11g - LDAP Sync - Select Custom Object class based on user type
Hi Gurus,
We have Ldap Sync set up between OIM 11g and ODSEE, we have some custom object class in ODSEE when the user are getting created in OIM it is getting created in ODSEE and it has all object class , every thing is working fine.
Now we have to select the object class based on user type of OIM, while pushing the user to ODSEE through LDAP sync.
we checked the LDAPUser.xml we doesnt have any option to choose custom object class based on user type.
Guys needs suggestion how to go forward on this requirement.
Do you have OVD between OIM and ODSEE? If yes, then this can be handled at OVD. By modifying the LDAP Adapter and setting up search for users with custom objectclass instead of inetorgperson.
Flow would be as follows:
OIM --> LDAPRequest to Create User with inetorgperson to OVD --> OVD --> change request's objectclass to custom objectclass --> Create user in OID with custom objectclass
~Yagnesh
Similar Messages
-
Add object Classes before creating user??
Hi,
I have a requirement where in I need to add object classes to the user while provisioning to Sun Directory Server. How exactly should I be implementing my process task for the same. Should I add the object class after the Create task is finished or before the Create User task gets triggered?
Thanks,
SupreethaAre you talking about adding custom object classes for the users? This would be a schema change and should be done prior to adding users since that would fail without having the correct schema in place. To add new object classes you need to either manually create the from the DSEE admin page or import the object definitions and attributes from a ldif file. Once that is all done, you can then configure the provisioning workflow and add the object classes during user creation so the system knows what object classes to associate with each user entry.
-
How can i add an custom attribute and assign it to an existing custom object class in sun ds
I need to add an attribute to sun ds schema and assign it to an existing custom object class.
I know how to add an attribute but how can i add the attribute to an existing custom object class.
Please help.
ThanksThe objectclasses attribute is multi-valued, so you can add several values to it as long as they are unique.
For instance, I think you can add several declaration of the same objectclass as below (note the difference is the number of spaces in the value) howewer, from a schema perspective, only 1 will be taken into account:
objectclasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword $ CustomAttr) X-ORIGIN 'RFC 2256' )
objectclasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword $ CustomAttr) X-ORIGIN 'RFC 2256 ' )
That's the reason why it is safe to delete previous value if you want to update an existing objectclass. No problem to add a new objectclass (new oid and new name) to the schema.
-Sylvain -
TO split from one customer return delivery based on storage type
Hello,
How TO can be split from one customer return delivery based on storage type?
For example,
If I have 3 storage type, ST1, ST2, ST3 then and how can I divide the items in to three different TOs of respective storage types from one customer return delivery? Can I use u201Ccontrol for performance data configuration? If yes then provide detail steps.
Thanks,
MilindHello,
Any thoughts/ideas?
Thanks
Milind -
Adding a Custom Object Class When You Create an LDAP Object
Hi all,
under which path i can configure below material ?
http://docs.sun.com/app/docs/doc/819-4438/gatkz?l=en&a=view
Cheer
ubdHi Shane,
I cannot search any
ou=basicuser,
do u know the DN when DA use to create default user ?
we create customize bulk add using perl script, the object class for our custormize bulk add are
top, iplanet-am-managed-person, iplanet-am-user-service, organizationalperson, inetadmin, sunimuser, person, inetOrgPerson, sunamauthaccountlockout, inetuser, inetlocalmailrecipient, sunpresenceuser, iplanetpreferences, ipuser, inetsubscriber, inetmailuser, UBDStaff, userpresenceprofile, sunucpreferences, icscalendarusercode}
these are the object class create by DA by default userpresenceprofile, sunucpreferences, iplanet-am-user-service, icscalendaruser, top, iplanet-am-managed-person, organizationalperson, inetadmin, sunimuser, person, sunamauthaccountlockout, inetuser, inetlocalmailrecipient, sunpresenceuser, iplanetpreferences, ipuser, inetorgperson, inetsubscriber, inetmailuserI need to customize the DA default user management so i can use the web console to add new user.
Cheer
ubd -
Folks,
I`ve been researching the LDAP sync option in OIM 11g and I have some questions.
1. Is it true that once enabled, the user does not exist in OIM DB but only in LDAP?
2. Can we define rules such that only a certain set of users are in LDAP and some are only in OIM?
3. Can we define rules for Roles that only certain roles in OIM exist in LDAP but not all? I`d like to keep the business roles only in OIM.
4. I currently have 3 connectors for AD, eDir and OID with OIM 10g and I am researching the option to remove these connectors and use the LDAP sync with OVD. Can this be achieved? What would be the challenges if I were to replace the connectors with LDAP sync?
Regards,
AZWell for the connectors in 10g I plan to export them and then import in 11g. The versions are certified.
For LDAP sync with multiple directories, I've heard of using OVD. So the Directory Server IT Resource would point to OVD and multiple containers in OVD would be mapped to each of the individual directories. OVD adapters would define connection to these directories.
I have to see if this is feasible keeping in mind the workflows that have been customized in 10g, I don't think every workflow customization can be done in LDAP sync as well. Plus we would lose track of which attributes are provisioned to which LDAP. This is a user-ldap entry mapping, there would be no accounts in resource profile. -
LDAP BC QUESTION ABOUT OBJECT CLASSES
Hi
i am working with a bpel and its ldap-bc, when i create an entry in my ldap through the bpel it has all the object classes from the attributes i set. for example if i set cn and sn attributes then my entry has the object class person; i want to know if there is any way of setting object classes to my entry on the ldap, even if i am not setting any attributes; for example if i only set the cn and sn attributes using the bpel, i still can tell the entry that it can has another objectclass like iplanet-am-user-service with out setting any of its attributes.
thanks for your helpActually, I'm not getting duplicate objects, but I like to get rid of
doubles in one particular column.
For example if I had a table as follows:
Table DESC
int pkid
String description
description can contain duplicate entries, I want to query as follows:
select distinct description from DESC
How could I write a query which retrieves all tuples in a table, but removes
duplicate from a specific column?
Thanks.
Andreas.
Abe White wrote:
How does the engine use DISTINCT automatically?It detects whether joins are made such that duplicate rows might be
returned from the JDOQL filter, and if so adds a DISTINCT.
What I basically want to do is to remove any doubles I get from the
query. When I turn logging on to see the sql statement, I only get a
SELECT without the DISTINCT keyword.You shouldn't be getting doubles. If you are, could you please post the
offending JDOQL filter and give some description of the schema and/or
object model? There is a bug in Kodo in which some queries involving OR
clauses and joins are not made DISTINCT when they should be, but it has
been resolved for our upcoming 2.5 release.
Is there also a way I can specify GROUP BY?No, JDOQL does not have an equivalent to GROUP BY. -
Custom object class attributes are not provisioning in oID thru OIM
Hi,
I have connected OIM with oID user provisioning is also taking place. I have made one custom structure class with some attributes in OID.
In form designer,in OID usr form i have made feild UD_OID_USR_Custom
In OId .config lookup i have mentioned that custom class as well as attributes of class[in code Custom in decode name of attribute at target]
In process form recon mapping of OID i mapped this feild name .
Also in resource object recon mapping also i mentioned this attribute.
But while creating user till process form value of attribute is populating and not provisiong that attribute in OID.
Please tell me where i went wrong or exact steps of mapping in form designer,Process definition,Lookup.OID.configuration,Resource objects.
Thanksprocess form recon mapping of OID i mapped this feild nameHave you made attribute entry in Provisioning Lookup AttrName.Prov.Map.OID ?
Have you followed each step :
http://download.oracle.com/docs/cd/E11223_01/doc.904/e10436/extnd_func.htm#CACICHDH -
11g iBots(Agents) calling custom java class?
We upgraded from 10g to 11g and we have iBots that call a custom java class in the form of a jar file.
This all worked fine in 10g.
I followed all configuration steps in the documentation, but we are unable to get our iBots(Agents) to work in 11g.
Keep getting "Can't find Class" errors.
Has anyone successfully created agents that call custom java classes with 11g, if so, can you please share your steps for doing this?Hi glova,
The document refers to the RPD and catalog migration....what ever customization used in 10g wont effect in 11g i suppose most of the things.
i would suggest you to copy the java class of ibots and do the copy paste or manually do it in 11g and see if it works ...this is the only alternative.
hope helps you.
Cheers,
KK -
Custom object classes and access rights
Hi,
I have added a few object classes to the NDS schema; objects
belonging to one of them should be able to authenticate against the
directory and retrieve some attributes. I managed the login part having
the class inherit from ndsLoginAttributes, but if I login as the object
itself, I can't retrieve any attributes. I can browse the entry (it's a
container), but all I get are DNs and objectclass attributes. Is there a
way to grant the object the right to retrieve its own attributes, or
some of them, through the Java LDAP interface?
Thanks,
Juan
jheguia
jheguia's Profile: http://forums.novell.com/member.php?userid=84575
View this thread: http://forums.novell.com/showthread.php?t=415769Hello,
I found a solution which is *almost* the right one. Basically I
deleted the class and created it again with a default ACL:
X-NDS_ACL_TEMPLATES ( '2# subtree#[Self]#[All Attributes Rights]' )
This allows the object to do as it pleases with its own attributes. I'd
prefer it to be only able to read them, but I haven't found a syntax for
ACLs. Is there anything I can read to see how to fine tune the access
rights templates?
Thanks,
Juan
jheguia
jheguia's Profile: http://forums.novell.com/member.php?userid=84575
View this thread: http://forums.novell.com/showthread.php?t=415769 -
OIM 11g - ldap sync - Post Process event handler 'CREATE' faillling
Hi Gurus,
We have ldap sync set up between OIM 11.1.1.5 and ODSEE 11g,
Post process event handler on user creation with is setting a attribute with random 16 digit character, This event handler is getting triggered and setting the attribute in OIM but in logs i can see "Modification failed because user 45118 is not synchronized to the LDAP directory." error and it is not updated in ODSEE.
This behaviour is only for trusted recon not for the User created through UI.
Not sure what exactly is happening..
Is it expected behavior??
Gurus help me out on this.IF it fail because event handler unable to produce random number then verify below
is eventhandler code being executed in trusted recon verify in log.
There are two method execute and bulk execute in eventhandler. execute is being called from UI and bulk execute is being called for trusted recon.
either put code in bulk execute or update batch recon size something like that system property to 1. so, it will function as UI. Default value of batch is 500
--nayan -
OIM 11g LDAP sync from different LDAP containers
Hi,
I have been setting up OIM 11g R2 (11.1.2) to use LDAP Sync to OID.
As of now the sync works (both ways) for this container:
cn=users,cn=oracleAccounts,dc=mycompany,dc=com (configured while doing the OIM config)
Would it be possible to sync users in other containers as well? For example:
cn=users,cn=otherAccounts,dc=mycompany,dc=com
cn=users,cn=moreAccounts,dc=Otherstuff,dc=com
By editing the file LDAPContainerRules.xml I can setup where the users are created when I create them through IDM.
But that will not make the sync work for those containers.
Any ideas where I should start to accomplish the above?
Thanks & Regards,
HenrikOkay, I think I have found an answer to how to sync users from different OU:s in my OID to different OIM organizations.
Hopefully this will help others.
We can use a PostProcess Event handler like this:
1. Implement the method --> public BulkEventResult execute()
This is used during recon actions.
2. Get the user hashmap with attributes and set the "act_key" value with the OIM organizations ID.
You also needs to build the logic to fetch the users "LDAP DN", which is also fetched from the map.
From that attribute we can decide which Organization to put the user in.
This is the best solution we have found yet..
Docs & tips:
http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#CCHFBGAA
http://fusionsecurity.blogspot.se/2011/09/oim-11g-event-handler-example.html (thank you Daniel Gralewski)
Regards,
Henrik -
Need F4 Help for custom container element based on partner type
Hi Friends
I am displaying customer details in custom container .In that custom container I have a field Partner number,Partner type etc etc..
I included F4 help for partner number field, In that I referenced the following field.Now its coming perfectly.
wa_cat1-f4availabl = 'X'.
wa_cat1-ref_table = 'KNA1'.
wa_cat1-ref_field = 'KUNNR'.
But as per my requirement, customer wants to get the different F4 help when the partner type eq "Contact Person".
Rest of the partner type(Ship to party, Sold to party,Reseller, End user) should show the above one.
So I dont know, where I have to change, because in the field catelod level there is no option to control particular type in the column.
Kindly help me on this.
Thanks
GowrishankarHi Jose
Thanks for your Input.I created Event Receiver than Defined and implemented a method to get F4 help for customer number and email id field.Already F4 help is available for Email ID.Now I want to Include the F4 help for partner number field, it will call the search help based on partner type.I can able to get the partner number field search help, but F4 help is not working for email id.
I am not sure some whee its over writing some values or I am not sure.If I comment partner number F4 help class, I can able to get the F4 help for email address.
Plz guide to me to fix the same.
Thanks
Gowrishankar -
Change selected option in ComboBox as the user types
Is there a way to make the selected item in a ComboBox change
as the user types? Something like an autocomplete. The default
functionality seems to be that it will move to the next option in
the list that starts with the letter you type...but I'd like to be
able to type something like a last name and have it select that
option.There is an autocomplete component on Flex Exchange. I don't
have the url handy but google will find it.
Tracy -
Adding custom object class on Delegated Administrator (CommSuite 7)
Hi Guys,
As described in the subject i need to customize my DA.
I checked Documentation but as far as i can see it's possible to do it just for installations including AM (Access Manager isn't installed in our enviroment and we have not ou=services entry in our Directory).
Any ideas?
Thank's in advance!caius1 wrote:
I checked Documentation but as far as i can see it's possible to do it just for installations including AM (Access Manager isn't installed in our enviroment and we have not ou=services entry in our Directory).
Any ideas?Try the following:
1. Edit the <da_deploy_base>/WEB-INF/classes/sun/comm/cli/server/servlet/serverconfig.properties file
2. After the "usercreate-11=attribute!!inetuserstatus!!active" line add the following ... substituting <you objectclass> as appropriate.
usercreate-12=objectclass!!<your objectclass>3. Redeploy Delegated Administrator e.g.
./config-appsvr8x-da deploy
./config-appsvr8x-commcli deployRegards,
Shane.
Maybe you are looking for
-
Hi Gurus, Can any one tell me is it neccessary to close the posting period every month. Can i have th posting period for my client open for one full year. which means open and close the posting period only once a year, rather than opening and closing
-
Can I update directly from iPhoto 8.1.2 to 9.3.2 without problems?
I'm not sure whether to update from my iPhoto 8.1.2 straight to the update of iPhoto 9.3.2 or should I go update to update? The updates I found after my 8.1.2 are 9.1, 9.1.1 9.1.3 9.1.5 9.2.1 9.2.2 9.2.3 9.3 9.3.1 9.3.2
-
Regarding alv creation in wd abap
Hi All, I am a beginner in wd abap and i have to create an ALV application.If any one knows about it then please describe it in detail i.e. step by step by the help of any alv application. Thanking you all in advance.
-
How to make photoshop work concurrently with Lightroom?
Usually I start adjusting in lightroom and then do hard edits in photoshop. When I work with Tiff files in Lightroom its great because I dont have to save my changes as I work on a batch of photos. When I open one of my tiffs from lightroom into ph
-
Photobooth makes constant beeping or "crickets" via video mode
running on mac os x 10.6.8 on a later 2008 13inch macbook The Beeping only occurs when the webcam and mic are on together. Also in iMovie HD. If I make an audio file the beeping is gone. I've tried to research this issue and I found plenty of results