where I can invoke my adapter.
Does anyone have any idea about this?
-- Another Question: what is the purpose of having “tcUSRautoGroupMembership” in User’s Object Form on Post Update. It would be nice if you give some details about this task.
-Hardew

Thanks for quick response.
What you have mentioned, is applicable for a specific value of a user’s OIM Profile filed; that means it will triggered only if a user has specified value i.e. "blah blah" for that field i.e. fieldA.
However my scenario is slightly different. Let me explain my scenario by example:-
I have N numbers of OIM groups i.e. g1, g2, g3, g4……, gn and a user called myUser. This user is a member of two groups’ g1 and g2, now if I make myUser to member of one more group i.e. g3 or remove i.e. g1; then I want to perform a custom task using adapter on this Group Membership change.
Is there any “Data Object Form” where I can associate my adapter on post-update to detect change of User’s Group Membership?
_hardew

AD account used for running SIA locked during group membership querying

Hello,
I have code that is querying user / group membership from the BOE repository using the Java Enterprise SDK. When running against an environment using an AD service account to run the SIA, an error is thrown and the AD account is subsequently locked when I execute my code. The error is as follows:
com.crystaldecisions.sdk.exception.SDKServerException: The Active Directory Authentication plugin failed to verify the currently specified administration credentials required to connect to Active Directory. Please contact your system administrator.
cause:com.crystaldecisions.enterprise.ocaframework.idl.OCA.oca_abuse: IDL:img.seagatesoftware.com/OCA/oca_abuse:3.2
detail:The Active Directory Authentication plugin failed to verify the currently specified administration credentials required to connect to Active Directory. Please contact your system administrator.
The server supplied the following details: OCA_Abuse exception 10505 at [.\exceptionmapper.cpp : 79] 50068 { , , secWinAD}
...The Active Directory Authentication plugin failed to verify the currently specified administration credentials required to connect to Active Directory. Please contact your system administrator. Plugin error: SecWinAD Error: an error occurred in CADCredentialManager::SwitchSecurityContexts().
If the account is successfully running the SIA, I'm not understanding why this message is being thrown. Also - I'm assuming some internal login is happening with this AD account when I query for group membership (?), as I am able to query for other types of metadata without error / locking the account. Based on the error thrown, the authentication with this ID is failing, and is probably being attempted multiple times, resulting in the account being locked? Can anyone provide insight here?
Thanks...

Ted is right on the mark with this one.
The cause is outlined in the exception indicating a problem with the SwitchSecurityContexts() function. The Active Directory plugin requires a set of credentials with which to connect to Active Directory and perform any necessary lookups. Therefore, the issue is not with the account running your SIA (and by extension your CMS), but the Active Directory administration credentials you've set on the plugin (either via the CMC or through code). When the CMS tries to impersonate, or switch security context to the other account, it fails to authenticate against Active Directory.
Check to make sure this property is set identically to the account running the SIA, and like Ted said, that you can successfully update the plugin via the CMC.
Thanks,
Jim

An exception occurred during request processing

Hi,
When i am going to create activity as task it's showing error please advice me how to resolve this issue.
Diagnosis
An exception occurred during request processing. This was handled centrally. It changed the program flow and the result of the request probably contains errors.
Procedure
Contact your system administrator.
Procedure for System Administration
Activate checkpoint group BSP_WD_EXCEPTION_DISPLAY. To do this, use transaction SAAB. If the error recurs, further details are displayed.
Exception Details
CX_BSP_WD_HTTP_RESPONSE_ERROR -
Method: CL_BSP_WD_STREAM_LOADER=>LOAD_FROM_URL
Source Text Row: 159
rose.

Hello,
Please check from your basis team if 'fully qualified domain name of the server is correctky configuered'.
Also, check the host name of the system in the Hosts file.
This will resolve your issue for sure.
Regards,
Kapil Patil

AD Group Membership with User From Domain Outside of Forest

Here's one to twist your brain around -
I have kerberos authentication using Active Directory working between a client's web browser and my web-app hosted in JBoss. I also have limited authorization working by checking group memberships using LDAP. This currently only works if all users are in the same domain. The ever-helpful adler_steven has detailed in another thread (http://forum.java.sun.com/thread.jspa?threadID=603815&tstart=15) how to do a group membership check for all Users/Groups in a single forest using the Global Context.
I need to go beyond the domain and even beyond the forest and try to authorize a user from a trusted domain by checking if the user is a member of a group in my domain. Authentication works fine using kerberos. It's the authorization by group check I am having trouble with. I believe there are two ways to approach this:
Approach #1
Access the MS-specific PAC in the kerberos token from the client to get the group SIDs. The structure of the PAC is nicely defined in this article: http://appliedcrypto.com/spnego/pac/ms_kerberos_pac.html. However, I have no idea how to access the decrypted token. I pass the encrypted token that I receive from the browser to myGssContext.acceptSecContext(...) to complete the authentication.
Question: Does anyone know how to get the decrypted kerberos ticket from there, specifically the authorization-data field?
Approach #2
Try to walk through the Active Directory structures in both domains using LDAP. In the domain group that I am checking, I can see a member attribute that references a foreignSecurityPrincipal object. The CN of this object happens to be the objectSID of the user I am looking for in the remote domain. Unfortunately, I have to check the remote domain server directly to verify that. The foreignSecurityPrincipal object itself does not contain any hint about what user it refers to aside from the SID (no originalDomainName attribute or something similar). It is feasible that I could walk the chain of references back to the remote domain AD server. That would require that my configuration include a list of remote domain servers to check (since I could have users from multiple trusted domains) and that my JBoss server have access to those servers.
Question: Does anyone know of some other LDAP-related way of finding information about a user from a remote, trusted domain without having to hit the server for that domain directly?
adTHANKSvance
Eric

You should be able to work back from the foreignSecurityPrincipal object :-) He says with a wry smile..
This post prompts me to think whether one day someone will draw the entity relationship diagram for AD. Oh well, I've been procrastinating for years, a few more won't hurt !
If it was a user from within the same forest, you should just be able to perform a search against a GC using the objectSID as the search filter. I've forgotten, but I don't think they will be represented as foreign security principals.
Have a look at the post titled JNDI, Active Directory and SID's (Security Identifiers) available at
http://forum.java.sun.com/thread.jspa?threadID=585031&tstart=150 that describes how to search for an object based on their SID.
Now if it is a user from another forest, with which you have a trust relationship, then we begin the navigation excercise.
You'll need obtain the user's SID (either from the cn or from the objectSID attributes) from the foreignSecurityPrincipal object. For example CN=S-1-5-21-3771862615-1804478405-1612909269-2143,CN=ForeignSecurityPrincipals,DC=antipodes,DC=com
objectSID=S-S-1-5-21-3771862615-1804478405-1612909269-2143Then obtain the domain RID, eg.S-1-5-21-3771862615-1804478405-1612909269Next you will have to recurse each of the crossRef objects in the Partitions container, in the configuration naming context (which you will find listed in the RootDSE). The crossref objects that represent trusted domains or forests will have values for their trustParent attributes. A sample query would be something like//specify the LDAP search filter
String searchFilter = "(&(objectClass=crossRef)(trustParent=*))";
//Specify the Base for the search
String searchBase = "CN=Partitions,CN=Configuration,DC=antipodes,DC=com";For each crossRef object, you can then use the dnsRoot attribute to determine the dns domain name of the forest/domain (if you want to later use dns to search for the dns name,ip address of the domain controllers in the trusted domains/forests), and then use the nCName attribute to determine the distinguished name of the trusted forest/domain.dnsRoot = contoso.com
ncName = dc=contoso,dc=comPerform another bind to the ncName for the trusted domain/forest and retrieve the objectSID attribute, which will be the domain's RID. You may want to cache this information as a lookup table to match domain RID's with domain distingusihed names and dns names.String ldapURL = "ldap://contoso.com:389";
Attributes attrs = ctx.getAttributes("dc=contoso,dc=com");
System.out.println("Domain SID: " + attrs.get("objectSID").get());Once you find out which domain matches the RID for the foreignSecurityPrincipal, you can then perform a search for the "real user" .And then finally you should have the user object that represents the foreign security principal !
Just one thing to note. Assume that CONTOSO and ANTIPODES are two separate forests. If you bind as CONTOSO\cdarwin against the CONTOSO domain, the tokenGroups attribute (which represents teh process token) will contain all of the group memberships of Charles Darwin in the CONTOSO domain/forest. It will not contain his memberships if any, of groups in the ANTIPODES forest. If Charles Darwin accesses a resource in ANTIPODES, then his process token used by the ANTIPODES resource will be updated with his group memberships of the ANTIPODES forest. Also you can have "orphaned foreignn security principal", where the original user object has been deleted !
BTW, If I was doing this purely on Windows, IIRC, you just use one API call DsCrackNames, to get the "real user", and then the appropriate ImpersonateUser calls to update the process token etc..
Good luck.

Shared Calendars / Room Lists and automatically forcing them to users based on Security Group Membership

Good morning all,
I need some help achieving the following in our Exchange 2013 Environment. First off, we have Exchange 2013, but all our clients have Outlook 2010.
Here's what I would like to be able to do:
1) create/manage public calendars / rooms in exchange 2013
2) force these shared public calendars / rooms to users' calendars who are members of particular security groups
3) give edit permissions / "booking" permissions for the shared calendars so select users are able to make changes to the shared calendars, as well as accept/deny requests to "book" shared room calendars
Any one got any resources they can give to point me in the right direction?
I have already created two mailbox room resources, and have them set up in a room list in AD. But need to know the above as far as creating a shared calendar for events, and forcing these calendars / room lists out to users based on security group
membership.
I don't want my users to have to know how to add a shared calendar...that would be a nightmare explaining. I just want it to show up.
Any help on this is greatly appreciated, thank you!

1) I recommend using Room Mailboxes for resource calendars because it just works better.
2) This is a standard feature of a Room Mailbox.
3) You're pretty specific here, but I think this is also more or less available with a Room Mailbox combined with folder rights.
I don't know any way to just make them "show up". You'll have to teach them. Well written instructions can work wonders.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Application error occurred during request processing TRIAL EmployeeAddressD

I ve the NW Java Trial which is chipped with a demo scenario.
When I try to test this service:
Service: EmployeeAddressData
Test: getAddressByPersonalID_R (String personalid)
I'm runing into:
Result:
Application error occurred during request processing.
Details: com.sap.engine.services.webservices.wsnavigator.WSNavigatorException: null
Exception id: [000C2980205100660000001900000F1D00044B2662750D88]
In the netweaver portal itself the user gets the following information when trying to access its data:
com.sap.tc.webdynpro.model.webservice.api.WDWSModelExecuteException: Exception on execution of web service with WSDL URL 'http://ivml2005:50000/EmployeeAddressData/Config1?wsdl' with operation 'getAddressByPersonalID_R' in interface 'EmployeeAddressDataVi_Document' User not found in HR: Exception on execution of web service with WSDL URL 'http://ivml2005:50000/EmployeeAddressData/Config1?wsdl' with operation 'getAddressByPersonalID_R' in interface 'EmployeeAddressDataVi_Document'
Any ideas on how to solve this or how to get an error msg, which has more information?
Edited by: Deniz Kesmen on Apr 18, 2008 5:52 PM

Hi Deniz Kesmen
Did you got the solution of the above problem?
I am also getting the same type of issue while executing the webservice for a BRM rule from a webdynpro java application.
I am using adaptive web service model for executing the webservice. Error is given below:
com.sap.tc.webdynpro.model.webservice.api.WDWSModelExecuteException: Exception on execution of web service with WSDL URL 'http://LT-ENTITPCONSAJ.s1.ms.unilever.com:50000/testrule/testrulePort?wsdl&mode=ws_policy' with operation 'invokeRules' in interface 'testrulePortType'
I am using CE 7.2 system.
If I execute the web service from wsnavigator it works fine.
Appreciate for you help.
Regards
Sajith

Application error occurred during request processing.

Hi, I got the following error when you invoke a method of a web service deployed on my local server
Details:com.sap.engine.services.webservices.wsnavigator.WSNavigatorException: null
Exception id:
I don´t have any compilation errors in the Java source code published by the Web service.

Hi Sumit,
thanks for the quick reply. I get only these lines when i execute webservice.
500 Internal Server Error
Application error occurred during request processing
 Details: com.sap.engine.services.webservices.wsnavigator.WSNavigatorException: null
 Exception id: [0016355ABDF800580000016F00002C7800043D23C1985713]
If required i can send my code...
thanks,
sudhir.

Application error occurred during request processing webdynpro

Hi all,
I have developed one sample web dynpro application( welcome). when was deploying the welcome application on the j2ee engine using NWDS. It is giving the fallowing error i.e.
500 Internal Server Error
Application error occurred during request processing.
Details: com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Failed to create deployable object 'local/Welcome' since it is not of a Web Dynpro object.
Exception id: [02004C4F4F50005C0000000A0000091800042D3A2DDDDEDB]
Please help me how to deploy this application successfully.
Regards,
Deviprasad.

Hi Deviprasad,
Check out this link
Re: Internal Server Error 500
Regards,
Prateek

Application error occurred during request processing. in Netweaver 2004s

Hi
I am facing the following error when I am try to open Netweaver Administrator(nwa)
using following URl
http:<serevername>:50100/nwa
Application error occurred during request processing.
Details: com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Found no client for parameter: null, useragent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)
Exception id: [00145E186CB7007300000017000015FC0004242617536888
System landscape
Netweaver 2004s/ windows 2003/ MaxDB
Thanks and Regards
Ravindran

Details: com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Found no client for parameter: null, useragent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)

Do you use the new IE 7 ?
If so please try to open the NWA with the IE 6 - perhaps it helps.
Regards,
Norman

Application error occurred during request processing. TCODE - RSPLAN.

while running the BI Integration Planning When i Click Start Modeler I am getting this error described below
Application error occurred during request processing.
Details: com.sap.tc.webdynpro.services.sal.core.DispatcherException: The requested deployable object 'sap.com/biplanworkbench1' and application 'Modeler' are not deployed on the server. Please check the used URL for typos.
Exception id: [001125C534B000480000001C000C90C20004261894A9684E]

still getting the same problem
I Have gone through the note no 919850 it says that
In particular, check the version of the BI-REPPLAN and BI-WDALV
software components.
and i have checked these component are not there
now question is how to install these component.
and if that gona really help
another point which i have check is
To do this, use the test function in the Web Dynpro Content
Administrator for JCo connections. The following settings are required
for the two JCo connections BI_METADATA and WD_ALV_METADATA_DEST
when i go to maintain jco connection there is no jco connection at all it is completely blank there

ERROR! The following error occurred during request processing:build contro

Hi,
I am unable to request activation. Please help. It is a serious issue. following is the message.
public part "default" of component "sap.com/servlet" ... OK
 [PP "default" of DC 108 variant "default"][SC 623][last successfull build: 779]
 public part "strutsComp" of component "boc.com/struts" ... OK
 [PP "strutsComp" of DC 186 variant "default"][SC 621][last successfull build: 913]
 public part "default" of component "sap.com/com.sap.mw.jco" ... OK
 [PP "default" of DC 59 variant "default"][SC 623][last successfull build: 779]
 public part "log4jComp" of component "boc.com/log4j" ... OK
 [PP "log4jComp" of DC 188 variant "default"][SC 620][last successfull build: 779]
 public part "default" of component "sap.com/activation" ... OK
 [PP "default" of DC 34 variant "default"][SC 623][last successfull build: 779]
 public part "default" of component "sap.com/mail" ... OK
 [PP "default" of DC 99 variant "default"][SC 623][last successfull build: 779]
 public part "strutsAss" of component "boc.com/struts" ... OK
 [PP "strutsAss" of DC 186 variant "default"][SC 621][last successfull build: 913]
 public part "log4jAss" of component "boc.com/log4j" ... OK
 [PP "log4jAss" of DC 188 variant "default"][SC 620][last successfull build: 779]
 Synchronize used libraries... finished at 2007-12-19 12:16:21.792 GMT and took 3 s 625 ms
Prepare build environment in the file system... finished at 2007-12-19 12:16:21.792 GMT and took 9 s 609 ms
===== Pre-Processing ===== finished at 2007-12-19 12:16:21.792 GMT and took 10 s 515 ms
===== Processing =====
BUILD DCs
 "boc.com/partnernet" in variant "default"
 Build failed! Unknown error
Change request state from PROCESSING to FAILED
ERROR! The following problem(s) occurred during request processing:
ERROR! The following error occurred during request processing:build controller process has terminated. cannot proceed with build
build controller process has terminated. cannot proceed with build
REQUEST PROCESSING finished at 2007-12-19 12:16:27.917 GMT and took 16 s 671 ms
Regards

Hi Sumit,
thanks for the quick reply. I get only these lines when i execute webservice.
500 Internal Server Error
Application error occurred during request processing
 Details: com.sap.engine.services.webservices.wsnavigator.WSNavigatorException: null
 Exception id: [0016355ABDF800580000016F00002C7800043D23C1985713]
If required i can send my code...
thanks,
sudhir.

Problem in AD Group membership Insert Error "Response: CURRENT_ATTRIBUTES"

Hi all,
I am using Oracle Identity and Access Management 11g (11.1.1.5.0) with Weblogic 10.3.5 and apply patch -11.1.1.5.4. I have install AD Connector (activedirectory-11.1.1.5.0) and recon Group, OU and Users as a target source Successfully. When I tried to provision user in AD user is provisioned successfully but got following error message in Group membership Insert.
Task Name - Group membership Insert
Resource Name: AD User
Description:
User: Test User 10 [?TESTUSER10?]
Status: Rejected
Response: CURRENT_ATTRIBUTES
Response Description: Unknown response received
Notes:
Assigned to User : System Administrator[?XELSYSADM?]
Error Details
Setting task status... "CURRENT_ATTRIBUTES" does not correspond to a known Response Code. Using "UNKNOWN".
Schedule Detail
Projected Start: November 7, 2012 6:14:47 PM Projected End: November 7, 2012 6:14:47 PM
Actual Start: November 7, 2012 6:14:47 PM Actual End: November 7, 2012 6:14:48 PM
Last Update: November 7, 2012 6:14:48 PM
Back to Resource Provisioning Details
OIM LOG
Running UPDATECHILDTABLEVALUES
Target Class = oracle.iam.connectors.icfcommon.prov.ICProvisioningManager
<ObjectClassInfos>
<ObjectClassInfo type='Group' container='false' embedded='false'>
</optionsByOperation>
</Schema>
java.lang.reflect.InvocationTargetException
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCUPDATECHILDTABLEVALUES.UPDATECHILDTABLEVALUES(adpADIDCUPDATECHILDTABLEVALUES.java:111)
 at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCUPDATECHILDTABLEVALUES.implementation(adpADIDCUPDATECHILDTABLEVALUES.java:56)
 at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
 at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
 at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2917)
 at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:547)
 at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
 at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
 at com.thortech.xl.ejb.beansimpl.tcProvisioningOperationsBean.retryTasks(tcProvisioningOperationsBean.java:4042)
 at Thor.API.Operations.tcProvisioningOperationsIntfEJB.retryTasksx(Unknown Source)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
 at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
 at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
 at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
 at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
 at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
 at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
 at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
 at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
 at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
 at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
 at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
 at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
 at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
 at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
 at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
 at $Proxy348.retryTasksx(Unknown Source)
 at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
 at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
 at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.retryTasksx(Unknown Source)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
 at $Proxy172.retryTasksx(Unknown Source)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
 at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
 at $Proxy347.retryTasksx(Unknown Source)
 at Thor.API.Operations.tcProvisioningOperationsIntfDelegate.retryTasks(Unknown Source)
 at com.thortech.xl.webclient.actions.ResourceProfileProvisioningTasksAction.retryTasks(ResourceProfileProvisioningTasksAction.java:702)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
 at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
 at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
 at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
 at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
 at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
 at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
 at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
 at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
 at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
 at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
 at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
 at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
 at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
 at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
 at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
 at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
 at java.security.AccessController.doPrivileged(Native Method)
 at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
 at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
 at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
 at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
 at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
 at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
 at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
 at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
 at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
 at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
 at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: java.lang.NoSuchFieldError: CURRENT_ATTRIBUTES
 at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.getCurrentAttributes(ICProvisioningManager.java:408)
 at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.updateChildTableValues(ICProvisioningManager.java:485)
 ... 104 more
com.thortech.xl.dataobj.util.tcAdapterTaskException: CURRENT_ATTRIBUTES
 at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCUPDATECHILDTABLEVALUES.UPDATECHILDTABLEVALUES(adpADIDCUPDATECHILDTABLEVALUES.java:117)
 at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCUPDATECHILDTABLEVALUES.implementation(adpADIDCUPDATECHILDTABLEVALUES.java:56)
 at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
 at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
 at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2917)
 at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:547)
 at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
 at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
 at com.thortech.xl.ejb.beansimpl.tcProvisioningOperationsBean.retryTasks(tcProvisioningOperationsBean.java:4042)
 at Thor.API.Operations.tcProvisioningOperationsIntfEJB.retryTasksx(Unknown Source)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
 at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
 at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
 at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
 at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
 at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
 at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
 at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
 at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
 at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
 at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
 at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
 at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
 at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
 at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
 at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
 at $Proxy348.retryTasksx(Unknown Source)
 at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
 at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
 at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.retryTasksx(Unknown Source)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
 at $Proxy172.retryTasksx(Unknown Source)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
 at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
 at $Proxy347.retryTasksx(Unknown Source)
 at Thor.API.Operations.tcProvisioningOperationsIntfDelegate.retryTasks(Unknown Source)
 at com.thortech.xl.webclient.actions.ResourceProfileProvisioningTasksAction.retryTasks(ResourceProfileProvisioningTasksAction.java:702)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
 at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
 at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
 at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
 at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
 at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
 at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
 at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
 at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
 at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
 at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
 at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
 at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
 at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
 at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
 at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
 at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
 at java.security.AccessController.doPrivileged(Native Method)
 at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
 at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
 at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
 at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
 at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
 at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
 at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
 at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
 at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
 at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
 at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Hello
1. Download the latest version of Connector Server.
2. Stop OIM
3. Take from Connector Server Distr:
connector-framework.jar
connector-framework-internal.jar
to
$XEL_HOME\apps\oim.ear\APP-INF\lib
$XEL_HOME\ext\internal
4. Delete temporary cached libs from:
$DOMAIN_HOME\servers\$WEBLOGIC_NAME\tmp\_WL_user\oim_11.1.2.0.0\*
5. Start OIM-server
Записки на полях внедрения: java.lang.NoSuchFieldError: CURRENT_ATTRIBUTES

Group membership alterations timeout

Hello,
I've imported about 100 security groups with their members from AD to FIM and have altered precedence so that FIM now manages these groups. I want to change the groups to criteria based membership and have successfully done so in a number of cases,
however I am finding that groups with more than apx. 700 members are causing an error in the portal.
Event viewer says that the diagnostic log may contain more information but it does not. It also suggests checking the SharePoint log but unfortunately I have been unable to find an appropriate log.
I've had this error occur before in similar circumstances and my guess is that there is some sort of timeout cancelling the operation.
Does anyone know of a fix for this? Is there a way to empty the group memberships?
Many thanks
Portal error:
"Unable to process your request. Please contact your help desk or system administrator."
Event viewer:
"The portal was unable to complete a request and showed a user the default error page.
An unhandled exception was caught.
Check the product diagnostic log file and then check the SharePoint log file."

Hello FIM-EN,
You probably have a timeout issue. Tyr to increase the value in the file "C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.ResourceManagement.Service.exe.config":
/configuration/ resourceManagementClient/ @timeoutInMilliseconds
[0,360000]
90,000
The timeout of the client side of communication.
link:
http://technet.microsoft.com/en-us/library/ff800821%28v=ws.10%29.aspx
Regards,
Sylvain

AD group membership details during request

Similar Messages

Maybe you are looking for