OIM-AD connector Issues in OIM 11g
Hi
We are trying to provision user from OIM 11G to AD using Administration Tab of Admin Console.
As part of ADITResource configuration , follwoing fields are included.In the Enterprise manager OIM server log, we are getting the below error message.
Error Message In Enterprise manager OIM server log -
Module OIMCP.ADCS
Thread ID [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'
Message com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks : createUser : Wrong Value Specified in Root Context of IT ResourceOr Organization DN_
However, in Admin console Selfservice-->Task-->Provisioning -->Shows error as
Response:Connection Error encountered
Response Description: Error encountered while connecting to target system
We have sucessfully tested the connection using Diagnoistic Dashboard (XIMDD) & Ldap Browser.
IT Resource Details-
Parameter Value
AD Sync installed (yes/no) no
ADAM LockoutThreshold Value 5
ADDisableAttr Lookup Definition Lookup.ADProvisioning.DisableAttrLookup
ADGroup LookUp Definition Lookup.ADReconciliation.GroupLookup
Abandoned connection timeout 600
Admin FQDN cn=administrator,cn=Users,dc=example,dc=com
Admin Login administrator
Admin Password ********
Allow Password Provisioning yes
AtMap ADGroup AtMap.ADGroup
AtMap ADUser AtMap.AD
AtMap Group AtMap.ADGroup
Atmap ADOrg AtMap.ADOrg
Backup Server URL [NONE]
Connection pooling supported false
Connection wait timeout 100
Custom Attribute Name
CustomizedReconQuery
Inactive connection timeout 600
Initial pool size 1
Invert Display Name no
LDAP Connection Timeout 30000
Last Modified Time Stamp 0
Last Modified Time Stamp Group 0
Max pool size 30
Min pool size 2
Native connection pool class definition
OIM User UDF
Pool excluded fields
Pool preference Default
Port Number 389
Remote Manager Prov Lookup AtMap.AD.RemoteScriptlookUp
Remote Manager Prov Script Path
ResourceConnection class definition com.thortech.xl.integration.ActiveDirectory.ADResourceConnectionImpl
Root Context dc=example,dc=com
SSL Port Number 636
Server Address WIN-PEUB23TMMT4.example.com
Target Locale: Country US
Target Locale: Language en
Target Locale: TimeZone GMT
Target supports only one connection false
Timeout check interval 100
UPN Domain example.com
Use Disable Attr false
Use SSL false
Validate connection on borrow true
isADAM no
isUserDeleteLeafNode no
For Organization we have selected ou=Test,dc=example,dc=com in our lookup defination
Please suggest....
Thanks
It's not Key, it's the Scheduled Task attribute "IT Resource Name"
Documentation: http://download.oracle.com/docs/cd/E11223_01/doc.910/e11197/using_conn.htm#CHDFBAAC
Here is the documentation on the lookup format: http://download.oracle.com/docs/cd/E11223_01/doc.910/e11197/intro.htm#CHDHCCJD
-Kevin
Similar Messages
-
ESSO PG Connector Issue in OIM 11G
I setup ESSO Provision Gateway Connector in OIM 11G.
But during "add credential task" I get error:
"*The add_credential execution failed. Error: Error in sending instruction from provisioning manager in Api Command (400) Bad Request. Add Credential Command failed to get invoked*".
In Event Log of the Windows Server 2008 with the Provision Gateway I saw:
"*Unexpected end tag. Line 6, position 1015*", "*server cannot clear headers after http headers have been sent*".
It means a syntax error in xml request of connector to web-service of Provision Gateway.
Wireshark shows me sent xml-request:
"<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken><wsse:Username>cn=adm,o=petro</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">12345678</wsse:Password><wsse:Nonce>QFJ903k1GFWnAoqZ/Npijg==</wsse:Nonce><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2010-12-07T11:47:02.502Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header><soapenv:Body><AddCredential xmlns="http://passlogix.com/UP/"><strRequest><?xml version = '1.0' encoding = 'UTF-8'?>
<addRequest><attributes><attr name="objectclass"><value>urn.oasis.names.tc:SPML:1:0#GenericString</value></attr><attr name="provisioningAgent"><value>Provisioning Agent</value></attr><attr name="ssoUserId"><value>SGP63234</value></attr><attr name="creationTime"><value>2010-12-07 11:47:02.491Z</value></attr><attr name="executionTime"><value>2010-12-07 11:47:02.490Z</value></attr><attr name="applicationId"><value>SAP</value></attr><attr name="userId"><value>EBELOV</value></attr><attr name="description"><value>SAP</value></attr><attr name="password"><value>Q123</value></attr><attr name="thirdField"><value>888</value></attr></attributes></addRequest></strRequest></AddCredential></soapenv:Body></soapenv:Envelope>*</#document>*"
I saved it to xml-file and opened in Internet Explorer and there was error.
Then I decided to watch the view of this request in OIM 9.1.0.2 to compare with request in OIM 11G.
I found out next one:
the main difference was in last tag "*</#document>*".
I take this tag off from xml-file, taken from request of OIM 11G and saved the file.
Edited xml-file was correct.
Is it error in connector or in OIM 11G?How to solve it?Can anyone help me?Hi!
I get the same error during Add Credential task with the ESSO PG connector in OIM 11g.....
The add_credential execution failed. Error: Error in Sending instruction from the provisioning manager in API Command (400)Bad Request.
com.passlogix.integration.provision.client.CommandInvocationException: Error in Sending instruction from the provisioning manager in API Command (400)Bad Request
Where I can check the xml file?
You could solve the problem?
Thanks in advance!!! -
OIM: OID Connector Issue
Hey all,
I downloaded and installed the new 11g version of the OID 11.1.1.5 connector without the connector server on OIM 11g BPO5. While trying to run the group lookup reconciliation scheduled task, it fails with below error:
<Oct 30, 2012 8:51:01 PM PDT> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.RECON.LOOKUPRECONTASK> <BEA-000000> <oracle.iam.connectors.icfcommon.recon.LookupReconTask : execute : Error during execution
org.identityconnectors.framework.common.exceptions.ConnectorException: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; Remaining name: *'dc=mycompanydc=statedc=*type'
at org.identityconnectors.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:71)
at org.identityconnectors.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:59)
at org.identityconnectors.ldap.search.LdapSearch.execute(LdapSearch.java:131)
at org.identityconnectors.ldap.LdapConnector.executeQuery(LdapConnector.java:115)
at org.identityconnectors.ldap.LdapConnector.executeQuery(LdapConnector.java:59)
at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:105)
at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:93)
at $Proxy336.search(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:107)
at $Proxy336.search(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:162)
Caused By: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; Remaining name: *'dc=mycompanydc=statedc=*type'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3092)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:245)
at org.identityconnectors.ldap.search.DefaultSearchStrategy.doSearch(DefaultSearchStrategy.java:60)
at org.identityconnectors.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:66)
at org.identityconnectors.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:59)
at org.identityconnectors.ldap.search.LdapSearch.execute(LdapSearch.java:131)
at org.identityconnectors.ldap.LdapConnector.executeQuery(LdapConnector.java:115)
at org.identityconnectors.ldap.LdapConnector.executeQuery(LdapConnector.java:59)
at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:105)
at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:93)
at $Proxy336.search(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:107)
at $Proxy336.search(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:162)
>
<Oct 30, 2012 8:51:01 PM PDT> <Warning> <oracle.iam.scheduler.vo> <IAM-1020035> <Error in exception object for job {0}
java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1173)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1527)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1492)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1409)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1167)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1527)
at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:428)
at java.lang.Throwable.writeObject(Throwable.java:293)
at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1001)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1478)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1409)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1167)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1527)
at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:428)
at java.lang.Throwable.writeObject(Throwable.java:293)
at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1001)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1478)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1409)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1167)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:336)
at oracle.iam.scheduler.vo.TaskSupport.populateJobHIstory(TaskSupport.java:321)
at oracle.iam.scheduler.vo.TaskSupport.logJobExecution(TaskSupport.java:206)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:153)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Another thing is, the logs is not showing the basecontext properly i.e., *'dc=mycompanydc=statedc=*type' instead of *'dc=mycompany,dc=state,dc=*type'. The ',' seems to be missing in the logs.
Please help.
Regards,
SunnyWhats is the value in SearchContext attribute value in scheduled task.
It should be dc=mycompany,dc=state,dc=type
And it should be present in your OID. -
Hi,
I am using a VMware image already configured with OIM-AD. But the AD connector is having some issues. When I test the ADITResource connectivity, the test is failed. It says the input parameters are correct. I have cross-checked may times...but all the parameters are intact. When i try to provision any user with this resource system validation is in pending status.
The logs are:
2010-04-26 05:41:56,321 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: g8h3mw9t-yl
2010-04-26 05:41:56,321 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void com.thortech.xl.ejb.databeansimpl.tcDataBaseBean.ejbCreate() throws javax.ejb.CreateException
2010-04-26 05:41:56,321 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invokerAfter setting SSL to true... i m getting the following error:
23:33:52,546 ERROR [ACTIVEDIRECTORYCONTROLLER] tcADUtilLDAPController.Connect():Problem getting InitialDirContext: javax
.naming.CommunicationException: simple bind failed: ten.mydomain.com:636 [Root exception is javax.net.ssl.SSLHandshakeEx
ception: sun.security.validator.ValidatorException: No trusted certificate found]
23:33:52,546 INFO [STDOUT] java.lang.reflect.InvocationTargetException
23:33:52,546 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
23:33:52,546 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
23:33:52,546 INFO [STDOUT] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
23:33:52,546 INFO [STDOUT] at java.lang.reflect.Method.invoke(Method.java:324)
23:33:52,546 INFO [STDOUT] at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCREATEUSER.CREATEUSER(adpADCREATE
USER.java:163)
23:33:52,546 INFO [STDOUT] at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADCREATEUSER.implementation(adpADCR
EATEUSER.java:86) -
OIM API portablity issue with OIM 9.1 / Weblogic 10.3
Hi , We have a existing piece of code which does some User Mutation through OIM API.
[I am not well versed with OIM ]
The code was running fine with Weblogic 8.3 and previous OIM version.
Here is the piece of code.
logger.info("Initializing OIM Params from config location:" oimConfigFileUtil.getOIMConfigBase());+*
+ System.setProperty("XL.HomeDir", oimConfigFileUtil.getOIMConfigBase().getAbsolutePath());+
+ System.setProperty("java.security.auth.login.config", oimConfigFileUtil.getOIMAuthWLFile().getAbsolutePath());+
+ ConfigurationClient.ComplexSetting configClient = ConfigurationClient.getComplexSettingByPath("Discovery.CoreServer");+
+ env = configClient.getAllSettings();+
*+ try {+*
+ oimAccessFactory = new tcUtilityFactory(env, oimConfigFileUtil.getUserID(), oimConfigFileUtil.getPassword());+
I traced all the dependecy's for this piece of code.
If I run this with Weblogic.jar[8.1] it gives me
java.io.InvalidClassException: com.thortech.xl.dataaccess.tcDataSet; local class incompatible: stream classdesc serialVersionUID = -5446056666465114187, local class serialVersionUID = -8857647322544023100*
With the compatablity issue I substituted with weblogic.jar:10.3 , now its giving me all classpath issues.
Can someone layout the exact jars that are required for this to work?
Thanks
VigneshInstalll a Design Console. Copy any files that are required. Then take the class paths that are listed in the classpath and basecp files and put those into your application classpath files.
-Kevin -
How to check connector connectivity in OIM 11g
Hi All,
How to check connector connectivity in OIM 11g. In erlier version we have XIMDD from where we can test connectivity. But I dont see anything in 11g.
Thanks.Noway ! !
Go to:
*<Oracle-Weblogic-Middleware-Home>\Oracle_IDM\server\features\Xellerate.zip* & you can find the XIMDD.war -
How to develop connector using identity connector framework in OIM 11g
How to develop Ldap connector using identity connector framework in OIM 11g. A sample would be helpful (specifically LDAP). In some thread it is written to download org.identityconnectors.ldap-1.0.5119.jar file but none of the existing links works. Please let me know if anyone has this jar file.
Thanks. I started developing connector using the ICF. When I depoyed my connector and tried to invoke it from a stand-alone client I encounterd the following error :
Exception in thread "main" java.lang.NullPointerException
at org.identityconnectors.framework.impl.api.local.ConnectorBundleManifestParser.getAttributes(ConnectorBundleManifestParser.java:55)
at org.identityconnectors.framework.impl.api.local.ConnectorBundleManifestParser.<init>(ConnectorBundleManifestParser.java:50)
at org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl.processURL(LocalConnectorInfoManagerImpl.java:193)
at org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl.expandBundles(LocalConnectorInfoManagerImpl.java:91)
at org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl.<init>(LocalConnectorInfoManagerImpl.java:72)
at org.identityconnectors.framework.impl.api.ConnectorInfoManagerFactoryImpl.getLocalManager(ConnectorInfoManagerFactoryImpl.java:81)
at org.identityconnectors.framework.impl.api.ConnectorInfoManagerFactoryImpl.getLocalManager(ConnectorInfoManagerFactoryImpl.java:66)
at org.identityconnectors.ent.Main.main(Main.java:35)
Any input on the same would be helpful. -
Iplanet process form issue in OIM 11g
Hi,
When I try to provision a user to iPlanet. It throws below error in OIM Admin console itself in OIM 11g
This resource is not configured correctly. Contact your System Administrator.
Form does not have any fields defined.
I'm not able to see my process form when I try to provision, eventhough I have fields over there. I'm assumption is there is some problem with Process Definition and Process form linkage for iPlanet resource. I don't think OIM will allow to attach new process form in current process defiintion. Correct me If I'm worng.
Is there any way to check this linkage from backend. any queries available to check from OIM DB?
Pls help me to fix this?Hi,
When I try to provision a user to iPlanet. It throws below error in OIM Admin console itself in OIM 11g
This resource is not configured correctly. Contact your System Administrator.
Form does not have any fields defined.
I'm not able to see my process form when I try to provision, eventhough I have fields over there. I'm assumption is there is some problem with Process Definition and Process form linkage for iPlanet resource. I don't think OIM will allow to attach new process form in current process defiintion. Correct me If I'm worng.
Is there any way to check this linkage from backend. any queries available to check from OIM DB?
Pls help me to fix this? -
OIM AD connector- Groups added natively in AD getting deleted
We are facing this issue with the OIM Ad connector- 11.1.1.5.0. The scenario is :
1. OIM user get created
2. OIM provisions user to AD and adds user to 2 groups ( 1 and 2)
3. AD Administrator logs into the AD directly and adds 3 groups to the user ( Group3,Group4 and Group5)
4. OIM admin goes to the resources tab and adds Group6 to the user from within OIM AD resource
Shouldn't we see that the user account on AD be a member of group1,group2,group3,group4,group5 and group6. This is the expected behavior
What we are seeing on the account is that only group1,group2 and group6 are visible.
I understand the the groups - Group3,Group4 and Group5 will not be visible on the resource form unless we do a recon but OIM should not be DELETING groups added natively on AD
Any help on this issue will be appreciatedThanks everyone. I do agree that the behavior should be such that all 6 groups should be visible on the user on the target (AD) system. However, we are seeing that the groups added natively within AD are getting deleted and OIM is "truing up" the user account with the groups that are added within the process form , i.e. the scenario described above. OIM is actually deleting the groups that were added manually on AD.
If I do trigger a target recon, then I can see that all the groups are reflected on the user within OIM. However running this task every hour or rather every time I need to add an entitlement on a user is not a feasible solution,would you agree?. Also this is a limitation that cannot be placed on a helpdesk person. Rather , if this is the only solution , it should be a functionality of the connector.
Please note that the connector deployed is v11.1.1.5.0 and NOT the 9.1.1.7. The 9.x connector did behave as expected , i.e it did not delete any groups. However the new ICF based connector is deleting groups. Is there a setting within the connector configuration to turn on/off this functionality?
This is what I see in the connector server logs
<VERBOSE>: Class-> ActiveDirectoryUtils, Method -> GetDnFromPath, Message -> Exiting the method. Returning the value = CN=TEST6,CN=Users,DC=OIM,DC=Test,DC=com
<VERBOSE>: Class-> CustomAttributeHandlers, Method -> UpdateDeFromCa_OpAtt_Groups, Message -> DirectoryEntry path = LDAP://xx.xx.xx.xxx/CN=Print,DC=OIM,DC=Test,DC=com. Removing: CN=TEST6,CN=Users,DC=OIM,DC=Test,DC=com from the property: member
"PRINT" is the group that was added natively on AD. -
OIM - OID11g Connector Logging
Hi All,
I have updated the logging.xml as below to enable the logging for OIM -OID Connector 11.1.1.5.0 but I can't see anything in the file (File is created but it has no logs):
<log_handler name='oid-handler' level='TRACE:32' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
<property name='logreader:' value='off'/>
<property name='path' value='/u01/oracle/iam_middleware/user_projects/domains/IAMdomain/oidconnector.log'/>
<property name='format' value='ODL-Text'/>
<property name='useThreadName' value='true'/>
<property name='locale' value='en'/>
<property name='maxFileSize' value='5242880'/>
<property name='maxLogSize' value='52428800'/>
<property name='encoding' value='UTF-8'/>
</log_handler>
<logger name="OIMCP.OID" level="TRACE:32" useParentHandlers="false">
<handler name="oid-handler"/>
<handler name="console-handler"/>
</logger>
Please help.
Thanks
SunnyFirstly I would normally manage OIM 11g logging through Oracle Enterprise Manager rather than directly in a logging.xml file, with log information appearing in the OIM server diagnostic log rather than a dedicated log file as you have done. That is not to say what you are doing is wrong (I cannot comment as I have never managed OIM 11g logging in this way.)
The other thing that may be wrong is the logger you are using. You have logger OIMCP.OID. For my OIM11g OID connector logging I am using the standard logger of XL_INTG.OID. -
Hi All,
I am installing OIM - PeopleSoft connector for Employee Reeconciliation. As part of Target System Configuration for Full Reconciliation(Trusted Source) i performed all the steps specified in Connector documentation on Target System. Summary of the steps is Full publish of Person Data in PeopleSoft as xml files and feeding these xml as initial data load to OIM. After running the process scheduler for Data Publish of PERSON_BASIC_FULLSYNC message i dont see any xml files being generated. Rather it only gives me one log file and a .trc file. The log file says the process has ran successfully. But no expected out.
Any one who previously performed these steps successfully please share your experience and pointer would be appreciated
PeopleSoft HRMS 8.8
People Tools : 8.9.26
OIM 11g.
Connector : 9.1.1.6
Connector Documnetation Followed : http://download.oracle.com/docs/cd/E11223_01/doc.910/e11205/deploy.htm#BIHFHICC
Regards,
Ashoki'm face the same problem, have u soloved this problem . can u share me with it ?
-
Hi All,
I have a requirement where I need to provision and reconcile into multiple flat files and metadata in each of them may differ.
So I was planning to create custom GTC connector each for provisioning and reconciliation respectively.
Can anyone please suggest me the best possible solution for this.
Is Oracle planning to launch a connector for flat file in near future which can help in such scenarios?I have tried using default GTC connector for reconciliation (without trusted source reconciliation). I have three fields in the file UserName,FirstName,LastName and have mapped them to account profile for OIM, a reconciliation rule has been created which looks for equality of User Id in both OIM and flat file. The User ID is present in both flat file and OIM and is same.
I have done configuration on both OIM 9100 and also on OIM 9101.
It is working in OIM 9100 but not on 9101 and giving me null pointer exception. Any idea why it is not working on 9101.
When I have a new entry in flat file that exists in OIM the connector link the two and creates the resource form. But when I try to update/delete any existing value in flat file it is showing me a strange behaviour.
For update it links the same profile again to different resource form (basically it link the account using "one entity match found" however it should be "one process match found")and for delete it is not working. I am assuming that it is not able to call process tasks.
Can anyone tell me why it is doing so. My reconciliation rule is working fine. -
OIM on Oracle Database Express Edition 11g Release 2
Hi,
is it possible to use the last version of OIM on Oracle Database Express Edition 11g Release 2 for a Development Environment?
Thanks in advance,
MaxLast means Latest ... yes it support.
-
Hi All,
I have instlalled the OIM DBUM connector for Oracle databse. I have provided all the parametrs except connectionproperties column while configuring the itresource for the connector.when trying to run the schedulers OOTB to populate lookups synchronized with target iam getting the following error.please help me out.
oracle.iam.connectors.icfcommon.exceptions.OIMException: Thor.API.Exceptions.tcAPIException: Row index out of bounds
thanks.Hi Ketan,
I have installed DBUM *11.1.1.6* on OIM *11.1.1.5* locally.
in the connector guide i followed below steps.
1. Sec:2.2.1 Installing the Connector in Oracle Identity Manager
2. Sec:2.3 Postinstallation
Section 2.3.1, "Postinstallation on Oracle Identity Manager"
Section 2.3.1.1, "Configuring the Target System As a Trusted Source"-notdone
Section 2.3.1.2, "Changing to the Required Input Locale" -----left it with default values
Section 2.3.1.3, "Clearing Content Related to Connector Resource Bundles from the
Server Cache"
Section 2.3.1.4, "Creating the Administrator Account on Oracle Database Vault"-----not done
Section 2.3.1.5, "Setting up the Lookup Definition for Connection Pooling"---not done
Section 2.3.1.6, "Enabling Logging for Oracle Identity Manager"
Section 2.3.2 Configuring the IT Resource for the Target System
In this we have a parameter text field called Connection Properties ----I left it blank and dont know what needs to be filled.
Remaining parameters are set
Database Name-IP of DB machine
DB Type
JDBC Driver
JDBC URL
Login Password
Login User
I could see connector installation success message. But when I am trying to run the scheduled jobs configured to populate the lookups , getting the above mentioned error.
Thanks.
Section 2.3.2, "Configuring the IT Resource for the Target System"
Section 2.3.3, "Configuring the Connector to Support Multiple Versions of the
Target System"------------------->not done
Edited by: Powerlad on Sep 2, 2012 11:55 PM -
Documentation for OIM AD Connector
Hi,
Can any one suggest any documentation for OIM AD Connector which gives steps to develop adapters and so onOIM Connector Guide for AD - > http://download.oracle.com/docs/cd/E10150_01/doc.904/e10158/toc.htm
OIM Connector Framework Guide -> http://download.oracle.com/docs/cd/E10150_01/doc.904/e10178/toc.htm
Maynot have a great deal of details, but something to start off with.
Rgds, Ajay
Maybe you are looking for
-
Photoshop CS5 problem (Win 7 Ultimate 64 Bit)
Hallo leute, Also wenn ich in CS 5 Arbeiten will ... gehts ne zeit genz normal ... doch plötzlich wie aus dem nichts ... bäääm seh ich alles in grün oder blau ... oder ist gar das blatt einfach unsichtbar ... wenn ich dann speichere und es wieder öff
-
I am looking for software that I can use to quickly tag photos. I take hundreds of photos of soccer teams, I would like to view photos and tag them with the players 'number' that is in each photo. Example, "4,12,5" continuing this for hundreds of pho
-
i just want to get my library neatly organized and not have songs repeated 3 times
-
Is Showtime's Homeland being removed from On Demand?
All episodes of Homeland On Demand are now listed as available unitl 7/2/2014. Is Homeland being removed from On Demand? If so, why? It's a current running series with a new season to start in the Fall.
-
Photoshop Elements 12 Editor will not launch
Any suggestions? Should I uninstall and reinstall the program or is something going on