OID - AD, Mapping OU's

Two questions about mapping OID users to AD OU's.
1. Can DIP create new AD OU's dynamically?
2. How can I create one DIP mapping for users to take into account many AD OU's?
Our OID is very flat, but AD has many OU's. In our picture of the world as academic depts, our OU's == ERP Dept assigned, from a DB. So in theDB Import mapping, OID is made to look like, DB_DEPARTMENT: : : :ou: :organizationalunit
So OID is aware of the OU a user "should be" assigned in AD, but how do I translate that into a new dynamic OU on AD, and furthermore, how do I create a single mapping to accomodate users moving between those OU's without creating a DIP mapping for every single OU?
It seems I can use the "Connected Directory Matching Filter" in the DIP Profile (integration configuration of oidadmin) to find the user anywhere in AD, but the mapping wants a specific DN to land the user in...
My current experiment looks something like:
Relevant Profile stuff:
Connected Directory Matching Filter == SAMAccountName
OID Matching Filter ==modifiersname!=orclodipagentname=OIDtoADImport,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory
employeeType=STAFF || employeeType=FACULTY
Relevant OIDtoAD.map stuff:
DomainRules
cn=Users,dc=usu,dc=edu:OU=Administered_OUs,DC=aggies:CN=%,OU=Administered_OUs,DC=AGGIES
AttributeRules
# Organizational Unit Mapping
ou: : :organizationalunit:ou: : organizationalunit
The DomainRules of course land everyone in the OU=Administered_OUs,DC=aggies, but I need it to create or modify dynamic OU's inside OU=Administered_OUs,DC=aggies. Then insert all the users in OU=[dynamicOU],OU=Administered_OUs,DC=aggies
Any thoughts or ideas?

Good afternoon, did anybody solve this problem?

Similar Messages

  • OID connector maps User ID to uppercase

    Hi community,
    I'n configuring OID connector as trusted source reconciliation to OIM. In Lookup Definition => AttrName.Recon.Map.OID, I see the default mapping provided by OID connector is that User ID is mapped to cn.
    However, when i run the reconciliation, all User ID values are converted to uppercase. Is there anyway that I can keep the original values of cn?
    Thanks,
    David

    Re: OIM User Login UPPERCASE.

  • AD/OID import mapping not working

    Can you help debug my AD-OID mapping issue? I'm getting the below messages from ActiveChgImp.trc
    Sleeping for 5secs
    LDAP URL : (:0 cn=akloas1,ou="Service Accounts",OU=Users,OU=Managed-Objects,dc=corrections,dc=govt,dc=nz
    Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
    LDAP AuthenticationException javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
    [LDAP: error code 49 - Invalid Credentials]
    Reader initialization failed!
    LDAP URL : (AKLOAS1:389 cn=odisrv+orclhostname=AKLOAS1,cn=registered instances,cn=directory integration platform,cn=products,cn=oraclecontext
    Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
    LDAP Connection success
    Writer Initialised!!
    Writer proxy connection initialised!!
    MapEngine Initialised!!
    Filter Initialised!!
    ActiveChgImp:Error in Mapping EngineODIException: DIP_GEN_AUTHENTICATION_FAILURE
    javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
    at javax.naming.InitialContext.init(InitialContext.java:219)
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:133)
    at oracle.ldap.odip.gsi.LDAPConnector.connectLdap(LDAPConnector.java:301)
    at oracle.ldap.odip.gsi.ActiveChgReader.initialise(ActiveChgReader.java:202)
    at oracle.ldap.odip.engine.AgentThread.readerInitialise(AgentThread.java:390)
    at oracle.ldap.odip.engine.AgentThread.mapInitialise(AgentThread.java:439)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:305)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
    ActiveChgImp:about to Update exec status
    Updated Attributes
    orclodipLastExecutionTime: 20110504153900
    orclodipConDirLastAppliedChgNum: 0
    orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Invalid Credentials
    Updated Attributes
    orclodipLastExecutionTime: 20110504153900
    orclodipConDirLastAppliedChgNum: 0
    orclOdipSynchronizationStatus: Agent Execution Successful, Mapping/IMPORT operation Failure
    orclOdipSynchronizationErrors: Agent Execution Successful, Mapping/IMPORT operation Failure
    Ending Mapping execution.
    -----

    Thanks for the reply. Syncronisation seems to be working.
    From oidadmin I added...
    Connected Directory URL = <AD_server.AD_domainname>:<port>
    After this, the Activechgimp.trc file is showing:
    Updated Attributes
    orclodipLastExecutionTime: 20110505102616
    orclodipConDirLastAppliedChgNum: 63237620
    orclOdipSynchronizationStatus: Synchronization Successful
    orclodipLastSuccessfulExecutionTime: 20110505102616
    ...But I can't see the test account in AD that was added in. It's not being picked up.

  • Custom object class attributes are not provisioning in oID thru OIM

    Hi,
    I have connected OIM with oID user provisioning is also taking place. I have made one custom structure class with some attributes in OID.
    In form designer,in OID usr form i have made feild UD_OID_USR_Custom
    In OId .config lookup i have mentioned that custom class as well as attributes of class[in code Custom in decode name of attribute at target]
    In process form recon mapping of OID i mapped this feild name .
    Also in resource object recon mapping also i mentioned this attribute.
    But while creating user till process form value of attribute is populating and not provisiong that attribute in OID.
    Please tell me where i went wrong or exact steps of mapping in form designer,Process definition,Lookup.OID.configuration,Resource objects.
    Thanks

    process form recon mapping of OID i mapped this feild nameHave you made attribute entry in Provisioning Lookup AttrName.Prov.Map.OID ?
    Have you followed each step :
    http://download.oracle.com/docs/cd/E11223_01/doc.904/e10436/extnd_func.htm#CACICHDH

  • Problem with OID Connector

    I am having a problem with OIM 9.1.0 + OID
    I am install IOM 9.1.0 + Connector OID according to this guide: http://download.oracle.com/docs/cd/E11223_01/doc.904/e10436/deploy.htm , but to create a user via console Xellere see in the logs of my body OC4J the following errors:
    08/09/09 18:45:58 Running GetTargetAttributeMapping
    08/09/09 18:45:58 Running GetProcessData
    ERROR,09 Sep 2008 18:45:58,529,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:User ID
    ERROR,09 Sep 2008 18:45:58,529,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:Password
    ERROR,09 Sep 2008 18:45:58,529,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:Title
    ERROR,09 Sep 2008 18:45:58,529,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:First Name
    ERROR,09 Sep 2008 18:45:58,529,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:Middle Name
    ERROR,09 Sep 2008 18:45:58,529,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:Last Name
    ERROR,09 Sep 2008 18:45:58,529,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:Organization DN
    ERROR,09 Sep 2008 18:45:58,529,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:Department
    ERROR,09 Sep 2008 18:45:58,529,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:Location
    ERROR,09 Sep 2008 18:45:58,529,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:Telephone
    ERROR,09 Sep 2008 18:45:58,530,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:Email ID
    ERROR,09 Sep 2008 18:45:58,530,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:Preferred Language
    ERROR,09 Sep 2008 18:45:58,530,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:Time Zone
    ERROR,09 Sep 2008 18:45:58,530,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:Server Address
    ERROR,09 Sep 2008 18:45:58,530,[XL_INTG.OID],OID:tcUtilAttributeNameMap -> Mapping NOT found for the form field:OID Connector Version
    08/09/09 18:45:58 Running SHOULDUSEXLORG
    08/09/09 18:45:58 Target Class = java.lang.Boolean
    08/09/09 18:45:58 Running SHOULDUSESSL
    08/09/09 18:45:58 Target Class = java.lang.Boolean
    08/09/09 18:45:58 Running CREATEUSER
    08/09/09 18:45:58 Target Class = com.thortech.xl.integration.OID.tcUtilOIDUserOperations
    ERROR,09 Sep 2008 18:45:58,623,[XL_INTG.OID],OID:tcUtilLDAPOperations -> : NamingException: Unable to search LDAP[LDAP: error code 32 - No Such Object]
    ERROR,09 Sep 2008 18:45:58,624,[XL_INTG.OID],tcUtilOIDUserOperations -> NamingException: Error while connecting to target. OID:tcUtilLDAPOperations -> : NamingException : Unable to search LDAP [[LDAP: error code 32 - No Such Object]]
    ERROR,09 Sep 2008 18:45:58,624,[XL_INTG.OID],tcUtilOIDUserOperations -> NamingException: Error while connecting to target. tcUtilOIDUserOperations -> OID:tcUtilLDAPOperations -> : NamingException : Unable to search LDAP [[LDAP: error code 32 - No Such Object]]
    Then the user is not provisioned to OID and in provisioning details this appear in state Rejected.
    Someone has idea where the problem can come?
    Since already thank you very much
    Maro

    Hi,
    The change resolved the issue, Thanks a lot :).
    But when i give Organisation DN as "" (I just cleared the value in the process form), The provisioning is failed.
    Is this Organisation DN a mandatory attribute????
    Also it would be great if you could share the rational behind those changes.
    I am very new to OIM , please bare with my ignorance.
    Thanks
    Edited by: jarah on Oct 1, 2008 10:36 AM

  • EUS with OVD and OID

    Has any one configured OVD 11gR1 and OID 11gR1 with DB 11gR1 for EUS? Can you share your experience in configuring these components?
    Thanks,

    1. Extending Schema : Even though we have selected the 'auto-update schema' option during OAMIdentityServer installation, is it mandatory to explicitely extend the schemas of OVD and OID, as mentioned in the "Extending Directory Schemas" section in "Setting up OAM with OVD" chapter of 'OAM Installation guide'.
    - no, if you selected auto update (and it completed successfully), you do not have to extend the schemas manually
    2. Creating Mapping Files:
    a. Out of the box, if we try to create New Mapping, the FileTemplate listing does not have any entry that corresponds to OID.
    b. On the other hand, to load the Mapping Templates explicitely, plugins\OracleAccessmanagerOViDTemplates\mapping_templates folder does not contain the OID related mapping template files.
    a - no, I do not see any templates that correspond directly to OID either
    b - i do not see this directory int eh file system at all
    What are you trying to map?
    dave

  • OID populate other http request attributes

    I am trying to figure out how to customize my OID SSO so that it adds attributes to the HTTP Request. I have used the name mapping java module to customize my certificate the OID user mapping. I imagine there has to be a similar interface for addition attributes to the request so that my partner applications can have user informationwithout reaching into the OID .
    Your assistance is greatly appreciated,
    Rachel

    Bernhard:
    Actually the headers are not set to null. I have an intermediate index.jsp page which is the first page that is redirected to by the AM - it is this page which calls my LoginServlet.
    The value appears consistently on this index.jsp page but after it is forwarded to the LoginServlet it starts behaving inconsistently. I check the system.out log in my websphere /logs folder and that tells me that LoginServlet does not consistenly get these values from the header.
    The wierd part is that if I use cookies or attributes, it works perfectly - each time every time. However, only in the case of headers (which is the method i am required to do) it behaves inconsistently.
    ANY feedback/help on this would be really appreciated bern.. thanks..
    ~saahil

  • AD new user not populated in OID

    Hi,
    When I create a new user in AD, it is not getting populated in OID. Though when I modify some attrubutes for the existing user, it gets sync with OID.
    What am I missing?
    ActiveChgImp is the only profile which is enabled.

    1) Check that the new user created in AD is in the containers to be SYNC to OID, the mapping rules are defined in the session of DomainRules in ActiveChgImp.map file. This may be the cause, it happened to us two years ago.
    2) check log file at $ORACLE_HOME/ldap/odi/log/ActiveChgImp.trc + ActiveChgImp.aud

  • How to filter certificate templates in Certificate Authority snap-in with the correct values

    How to filter certificate templates in Certificate Authority snap-in with the correct values
    I have a 2012 R2 server running Microsoft Certificate Authority snap-in.
    I want to do a filter on a specific Certificate Template which i know exists in the 'Issued Certificates' folder.
    All the documentation i can find seems to suggest i copy the certificate name and use this in the View Filter.
    1). I add the 'Certificate Template' option into the Field drop-down.
    2). I leave the Operation as the '=' symbol
    3). I paste in just the name of the template in question. for example: 'my computers'
    The search results always come back blank 'There are no items to show in this view.' even when i know there are many instances of this template. I've tried on a win 2008 server and same issue.
    Is there a correct value to enter for the Certificate Template name?
    Can this be done easier using certutil commands?
    When i run the certutil tool i can confirm i have several issued templates. Certutil -catemplates -v > c:\mytemplate_log.csv
    Anybody know what i'm doing wrong?
    I seem to be getting nowhere with this one.

    > But its important you are using the template name, not the display name
    this is incorrect. OIDs are mapped to *display name*, not common name (it is true for all templates except Machine template). That is, in order to translate template name to a corresponding OID, you need to use certificate template's display name. And, IIRC,
    template name in the filter can be used only for V1 templates. For V2 and higher, OID must be used.
    My weblog: en-us.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
    Check out new: SSL Certificate Verifier
    Check out new:
    PowerShell FCIV tool.

  • How to create a utilityTask in OIM10g?

    HI All,
    i have a few queries in regarding creating utility task in the adaptor factory.
    1.Created two varaibles in variable list lookupname and EncodedValue
    2.In adaptor tasks, Selected the Oracle Identity manager API and added the task name as getDecodedforlookup
    3.Selected Application API as Thor.API.Operations.tcLookupOperationsIntf
    4.Selected the method getlookupvaluesforencoded
    Now the application Method paramenteres is dispayed with two inputs(mapped with adaptor variables) and output(mapped with return variable) which is a tcresultset.
    the creation of adaptor task is completed.
    I attached the adaptortask to a processdefinition task
    mapped the lookupname to ---literal----lookup.oid.constants
    mapped the EncodedValue to literal-----finalvalue(this is a code key value for lookup lookup.oid.constants)
    So the adaptor objective is to return the decode value of the EncodedValue.
    Now i set the return response as the decode value(hardcoded) and changed the status to C.
    when i trigger this particular task ,it is returning in Response:Thor.API.tcMetaDataSet@baf5211
    how can i get teh actual string value of the decoded?
    Regards,
    Naveen
    Edited by: KIshore Naveen on 16 Aug, 2012 2:26 AM

    What you've returned is the tcResultSet. Assuming you have only a single value that matches the encoded value you are looking for, you won't need to go to any other row. Create a new task and select the existing object instance of the task you just ran. Then use the function getStringValue and for your input, use "Lookup Definition.Lookup Code Information.Decode" to return the decode field.
    -Kevin

  • Weblogic Admin and Managed Server start using boot.properties and LDAP Acc.

    Hello - Can any one please tell me if Weblogic 10.3.x can be started using boot.properties file and by using a user account from the External LDAP (OID) server?
    I have configured the Weblogic server and have added a LDAP authenticator.
    The Group in OID is mapped to the Admin role in Weblogic so that the user can start and stop the server.
    LDAP users can successfully authenticate and access WLS console.
    We would like to remove Default Authenticator (Embeded LDAP) from the list of available providers for our security releam.
    Thank you.

    Tested and got it worked.

  • Issues integrating WebCenter with Oracle Access Manager

    Hi All,
    I am trying to integrate WebCenter 10.1.3.2 with Oracle Access Manager (CoreId). Followed the steps described in the Chapter 11 of the OC4J Security Guide.
    I was able to successfully authenticate WebCenter using IWA with Access Manager.
    Then I proceeded with the below steps:
    - Implemented ADF Security in the application. Created application roles and login page and worked fine on my local machine.
    - Provide the auth-method of "COREIDSSO" in orion-application.xml
    - Renamed the app-jazn-data.xml to give the OID groups
    - Mapped the OID groups to application roles in orion-application.xml
    - Used the jazn migration tool to populate the system-jazn-data.xml
    When trying to access the application, it looks like the ADF Context identifies that this is an authenticated user.
    ADFContext.getCurrent().getSecurityContext().isAuthenticated() retruns true
    ADFContext.getCurrent().getSecurityContext().isAuthorizationEnabled() returns true
    I get the below error message on the server console:
    [CoreIDLoginModule::getUserSessionFromCookie]: This user session for F3iwZhUGgjej9RSrMLSo0wjH5Ec6c2oeC0OBRH12y7%2FvfPVncz6dYoBoFD6q8DWAlMtzah%2FYV4T1t7jztVFYbxwfOyu0VOMXMEIosRrFicfJwoPRrM8MOkFsziQxpUqo98XrC9iBRHffdWSItNHZRZK4ZoCJMi6HZZ6noOc4Z%2BGJDGj3kWndYHTWjiG0cJhkSbL95wMmrXCDElzZHjPMdkuNQUHW1TfAJvgSlDeX6hhhIThlc%2BGmxMP3MQ%2FZoxUysbKieIJgDXo1%2FEMmLmTVjA%3D%3D is not valid or user is not logged in.
    I also tried using the "Headervar" variable to display the obmygroups value, but it comes as blank.
    Any help would be appreciated.
    Thanks
    Aneesh

    We recently integrated Webcenter Application (with ADF Authentication and Authorization) with OAM. May be the following will be of some help to you.
    We did the following steps documented in Chapter 11 Oracle Access Manager in Oracle J2EE security guide.
    OAM
    1. Created ALL specified policies , authentication schemes, protection specified in OAM section of the document.
    OC4J
    1. Ran all configuration listed for the OC4J section.
    Webcenter
    1. Developed the Webcenter Application
    2. Enabled ADF Security (Authentication & Authorization)
    3. Deployed the application. While deploying chose File based provider.
    4. After the deployment, changed orion-application.xml to have COREIDSSO as documented in Oracle documentation
    system-jazn-data.xml
    1. Added login module details as specified in the document. (Changed only the application name. Rest all was same as we used names as specified in the earlier steps of the document)
    OID Migration
    Reference document: "Configuring a WebCenter Application to Use Oracle Access Manager" in Webcenter Framework Developer guide.
    1. Located app-jazn-data.xml in the deployed application
    2. Removed "realm-name" and "type" subelements of "grantee" tags. Removed any realm details in user name.
    3. changed references to "class oracle.security.jazn.spi.xml.XMLRealmRole" to "oracle.security.jazn.realm.CoreIDPrincipal"
    4. ran the JAZN migration tool with "all" options. Migration from app-jazn-data.xml to OID.
    OAM
    Created policies for protecting our application.
    Test the application.
    Debugging.
    1. Enable oracle.adf.share.security , oracle.j2ee.security & oracle.j2ee.security.oc4j loggers to debug if the application is not working the way you expect to work.
    2. Set log level in Enterprise manager.
    3. All logging information are written in log.xml in $ORACLE_HOME/j2ee/OC4J_Webcenter/log/OC4J_WebCenter_default_group_1/oc4j
    Thanks

  • Integrating Oracle Applications with Siteminder for SSO.

    We currently have a Oracle Apps implementations with Oracle 9iAS as Application server. We are planning to integrate it in SSO using Netegrity Siteminder.
    Please let me know your thoughts on the following
    1) Additional softwares or patches needed to be applied at Oracle Application Server level before integrating with Siteminder. Do we need to install Oracle SSO seprately or does it come as part of Oracle 9iAS.
    2) Also how will we implement SSO using siteminder without OID.
    Any documents on it will help.

    The Netegrity Siteminder Webagent will authenticate to some third party, probably the corporate LDAP. Using Oracle SSO (OSSO) is required and a java plugin needs to be customized. See:
    Oracle® Application Server Single Sign-On Administrator's Guide
    10g Release 2 (10.1.2) < I know different version but doesn't matter
    B14078-02
    Specifically Chapter - 13 Integrating with Third-Party Access Management Systems. That is a minor task.
    Loading OID is a prerequisite and needs to contain the users that will need access to the protected resources in the environment. If it's a small amount of users, manually maintaining OID may not be a big deal utilizing OIDDAS but if it is a large amount, then this effort is a big deal. Big deal meaning a load utilizing the bulkload utility and a custom job that syncronizes the "Corporate LDAP" with OID. Mapping is important. External dependancy with the "Corporate LDAP" folks.
    Another couple of important things to consider:
    1. The seeded users in OID, such as orcladmin will most likely not be in the "Corporate LDAP" so once Netegrity Simplified Sign On (SSO) comes into play, those users are locked out. Orcladmin is a superuser in OIDDAS. For that reason, server administrators or DBA's that are in OID need to be granted OIDDAS privileges prior to enabling the Netegrity agent to prevent being locked out of that important but sensative tool. Disabling and re-enabling SSO is as simple as editing 2 config files and bouncing a few things though.
    2. The OIDDAS Password lockout policy will start locking users after 60 days with no warning unless changed. If oidadmin gets locked, the fix is Note:251354.1. Very important to change the policy since it will be handled by the "Corporate LDAP". Note:251354.1 covers this. Basically using the oidadmin utility, change the "Password Expiry Time" from the default 5184000 to zero "0" which turn off the policy.
    The realms that should be protected on the Netegrity policy server are both infrastructure. 7777/oiddas and 7777/sso need to be protected realms on the policy server. If you have a protected application going to mid-tier applications like 7778/discoverer/viewer, they get redirected to the infrastructure 7777/sso because if the directive in mod_osso.conf. Forms will be protected by the 7777/sso realm as well. On the Netegrity Policy Server, unprotected sub-realms can be created under protected realms.
    The custom java plugin tells Oracle to trust the "Corporate LDAP" for authentication but authorization can still be performed within OID.
    This all sounds difficult but it is really simple. The only part than can get difficult and time consuming is the OID load. Hopefully you get Siteminder DAS access to administer your realms on the Policy server.
    Hope this helps! - Ron

  • Urgent: mapping between OID and iplanet ldap

    I am trying to configure the mapping between my iplanet ldap server (source) and OID (destination) . My iplanet dn is uid=sharam,ou=People,dc=xsj,dc=xilinx,dc=com and my OID dn is cn=sharam,cn=users,dc=xsj,dc=xilinx,dc=com
    My mapping file looks like this:
    DomainRules
    dc=xilinx,dc=com:cn=users,dc=xsj,dc=xilinx,dc=com:cn=%,cn=users,dc=xsj,dc=xilinx
    AttributeRules
    givenname
    facsimiletelephonenumber
    departmentnumber
    mail
    uid::::cn
    telephonenumber
    pager
    employeenumber
    l
    sn
    title
    When I load this using ldapUploadAgentFile.sh, I am getting the following error in ldap/odi/log/IPlanet.trc file. Any ideas what I am doing wrong??
    Trace Log Started at Mon Jul 08 11:28:47 PDT 2002
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708112903
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708112917
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708112933
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708112948
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113003
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113018
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113033
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113048
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113103
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113118
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113133
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113148
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113203
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113217
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113233
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113248
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113303
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113317
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113333
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered
    IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
    ODIException: DIP_GEN_UNKNOWN_FAILURE
    at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
    at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
    at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
    at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
    Updated Attributes
    orclodipLastExecutionTime: 20020708113348
    orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Unknown Error Encountered

    Start the odisrv with the debug flag set to 16. This should give you a more detailed trace which might help you sort this.
    Hope this helps
    Vinodh R.

  • AD-OID synchronisation  Agent Execution Successful, Mapping/IMPORT operati

    Hi
    We are trying the AD-OID synchronization,using ActiveImport profile.
    The bootstrap is successful. But synchronization status is Agent Execution Successful, Mapping/IMPORT operation Failure.
    Attaching the trace file for import :
    LDAP Connection success
    Writer Initialised!!
    MapEngine Initialised!!
    Filter Initialised!!
    searchF :
    searchF : objectclass=*
    [LDAP: error code 12 - 00000057: LdapErr: DSID-0C09065D, comment: Error processing control, data 0, vece]
    ActiveImport:Error in Mapping EngineODIException: DIP_GEN_SEARCH_EXCEPTION
    ODIException: DIP_GEN_SEARCH_EXCEPTION
         at oracle.ldap.odip.gsi.ActiveReader.searchChanges(ActiveReader.java:303)
         at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:395)
         at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:278)
         at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:165)
    ActiveImport:about to Update exec status
    Updated Attributes
    orclodipLastExecutionTime: 20070117121046
    orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Failure During Search
    Ending Mapping execution.
    null
    Error in proxy connection : ODIException: DIP_GEN_AUTHENTICATION_FAILURE
    ODIException: DIP_GEN_AUTHENTICATION_FAILURE
         at oracle.ldap.odip.gsi.LDAPConnector.proxyConnectAs(LDAPConnector.java:350)
         at oracle.ldap.odip.engine.AgentThread.updateExecStatus(AgentThread.java:607)
         at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:208)
    Updated Attributes
    orclodipLastExecutionTime: 20070117121047
    orclOdipSynchronizationStatus: Agent Execution Successful, Mapping/IMPORT operation Failure
    orclOdipSynchronizationErrors: Agent Execution Successful, Mapping/IMPORT operation Failure
    null
    Error in updating the statusODIException: DIP_GEN_AUTHENTICATION_FAILURE
    ODIException: DIP_GEN_AUTHENTICATION_FAILURE
         at oracle.ldap.odip.gsi.LDAPConnector.proxyConnectAs(LDAPConnector.java:350)
         at oracle.ldap.odip.engine.AgentThread.updateExecStatus(AgentThread.java:680)
         at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:208)
    Please help us to solve this issue.
    we have one more issue.We used ActiveChgImp synchronization profiles for synchronization. But the profile ActiveChgImp deleted by mistake. Can create that profile (ActiveChgImp) one more time using createprofile, if so what prop_file I need to give for creating this?
    Thanks in advance

    You can use
    $ORACLE_HOME\ldap\odi\conf\backup\activechg.map.master to recreate activechgimp profile.
    DIP_GEN_SEARCH_EXCEPTION error is generic error. Try setting high debug level to generate more details.

Maybe you are looking for

  • Where clause in UPDATE statement is ignored

    I have the following procedure that updates a field in a table. The only problem is that all rows in the table are updated like the update statement doesn't have a where clause. When I hard code the number (733) in the where clause it works as expect

  • HT4972 how do i move my apps and music back to my iphone from the itunes library

    how do i move my apps and music back to my iphone from ituneslibrary

  • How do I create a login page?

    So I am redesiging  a company website in Adobe Muse. Their current website has a login page and a registration page that allows a customer to view secured file. I need to know if I should go ahead and design the login page and registration page in Ad

  • Java Studio Creator error

    Hi, i'm trying to use annotation in my code, but the compiler show following error message: (try -source 1.5 to enable annotations) my jdk defaullt is jdk 1.5 help.

  • Adding DHCP options into bootpd.plist

    Hello All, I'm having issues inserting DHCP options 66 and 67 into the /etc/bootpd.plist file. I'm a bit baffled by this task and it's not rocket science so I really don't understand why this is not working the way it should. Goal: I'm setting up a d