CUCM 8.6.2 and AD LDAP SYNC

We have an issue where we can loging and sync all users but then we can not log in as those users. We are trying to reserach whether this is related to the LDAP user rights, firewall, etc. Any ideas? Thanks!

Chris:
Thanks for the input. We do have the LDAP configured, we are using LDAPS. It is looking like port 636 form the CUP server is trying to reach out to the AD server so we are opening up that port to test if that is out issue. 636 is open from CUCM to AD but not CUP to AD.
TD

Similar Messages

CUCM 8.6.2 LDAP User Delete Pending LDAP Sync Status Inactive

BE6K ver 8.6.2
Client has a user who recently got married. They changed her account information in Active Directtory to reflect her new last name. At that point CUCM shows her as
Delete Pending
LDAP Sync Status Inactive
CUC shows
LDAP User has been deleted.
The user still exists in both CUC and CUCM and is actively takign and receiving calls. User has VM access.
Shorrt of deleting the user in AD and recreating her, is there a way to force this to re-sync?
Thanks
Matt

Then that's expected to happen, for all purposes to CUCM/CUC eyes, msmith no longer exists and will be deleted, and a new user mjones now will be imported.
Depending on when the change was done and when CUCM detected this, it might take up to 48 hours maximum to delete the user
You'll need to associate everything to the new user, and also add that new user into CUC.
Or switch back her userID to the old one, and just change the surname for directory purposes.
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk

Problem OIM OID Ldap Sync Configuration in 11g.

Hi Team,
I am doing OIM and OID LDAP Sync configuration There It is failed in "Configuration Process" Step.
and also in weblogic OIM Maganaged server in ADMIN mode not in running mode.
please find the both logs.
*********************************Weblogic Logs**********************************************
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
<28-Sep-2012 14:07:44 o'clock BST> <Info> <Management> <BEA-141107> <Version: We
bLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
<28-Sep-2012 14:07:47 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STARTING>
<28-Sep-2012 14:07:47 o'clock BST> <Info> <WorkManager> <BEA-002900> <Initializi
ng self-tuning thread pool>
<28-Sep-2012 14:07:48 o'clock BST> <Notice> <Log Management> <BEA-170019> <The s
erver log file E:\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim
server1\logs\oimserver1.log is opened. All server side log events will be writ
ten to this file.>
28-Sep-2012 14:07:56 oracle.security.am.common.nap.util.NAPLogger log
SEVERE: Failed to communicate with any of configured Access Server, ensure that
it is up and running.
<28-Sep-2012 14:07:57 o'clock BST> <Notice> <Security> <BEA-090082> <Security in
itializing using security realm myrealm.>
<28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STANDBY>
<28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STARTING>
<28-Sep-2012 14:08:20 o'clock BST> <Warning> <oracle.jps.upgrade> <JPS-06003> <C
annot migrate credential folder/key ADF/anonymous#oimBpelCredKey.Reason oracle.s
ecurity.jps.service.credstore.CredentialAlreadyExistsException: JPS-01007: The c
redential with map ADF and key anonymous#oimBpelCredKey already exists..>
<28-Sep-2012 14:08:21 o'clock BST> <Warning> <oracle.adf.share.ADFContext> <BEA-
000000> <Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic initializati
on is performed improperly.
This message may be avoided by performing initADFContext before using getCurrent
To see the stack trace for thread that is initializing this, set the logging lev
el of oracle.adf.share.ADFContext to FINEST>
<28-Sep-2012 14:08:24 o'clock BST> <Error> <Deployer> <BEA-149205> <Failed to in
itialize the application 'oim [Version=11.1.1.3.0]' due to error oracle.iam.plat
form.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
pInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
un(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
rAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
Caused By: oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
pInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
un(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
rAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
>
<28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
ttribute was not found in element application in the deployment descriptor in E:
\Oracle\Middleware\Oracle_IDM1\server\apps\spml-xsd.ear/META-INF/application.xml
. A version attribute is required, but this version of the Weblogic Server will
assume that the JEE5 is used. Future versions of the Weblogic Server will reject
descriptors that do not specify the JEE version.>
<28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
ttribute was not found in element application in the deployment descriptor in E:
\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim_server1\tmp\_WL_
user\spml-xsd\s8d2b9/META-INF/application.xml. A version attribute is required,
but this version of the Weblogic Server will assume that the JEE5 is used. Futur
e versions of the Weblogic Server will reject descriptors that do not specify th
e JEE version.>
<28-Sep-2012 14:08:24 o'clock BST> <Emergency> <Deployer> <BEA-149259> <Server '
oim_server1' in cluster 'OIM_Cluster' is being brought up in administration stat
e due to failed deployments.>
Loading xalan.jar for XPathAPI.
14:08:30 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] -
----------------- NEXAWEB SERVER LICENSE ------------------
- Customer ID : 122
- License type : Enterprise
- Max unique IPs : unlimited
- Max XUL sessions : unlimited
- Max CPUs/server : unlimited
- Clustering allowed : true
- Expiration date : none
Nexaweb Technologies Inc.(C)2000-2004. All Rights Reserved.
Nexaweb Technologies Inc.
10 Canal Park
Cambridge, MA 02141
Tel: 617.577.8100. Email: [email protected]
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Clustering is OFF.
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Servlet Engine: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PD
T 2011 1398638 Oracle WebLogic Server Module Dependencies 10.3 Thu Mar 3 14:37:5
2 PST 2011 Oracle WebLogic Server on JRockit Virtual Edition Module Dependencies
10.3 Thu Feb 3 16:30:47 EST 2011
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Servlet API Version: 2.5
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Nexaweb Server Info = Nexaweb Server 3.3.1072
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Nexaweb Server initialized successfully.
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Log Management> <BEA-170027> <The S
erver has established connection with the Domain level Diagnostic Service succes
sfully.>
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000197> <Listening fo
r announcements from cluster using unicast cluster messaging>
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000133> <Waiting to s
ynchronize with other running members of OIM_Cluster.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[2]" is now listening on 127.0.0.1:14000 for protocols iiop, t3, CLUSTER-BROA
DCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[3]" is now listening on 0:0:0:0:0:0:0:1:14000 for protocols iiop, t3, CLUSTE
R-BROADCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[1]" is now listening on fe80:0:0:0:0:5efe:a2f:f22a:14000 for protocols iiop,
t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Warning> <Server> <BEA-002611> <Hostname "UK
SHWTOAP03A.skandia.co.uk", maps to multiple IP addresses: 10.47.242.42, 0:0:0:0:
0:0:0:1>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult" is now listening on 10.47.242.42:14000 for protocols iiop, t3, CLUSTER-BROA
DCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000330> <Start
ed WebLogic Managed Server "oim_server1" for domain "IAM_domain" running in Prod
uction Mode>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to ADMIN>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000360> <Serve
r started in ADMIN mode>
**********************************OIM OID Ldap Sync Configuration Logs****************************
[2012-09-28T14:49:11.171+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Updating Ldap Sync Configuration
[2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] ENTRY
[2012-09-28T14:49:11.171+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] Create the Database connection
[2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: createDBConnection] ENTRY
[2012-09-28T14:49:11.296+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] isLIBOVD:true
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] ENTRY
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] RETURN
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
[2012-09-28T14:49:11.312+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
Updated LDAP Server Details in mds schema
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
[2012-09-28T14:49:11.812+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [OIM_CONFIG] Updated LDAPContainerRules.xml.
[2012-09-28T14:49:11.812+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: mdsMetadata] [SRC_METHOD: loadEventhandler] RETURN
[2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Created jobs using seedSchedulerData. Log location C:\Program Files\Oracle\Inventory\logs
[2012-09-28T14:49:14.687+01:00] [as] [ERROR] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] File not found[[
java.io.FileNotFoundException: File not found
     at java.util.zip.ZipFile.open(Native Method)
     at java.util.zip.ZipFile.<init>(ZipFile.java:117)
     at java.util.jar.JarFile.<init>(JarFile.java:135)
     at java.util.jar.JarFile.<init>(JarFile.java:72)
     at oracle.as.install.oim.config.util.RoleSODJarUtil.updateFile(RoleSODJarUtil.java:32)
     at oracle.as.install.oim.config.OIMConfigManager.configureOIM(OIMConfigManager.java:783)
     at oracle.as.install.oim.config.OIMConfigManager.doExecute(OIMConfigManager.java:538)
     at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:335)
     at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:87)
     at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:104)
     at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
     at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:63)
     at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:158)
     at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
     at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:83)
     at java.lang.Thread.run(Thread.java:662)
[2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Failed configuration step Configure OIM Server
[2012-09-28T14:49:14.702+01:00] [as] [ERROR] [] [oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] One or More configurations failed. Exiting
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:CONFIG
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INTERVIEW
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INSTALL
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:COPY
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:LINK
[2012-09-28T14:49:14.765+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
[2012-09-28T15:11:21.461+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
[2012-09-28T15:11:27.914+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
Regards,
Ravi.

Your log files too give some hint... Please verify whether following files like .xldatabasekey are present in your environment:-
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
I doubt whether OIM is properly installed in your environment otherwise .xldatabasekey would have been present in <DOMAIN_HOME>/config/fmwconfig..
Also, as far as Weblogic starting in ADMIN mode is concerned, you may try to do the following...
ps -eaf| grep AdminServer
Kill the process
Then remove the lok file. i.e. Lock files...
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/oim_server1/tmp/*oim_server1.lok*
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/soa_server1/tmp/*soa_server1.lok*
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/AdminServer/tmp/*AdminServer.lok*
After that
Take the backup of /home/oracle/Oracle/Middleware/user_projects/domains/<DOMAIN_HOME>/servers/AdminServer/data/ldap/ldapfiles (I mean CUT this folder and save it in Backup folder..
Share the result with us....

[CUC] Convert Subscriber from AXL CCM User to LDAP Sync User

I want to know if it's supported, and if so, how, to convert from AXL to LDAP when talking about subscribers in Unity Connection.
I have found this post, which asks the question, but does not actually "convert", as it requires deleting and re-creating.
https://supportforums.cisco.com/message/4044114#4044114
I want to know about a true conversion. As you do when you go from a local CUC subscriber to an LDAP Synced subscriber.
I have tried using the store procedure: csp_subscribermodify, supplying the following params: pobjectid = the object id, palias = my AD user ID, pldapccmuserid = my AD user ID, pldaptype = 3, pccmid = null, and pccmidtype = 0.
While the stored procedure looks like it worked, the web page for the subscriber looks a bit odd. The alias changed, and the ldap sync status changes, but the normally greyed out fields, like alias, are still editible. Also, none of the other LDAP attributes sync. So, I'm convinced it didn't actually work.
What am I missing to make this work? Thanks.
PS Jeff, if you see this, I enjoy your training videos. "Easy Peasy!"
Anthony Holloway

Hi Anthony-
Check out my answer to this thread:
https://supportforums.cisco.com/message/3963782#3963782
Please remember to rate helpful responses and identify helpful or correct answers.

Impossible to create LDAP SYNC user on CUCM with Prime Collab Provisioning

Hello,
Previously, I use Prime Provisionning to create and provision services for static users, it works.
For the same Customer, CUCM and Unity user are now imported from LDAP.
I add the changes in Provisioning processors (LDAP Auth + Sync).
At this time, it's impossible to create new users on CUCM from Provisioning !
Here is my procedure :
- I do a LDAP sync on prime to detect my new AD user.
- I select it and provision services to push on CUCM
- Orders stuck in being provisioned state...
On the CUCM, the user doesn't appear at all.
Is something wrong in my method ?
Do I need to make a LDAP sync on the CUCM to import users, next user synchro on processor in Prime, then edit user ?
Thanks

Clement,
I suspect you have LDAP sync turned on in CUCM. If CUCM is set to sync and does not already have the userID in it's database it will reject a user add.
This is a recognized problem with having both products set to sync. There are some solutions:
Always sync CUCM before you sync Prime Collaboration Provisioning (PCP). This way the new user will already be in CUCM and then will accept a provisioning order from PCP. The frequency of LDAP sync on CUCM will determine how often PCP can push new users to CUCM.
If PCP tries to provision a user but it is rejected by CUCM, provisioning will attempt to send it for 24 hours. There is an assumption that CUCM will sync daily so at some point CUCM will get the userID and then when PCP tries to provision, it will be accepted.
Use the latest CUCM 10.5(x) with a patch that provides the Authenticate Only setting setting. You will have to check with TAC or CUCM Marketing/TMEs for more information. In this case, CUCM will authenticate admins and Jabber clients against AD, but will take users from PCP immediately. The CUCM eng/marketing team has recommended we move away from syncing CUCM when PCP is doing the syncing from AD. CUCM does not need to sync when PCP is present. This eliminates the race condition between which app synced first.
Regards

OIM and ldap sync

I am using OIM 11gR2 and OID 11.1.1.6. Users and groups will be in OID, and OIM is
required to do the provisioning of users. Plan is to use ldap sync between oid and oim.
With ldap sync, all users will be available in OIM. And then in OIM can one do the
provisioning of users. Is this approach ok? Or should we have OID connector? Or both?

You can use LDAP Sync between OIM and OID. You dont need OID connector in this case.
More here...
Why would you use the LDAP Sync instead of the OID Connector?
http://fusionsecurity.blogspot.com/2012/01/oim-11g-ldap-synchronization.html

OIM-OAM integration and LDAP Sync

Hello All, I have deployed OIM 11g R2 and OAM/OVD 11.1.1.5. Now I need to enable LDAP sync for OIM-OAM integration and I'm not allowed to extend Oracle schema in AD. So I decided to use OUD for FMW schema and I have completed all those steps and OUD is up and running. Since my enterprise directory is AD and OUD is my FMW directory, I need to think of a split profile setting in OVD. I'm following this link http://fusionapplications-ateam.blogspot.com/2012/04/split-profiles-with-ad-and-oid-for.html for this deployment. I have OVD adapters configured for AD, OUD, Join view and changelog. The link does not clearly explain the steps in OIM for LDAP Sync.
When I configure LDAP Sync in OIM, should I point the sync to the OUD users container?
When and how this cn=shadowentries container will be used? I understand that the password (obattributes) are used for password management by OAM, but wondering where will that get stored in OUD?
Please let me know your thoughts.
Thanks.

Hi,
when I use url:
http://idm1:14000/admin/faces/pages/Admin.jspx
I get Access Manager login page, I can click links: register new user, reset password and I get correct OIM pages. But when I type xelsysadm and password I get error on the next page:
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
I can't logon to EM, OAMconsole, Weblogic etc. when the OAM is running. In OIM log I got errors from oam-agent: "User is not authorized to access resource, MinorCode: DENY, MajorCode: DENY".
I have got user xelsysadm in OIM and in LDAP, when the OAM is not running I can login to OIM, create users in OIM (they appear in OID) etc. The user xelsysadm is added to group: OAMAdministrators. Also when I try to logon to OAM console (http://idm1:7001/oamconsole) using orcladmin name I get error: Access to administration console is restricted. But when I use weblogic username (the user is in OAMAdministrators group in OID) i can get OAMconsole.
How can I change logon type in OIM?
best
mp
Edited by: J23 on 2011-01-10 00:47

Error in Ldap sync with OIM 11gr2 and OID

Hi,
I am trying to sync OIM 11g r2 with OID using Ldap sync option. While creating a user or role I am facing this error
IAM-2050243 : Orchestration process with id 930, failed with error message IAM-3010201 : LDAP create event failed : Error: NO_SUCH_OBJECT null.
Help required,
Thanks

Any suggestions...

CUCM 6.1 DirSync and CUCM trash collector program

If I turn on DirSync and CUCM syncs LDAP data to CUCM but I then turn off DirSync before the trash collector program runs will my original user data be there in the CUCM corp directory?

Peter,
Right on.
So what you are saying is that if I enable DirSync and allow the sync to happen and I don't like the results I can disable DirSync before the garbage collector program runs and my original CUCM User database data will be available again?
The main thing I was trying to determine is if DirSync is enabled and the actual sync process happens does it permanently alter my CUCM User database at that point even before the garbage collector program runs.
Somebody pointed me to the correct documentation for "Cisco Unified Communications Solution Reference Network Design (SRND)
Based on Cisco Unified Communications Manager Release 6.x"
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/6x/uc6_0.html
It includes some really thorough information on LDAP Directory Integration.
I am currently reading through the details.
Man I wish I had found this from the start it would have saved me a lot of time and questions! :)

Error while importing : /metadata/iam-features-ldap-sync/LDAPUser.xml

Hi,
I am unable to import modified Oracle Identity Manager metadata. I am using OIM 11.1.1.5 on Windows Server 2007 EE.
I am trying to use the import/export functionality via EM.
I am able to export the LDAPUser.xml file from */metadata/iam-features-ldap-sync/LDAPUser.xml,* have made changes to it but when I am importing it back I am getting the error :
Error occurred while executing operation.
MDS-00001: exception in Metadata Services layer
MDS-01059: document with the name /metadata/iam-features-ldap-sync/LDAPUser.xml missing in the source metadata store
The values of the parameters in the import MDS operations are :
fromLocation : E:/MDS/import/ +(On the physical server hosting the OIM)+
docs : */metadata/iam-features-ldap-sync/LDAPUser.xml*
restrictCustTo:
excludeAllCust: false
excludeBaseDocsan : false
excludeExtendedMetadata : false
cancelOnException : true
I have tried using the command line script as well, It runs without a hitch but when I try and import back, it gives me the same old unedited document.
Has anyone been successful with this approach ?
Regards,

Yes, I have. But still the same issue. It seem to run fine using the weblogicImportmetadata.bat fine but when I export and check the updated file, I still get back the original.
Here's what I get on runnung the weblogicImportmetadata.bat file
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Starting import metadata script ....
Please enter your username :weblogic
Please enter your password :
+Please enter your server URL [t3://localhost:7001] :t3://localhost:7001+
Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'OIM
+1'.+
Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.
Location changed to domainRuntime tree. This is a read-only tree with DomainMBea
n as the root.
For more help, use help(domainRuntime)
Disconnected from weblogic server: AdminServer
End of importing metadata script ...
Exiting WebLogic Scripting Tool.
C:\Oracle\Middleware1\Oracle_IDAM\server\bin>
Edited by: 810367 on Aug 21, 2012 6:45 PM

Error while exporting metadata file /iam-features-ldap-sync/LDAPUser.xml

Hi All,
i am trying to export /iam-features-ldap-sync/LDAPUser.xml metadata file with the weblogic properties mentioned below
# Weblogic Server Name on which OIM application is running
wls_servername=oim_server1
# If you are importing or exporting any out of box event handlers, value is oim.
# For rest of the out of box metadata, value is OIMMetadata.
# If you are importing or exporting any custom data, always use application name as OIMMetadata.
application_name=OIMMetadata
# Directory location from which XML file should be imported.
# Lets say I want to import User.xml and it is in the location /scratc/asmaram/temp/oim/file/User.xml,
# I should give from location value as /scratc/asmaram/temp/oim. Make sure no other files exist
# in this folder or in its sub folders. Import utility tries to recursively import all the files under the
# from location folder. This property is only used by weblogicImportMetadata.sh
metadata_from_loc=@metadata_from_loc
# Directory location to which XML file should be exported to
metadata_to_loc=D:/MDS
# For example /file/User.xml to export user entity definition. You can specify multiple xml files as comma separated values.
# This property is only used by weblogicExportMetadata.sh and weblogicDeleteMetadata.sh scripts
metadata_files=/metadata/iam-features-ldap-sync/LDAPUser.xml
# Application version
application_version=11.1.1.3.0
i get the following error
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Starting export metadata script ....
Please enter your username [weblogic] :weblogic
Please enter your password [welcome1] :
Please enter your server URL [t3://localhost:7001] :t3://hostname:7001
Connecting to t3://hostname:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'OIMDOMAIN'.
Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.
Location changed to domainRuntime tree. This is a read-only tree with DomainMBea
n as the root.
For more help, use help(domainRuntime)
Problem invoking WLST - Traceback (innermost last):
File "C:\Oracle\Middleware\Oracle_IDM1\server\bin\weblogicExportMetadata.py";,
line 22, in ?
File "C:\Oracle\MIDDLE~1\ORACLE~1\common\wlst\mdsWLSTCommands.py";, line 134, i
n exportMetadata
File "C:\Oracle\MIDDLE~1\ORACLE~1\common\wlst\mdsWLSTCommands.py";, line 568, i
n executeAppRuntimeMBeanOperation
File "C:\Oracle\MIDDLE~1\ORACLE~1\common\wlst\mdsWLSTCommands.py";, line 538, i
n getMDSAppRuntimeMBean
UserWarning: MDS-91002: MDS Application runtime MBean for "OIMMetadata" is not available. "exportMetadata" operation failure.
i have exported these files multiple times, it never gave an errror, but this time i see this error, please help.
Thanks in advance

Glad that worked.
Working with MDS, another way is to use the EM console for exporting/importing data from/to MDS. This I find lot easier rather than working with the OOTB script.
Steps are:
http://ADMINSTRATION_SERVER/em
Navigate to Identity and Access, oim. Right-click and navigate to System MBean Browser.
Under Application Defined MBeans, navigate to oracle.mds.lcm, Server:oim_server1, Application:oim, MDSAppRuntime.
To export the configuration files:
•     Click the Operations tab, and then click exportMetaData.
•     In the toLocation field, enter /tmp or the name of another directory.
•     Select createSubDir as false.
•     In the docs field, enter the complete file location as the Element.
•     Also select false for excludeAllCust, excludeBaseDocs, and excludeExtendedMetadata. Then, click Invoke.
This exports the file specified in the docs field to the directory specified in the toLocation field.
To import the configuration files:
•     Click importMetaData
•     In the fromLocation field, enter /tmp or the name of the directory in which you have the configuration files.
•     Select createSubDir as false.
•     In the docs field, enter the complete file location as the Element. For example, /db/oim-config.xml.
•     Also select false for excludeAllCust, excludeBaseDocs, and excludeExtendedMetadata. Then, click Invoke.
This imports the file specified in the docs field to MDS in the toLocation field.
HTH

Role creation in OIM 11.1.1.5.0 fails with LDAP Sync Enabled

I am in the process of configuring LDAP sync for OIM 11.1.1.5.0 with ODSEE.
At this time, when I add a user in OIM, I can see that the user gets created in LDAP under the LDAP dn that I supplied when configuring OIM (Configuration process screen name = "LDAP Server Continued", field name = "LDAP User Container")
However when I try to add a role in OIM, the call fails. OIM server logs have the following exception message:
<Jul 14, 2011 1:21:52 PM EDT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
<Jul 14, 2011 1:21:53 PM EDT> <Error> <oracle.iam.platform.entitymgr.provider.ldap> <IAM-0042002> <An error occurred while creating the entity in LDAP, and the corresponding error is - {0}
javax.naming.NameNotFoundException: Error: NO_SUCH_OBJECT
null [Root exception is oracle.ods.virtualization.service.VirtualizationException]
at oracle.ods.virtualization.jndi.OVDUtil.mapErrorCode(OVDUtil.java:151)
at oracle.ods.virtualization.jndi.OVDContext.createSubcontext(OVDContext.java:512)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:183)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.createSubcontext(LDAPUtil.java:1045)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.create(LDAPDataProvider.java:487)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:291)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:239)
at oracle.iam.ldapsync.impl.eventhandlers.role.RoleCreateLDAPHandler.create(RoleCreateLDAPHandler.java:128)
at oracle.iam.ldapsync.impl.eventhandlers.role.RoleCreateLDAPHandler.execute(RoleCreateLDAPHandler.java:46)
at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:898)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:634)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:664)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:435)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:381)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:334)
at oracle.iam.identity.rolemgmt.impl.RoleManagerImpl.create(RoleManagerImpl.java:188)
at oracle.iam.identity.rolemgmt.api.RoleManagerEJB.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
Any idea whats going on?
When configuring OIM, I provided a value for the "LDAP Role Container" as "ou=Groups,dc=mycompany,dc=com". The docs shown an example of "cn=groups, dc=mycountry, dc=com" (see http://download.oracle.com/docs/cd/E21764_01/install.1111/e12002/oidonly.htm#CDDDIAIC, step 18). Could this difference in container type be causing this problem?
Any idea where OIM stores this container information if I wanted to test ldap sync with the different roles container?
Thanks
Aspi Engineer
Putnam Investments

Aspi,
OIM keeps its ldap config under "$IDM_HOME/server/ldap_config_util" as "ldapconfig.props"
Thanks,
Sandeep Gupta

Error while doing the Ldap sync for UDFs

Hi All,
I am doing LDAP sync for UDFs,
Created users in OID.
assigned to orclIDXPerson object modified the ldapconfig.props and created the input file.
Now I am running the ldapsyncudf.sh then I getting the below error.
Exception in thread "main" java.lang.NullPointerException
at oracle.ods.virtualization.schema.AttributeTypeDefinition.getOID(AttributeTypeDefinition.java:117)
at oracle.ods.virtualization.jndi.OVDSchemaContext.convertAttrDefnToJNDIAttrs(OVDSchemaContext.java:655)
at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:137)
at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:109)
at oracle.iam.configservice.impl.LDAPUDFSyncImpl.isAttrExistsInLDAP(LDAPUDFSyncImpl.java:555)
at oracle.iam.configservice.impl.LDAPUDFSyncImpl.validateOVDSchema(LDAPUDFSyncImpl.java:519)
at oracle.iam.configservice.impl.LDAPUDFSyncImpl.addUDFwithLDAP(LDAPUDFSyncImpl.java:1082)
at oracle.iam.configservice.api.LDAPUDFSyncEJB.addUDFwithLDAPx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy631.addUDFwithLDAPx(Unknown Source)
can anyone please unblock me.
Thanks,
Valli

Hi,
Please see if these help (for 11gR2)
Export the LDAPUser.xml file from MDS using weblogicExportMetatdata.bat. This xml contains the attributes mapping between OIM and OID for LDAP synchronization.
Include the entry for OIM attribute (if entry does not exist for the attribute in the XML) under entity-attributes node. For e.g. use the following xml snippet to add the entry for ISD Code for Phone attribute
<entity-attributes><attribute name=”ISD Code for Phone”> <type>string</type> <required>false</required> <attribute-group>Extended </attribute-group> <searchable>true</searchable> </attribute> </entity-attributes>
Include the entry for OID attribute under target-fields node. For e.g. use the following xml snippet to add the entry for CountryCode
<target-fields><field name=”CountryCode”><type>String</type> <required>false</required> </target-fields>
Now map the OIM attribute with the OID attribute using the following xml snippet under attribute-maps node
<attribute-maps><attribute-map> <entity-attribute> ISD Code for Phone </entity-attribute> <target-field>CountryCode</target-field> </attribute-map></attribute-maps>
Save the changes and import the file back into MDS using WebLogic import utilities.

How setup LDAP Sync After Install in OIM 11g ver, 11.1.1.5.0

Hi guys, I'm trying to find how to setup LDAP Sync After Install in OIM 11g (ver, 11.1.1.5)....
I found on Metalink an interesting article "*How to Setup LDAP Sync After Install in OIM 11g [ID 1272682.1]*", but inside there is a Note that says:
Note: This article is applicable to OIM version 11.1.1.3 only. Steps for 11.1.1.5 are not the same, and product manual has documented steps to setup LDAP sync after install.
So, that the steps for 11.1.1.5 are not the same, it's clear.....
and I tried to look for these steps in the manual:
Oracle® Fusion Middleware Quick Installation Guide for Oracle Identity Management
11g Release 1 (11.1.1)
Part Number E10033-06
but I didn't still find nothing for the specific 11.1.1.5.0 version....only for the 11.1.1.3.0 version
Can anyone help me to find where these steps are ? I need this information as soon as possible ti start the development
Thanks in advance for the help
Alex

If you are creating Before and After Create Opeation script, you would be able to access all the variables in the process form. Now obvious question, what are the names of these variables? The answer is: the name of the variable is same as that mentioned in the "decode" column of the provisioning attribute map lookup or in other words, the variable name is same as the AD attribute name. In the example mentioned in the documentation, the variable "%givenName% was used in the script. On the similar lines you can use other variables like "sn", "samAccountName", etc.
Hope the information helps.

Ldap Sync: User is not able to create in Active Directory through OIM

Hi ,
I have enabled the ldap sync between OIM and Active Directory.
Option 1: with password
While creating the new user in OIM , I am getting the below error .
80eeb34d89d5ed80:18bc05bb:1403be9d7e6:-8000-000000000008f710,0] [APP: oim#11.1.2.0.0] Could not modify entry.[[
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
remaining name 'cn=ADTESTLDAp10F ADTESTLDAp10LL,cn=Users,dc=cgtest,dc=adtest,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1458)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:153)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.modify(ConnectionHandle.java:301)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.modify(BackendJNDI.java:781)
[2013-08-04T17:06:58.840-07:00] [oim_server1] [ERROR] [OVD-60600] [oracle.ods.virtualization.engine.util.ADUtilities] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 80eeb34d89d5ed80:18bc05bb:1403be9d7e6:-8000-000000000008f710,0] [APP: oim#11.1.2.0.0] Cannot set password : LDAP Error 53 : [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0[[
Looks like password is not able to set properly. But I am able to create the same user in AD using the same password.
Option 1: without password
Another testing, I have also tried to create user without password. There is no error coming to log file. and I am able to see the below message in log file
oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPPreProcessHandler] [APP: oim#11.1.2.0.0] [SRC_METHOD: createUser] User created in LDAP with GUID 9dc8f6f4b8564216a5d75d86f7cad0a2
But user is not created in AD . this is another issue.
Thanks,
Amit

Thanks for your reply.
I have seen sample xml and my target looks the same
<wlserver dir="${weblogic.domain.dir}"
                         port="${weblogic.domain.admin.server.port}"
                         servername="${weblogic.domain.admin.server.name}"
                         username="${weblogic.domain.admin.user}"
                         domainname="${weblogic.domain.name}"
                         password="${weblogic.domain.admin.password}"
                         configFile="config.xml"
                         generateConfig="true"
                         action="start"
                         beahome="${env.BEA_HOME}"/>
my requirement is to use ant task.. otherwise I am able to create through configuration wizard
Thanks

CUCM 8.6.2 and AD LDAP SYNC

Similar Messages

Maybe you are looking for