11g R2 Update user after Target Recon

Similar Messages

• OIM 11g DBAT connector - user update not working after target recon

  Hi,
  I have configured a resource (XSVR3) with the DBAT 9.1.0.5.0 connector to do provisioning and target recon to and from the same custom database table, following the example found on the connector guide. Now what happens is the following:
  - if I first provision the resource to the user everything works fine
  - if a resource is first assigned to a user as a result of a target recon, the connector then fails at propagating to the table any changes I make in the process form, returning the following error:
  <8-gen-2013 16.44.16 CET> <Error> <OIMCP.DATC> <BEA-000000> <Class/Method: DBFacade/updateParentRecord encounter some problems: Empty parent row cannot be updated. Please ensure to run reconciliation task to bring the systems in sync.>
  <8-gen-2013 16.44.16 CET> <Error> <OIMCP.DATC> <BEA-000000> <Class/Method: DBProvisioningTransportProvider/sendData encounter some problems: DB_UPDATE_EMPTY_RECORD_ERROR
  com.thortech.xl.gc.exception.DBException: DB_UPDATE_EMPTY_RECORD_ERROR
  at com.thortech.xl.gc.impl.common.DBFacade.updateParentRecord(Unknown Source)
  at com.thortech.xl.gc.impl.prov.DBProvisioningTransportProvider.sendData(Unknown Source)
  It looks like the connector is unable to find the record that needs to be updated. I've looked into the process form table of the resource on the DB (called UD_XSVR3), and I noticed that records resulting from target reconciliation have a null in the UD_XSVR3_ID column, while records resulting from a direct provisioning have the username in the same column. Updating manually the column in the first kind of records fixes the issue, but I need to know if/what have I missed in the connector configuration.
  thanks in advance
  Alex
  Edited by: Prorad on Jan 9, 2013 3:02 AM

  Hi, Prorad,
  We are having same issue. What's the resolution for the issue? Any hints will be great.
  Thanks,
  Vincent

• OIM 10g: Best practice for updating OIM user status from target recon?

  We have a requirement, where we need to trigger one or more updates to the OIM user record (including status) based on values pulled in from a target resource recon from an LDAP. For example, if an LDAP attribute "disable-flag=123456" then we want to disable the OIM user. Other LDAP attributes may trigger other OIM user attribute changes.
  I think I need to write a custom adapter to handle "recon insert received" and "recon update received" events from the target recon, but wanted to check with the community to see if this was the right approach. Would post-insert/post-update event handlers be a better choice?

  Thanks Nishith. That's along the lines of what I was thinking. The only issue in my case is that I might need to update additional custom attributes on the OIM User in addition to enable/disable. Because of that requirement, my thought was to call the API directly from my task adapter to do the attribute updates in addition to the enable/disable. Does this seem like a sound approach?

• Approval after Flatfile Target Recon

  Hi All,
  I have a requirement wherein I need to fetch a few columns via Flatfile target recon. These columns could be User ID, Employee Group and Lastlogin date. My requirement is to disable the IDs which have been inactive for more than 30 days. I need to do this using flatfile recon. Till now, I have managed to configure the recon. I have also written a code which fetches the process data (Target Recon) and returns a flag for dormant ids. The problem is with the approval process. I need to send these ids for approval before they are disabled in OIM. As per my understanding, approval process does not work for Target Recon. The recon simply fetches the data and updates it in OIM without considering the approval process for the same Recon Resource Object. Is there any way by which the approval process can be triggered after the Target Recon has run?
  Please suggest other ways of disabling such dormant ids with approval too.

  use tcProvisioningOperationsIntf API.
  public void addProcessTaskInstance(long plTaskKey,long plOrcKey)
  plTaskKey - The key of the process task defined in process definition(nothing but MIL_KEY)
  plOrcKey - The key of the process order instance
  Use belo query to get MIL_KEY/plTaskKey before executing above method
  String sqlquery="select mil.mil_key from mil,pkg,tos,obj " +
  "where mil.mil_name = '<TASK_NAME>' " +
  "and obj.obj_name='<RO NAME>' " +
  "and obj.obj_key = pkg.obj_key " +
  "and tos.pkg_key = pkg.pkg_key " +
  "and mil.tos_key = tos.tos_key" ;
  use below for db connection in oim 11g
  Connection con=Platform.getOperationalDS().getConnection();
  Statement st=con.prepareStatement(query);
  ResultSet rs=st.executeQuery();
  while(rs.next())
  ong milkey=rs.getLong("mil_key");
  similarly you can get the ORC_KEY and call this method for running process task using code. Make sure 'manual insert' and 'Allow Multiple' property is enabled for this task. if not do it using design console.

• AD User Target Recon - added whenCreated attribute but no data saved in OIM

  Hello.
  I added the whenCreated attribute from the AD account to the AD User form (I used Variant = Date and Field Type=DateFieldDlg, patterned after the UD_ADUSER_DATE field that came OOTB). However when I run the recon, the value for whenCreated is not saved in the form. However the Recon Event shows the data being fetched...
  Thoughts anybody?
  I believe whenCreated in AD is a timestamp in the Generalized Time syntax, but accountExpires is not, that may be one problem.

  user8663548 wrote:
  Thx Rajiv. The tool is a little shaking when it comes to saving more than one column at a time...Anyway, I'm getting close to being done with adding new fields for AD User Target Recon. What's the best way to export this new version of the AD User form to another OIM environment, so that I don't have to redo the work of updating: Form, Object Resource, Process Definition, Lookup Definition? Any lessons learned I should know to make that process as painless as possible?When you export the form along with the resource object or even without the resouce object, it always takes the export of the active version (can be latest or not latest) ... the way I follow is to take export of Resource Object and then continue selecting all the dependecies i.e. form, process and adapters etc.
  Edited by: user8663548 on Jan 27, 2012 2:36 PM
  Btw, if I click Save in Form Designer, and I wait until it looks like the tool is done (mouse pointer is no longer a rotating circle), then I click Close form, I get a message stating "Are you sure that you want to close without saving your work?". Has anybody experienced this, and lost work as a result, even after clicking Save a couple more times for good measure? I sure hope the Form Designer is more robust and user-friendly in 11g!Well 11G too has this issue, the message is kind of fake and can be ignored. I just make sure by reopening the object to see if the changes are persisted.
  -Bikash

• Issue with Active Directory User Target Recon

  Hi ,
  I am facing an issue with Active Directory User Target Recon
  My environment is OIM 11g R2 with BP03 patch applied
  AD Connector is activedirectory-11.1.1.5 with bundle patch 14190610 applied
  In my Target there are around 28000 users out of which 14000 have AD account (includes Provisioned,Revoked,Disabled accounts)
  When i am running Active Directory User Target Recon i am not putting any filter cleared the batch start and batch size parameters and ran the recon job .Job ran successfully but it stopped after processing around 3000 users only.
  Retried the job two three times but every time it is stopping after processing some users but not processing all the users.
  Checked the log file oimdiagnostic logs and Connector server logs cannot see any errors in it.
  Checked the user profile of users processed can see AD account provisioned for users
  My query is why this job is not processing allthe users.Please point if i am missing some thing .
  thanks in advance

  Check the connector server load when you are running the recon. Last time I checked the connector, the way it was written is that it loads all the users from AD into the connector server memory and then sends them to OIM. So if the number was huge, then the connector server errored out and did not send data to OIM. We then did recon based on OUs to load/link all the users into OIM. Check the connector server system logs and check for memory usage etc.
  -Bikash

• How to control user updates during trusted/target reconciliation

  Hi All,
  I am new bie to OIM.
  Currently working on OIM 11g R2.
  1. I have user type called 'blind' which is updated by OIM admin.
  2. when I do a trusted/taget recon, I should not update user whose oim user type is 'blind'.
  Note: User type 'blind' is updated by OIM admin. There is no user type called 'blind' in target system while doing trusted system all users will be in status 'alive' or 'dead'.
  Kindly suggest how we can add OIM filter to prevent 'blind' user accounts from being overwritten by trusted reconciliation.
  Appreciate your response

  Hi GP,
  Thank you for the response. Please excuse me for using the terms Live,Dead,Blind.
  But we are not receiving the user Type "blind" from the reconciliation data. We receive only the two states either "live" (active) or dead (disable). Blind is the User status which we set as OIM user type manually and we do not want this blind type user get updated by the reconciliation engine. More over this reconciliation is a GTC reconciliation from CSV feed.
  Please correct me if the recon is of type target reconciliation can I write a Pre-Process Event Handler which will
  a) Get the list of users in OIM whose type if blind
  b) compare the data with the recon data available through event handler, then skip the change.
  Is this possible.
  Regards
  Srinivas

• Help needed in OIM 11g with respect to Target Recon

  Hi Experts,
  I have OIM 11.1.1.5.0 installed with AD Connector configured. We have 3 AD instances, so we have cloned the full AD Connector to "A_AD_RO User", "B_AD_RO User" and "C_AD_RO User" resourced with separate-separate Process defn, scheduled task, lookups and IT resource
  When I am doing target recon based on "emailID" as key from respective ID, the reconciliation events gets generated and I can see the event in Recon Manager with "No Match Found", even though the user with valid email id is present in the OIM.
  Once I do re-evaluate of reconciled user, the user target gets linked with the correct user.
  Problem: Everytime, I need to go to Recon Manager, and manually click on "Reevaluate Event", then only the target AD is getting linked to user.
  How to set it automatically?
  Has anyone faced this kind of issue?
  Any suggestion which I can apply to skip "Reevaluate Event" manually to link user with target.
  Regards,
  J
  Edited by: J_IDM on Mar 19, 2012 6:35 AM

  A few things to check.
  On the resource object, reconciliation tab. Check the recon action rules. The Entity Match is the one that matches a user to the target data if the user does not have an instance on their profile.
  Check your reconciliation rules. Make sure that you have a rule for each resource, and that it is in an active state. Also make sure the rule is a valid matching rule.
  For each resource workflow, there are configuration lookups. You must be VERY careful when cloning a resource to go through every lookup that is duplicated and make sure the values are all for the new resources.
  It sounds like you used the same adapters for every instance. This will cause a problem because there are hard coded form values in the adapter, so you will need to change those to have an input so you can specify the value for each instance. Otherwise, every provisioning task will look for the objectguid from the original workflow.
  There are lots of updates you must perform to make sure they work correctly during a clone.
  Once you have done all these, try and run your recons again, and make sure you wait till the recon completes so it processes the events in the correct bulk amounts.
  -Kevin

• OIM 11g target recon not performing full recon for OID resource

  Hi
  I noticed that full target recon is not being performed on OID because every time I run the recon only few same records that were recently updated gets reconciled but not all. I tried updating the timestamp attribute to 0 and also tried removing that attribute from recon parameters in OIM.
  I also tried creating new Reconcilliation Profile but no luck.
  My oim version is 11.1.1.5 and OID is also 11g. Please help.

  Hi
  I just saw the diagnostic log:
  oracle.iam.reconciliation.exception.InvalidDataFormatException: Invalid data - 20120726000000z against Date format yyyy/MM/dd HH:mm:ss z for key Start Date
       at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.convertReconFieldsToOIMFields(ReconOperationsServiceImpl.java:1437)
       at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:361)
       at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:346)
       at Thor.API.Operations.tcReconciliationOperationsIntfEJB.ignoreEventx(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
       at java.lang.reflect.Method.invoke(Method.java:611)
       at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
       at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
       at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy773.ignoreEventx(Unknown Source)
       at Thor.API.Operations.tcReconciliationOperationsIntfEJB_troehf_tcReconciliationOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
       at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
       at Thor.API.Operations.tcReconciliationOperationsIntfEJB_troehf_tcReconciliationOperationsIntfRemoteImpl.ignoreEventx(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
       at java.lang.reflect.Method.invoke(Method.java:611)
       at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
       at $Proxy168.ignoreEventx(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
       at java.lang.reflect.Method.invoke(Method.java:611)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
       at $Proxy770.ignoreEventx(Unknown Source)
       at Thor.API.Operations.tcReconciliationOperationsIntfDelegate.ignoreEvent(Unknown Source)
       at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation.reconcileUser(Unknown Source)
       at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation.processRecord(Unknown Source)
       at com.thortech.xl.integration.OID.util.tcUtilLDAPOperations.pagingReconSearch(Unknown Source)
       at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation.doReconSearch(Unknown Source)
       at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation.processChange(Unknown Source)
       at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation.execute(Unknown Source)
       at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:384)
       at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:145)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
       at java.lang.reflect.Method.invoke(Method.java:611)
       at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
       at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
       at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
  Caused by: java.text.ParseException: Unparseable date: "20120726000000z"
       at java.text.DateFormat.parse(DateFormat.java:348)
       at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.convertReconFieldsToOIMFields(ReconOperationsServiceImpl.java:1433)
       ... 56 more

• Error while "OID USER TARGET RECON"....

  hi,
  Iam new to OIM and i would really appreciate your help.
  Everytime i run the OID USER TARGET RECON i keep getting this annoying error which actually prints in the log but it doesnt stop the process (i beleive). The updated data in the OID is reflecting the process form but for some reason this error is coming. please help!
  DEBUG QuartzWorkerThread-3 XELLERATE.APIS - Class/Method: tcLookupOperationsBean
  */getLookupValuesFilteredData entered.*
  DEBUG QuartzWorkerThread-3 XELLERATE.APIS - Class/Method: tcLookupOperationsBean
  */getLookupValuesFilteredData left.*
  INFO QuartzWorkerThread-3 XELLERATE.JAVACLIENT - System Event Handler: Validatin
  g the name of the Organization
  ERROR QuartzWorkerThread-3 XELLERATE.DATABASE - Class/Method: tcDataBase/writeSt
  atement encounter some problems: ORA-02291: integrity constraint (OIMUSER.FK_ACT
  _ACT) violated - parent key not found*
  java.sql.SQLIntegrityConstraintViolationException: ORA-02291: integrity constrai
  nt (OIMUSER.FK_ACT_ACT) violated - parent key not found
  at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.ja
  va:85)
  at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:1
  *33)*
  at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java
  *:206)*
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:455)
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:413)
  at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:1034)
  at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.
  Thanks,
  Thilak

  hi,
  Thanks for your timely reply,
  The users are created in OIM and it is already provisioned to OID(*User is in both OIM and OID*), but we update the fields in OID through a script and try to bring the updated values to OIM process form by target recon. When i run the recon i get this error in the log but the values are getting updated successfully.
  Thanks
  Thilak

• AD User Target Recon

  What exactly does AD User Target Recon do? Since it is not trusted recon, I am sort of expecting changes made to AD to be reverted back to whatever OIM says they should be. So if an admin changes a user's givenName in AD, e.g. Ron to Ron2, then the AD User Target Recon will revert the change back to Ron. Does it make these attributes changes? What else does it do? The documentation is short and doesn't offer a good explanation.
  Thanks

  AD User Target Recon It reconciles the information back to the OIM. i.e When you change the name from RON to RON2 then it will update the OIM and make the name RON2. You need to decised during the implementation itself if you want only provisioning to happen from OIM to AD or you want also Reconcilliation to happen from AD to OIM aswell. To keep the information synchronous when there is updates from both ends then it is recommended to go for both provisioning and reconsiliation process.

• Messages (Jabber) Refuses to Authenticate AD Users after 10.9.2/Server 3.0.3 update

  Once again, an update appears to have broken Messages/Jabber's ability to authenticate AD users after the 10.9.2/Server 3.0.3 update even though it was working well before. Hoping someone here has some ideas for how to help!
  I can log in just fine as a local user (e.g. [email protected]), but no luck with AD users (e.g. [email protected]). As always, it fails with no intelligible error message whatsoever:
  Mar  1 09:46:00 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58658] connect
  Mar  1 09:46:01 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58658] disconnect jid=unbound, packets: 0
  Mar  1 09:48:00 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58667] connect
  Mar  1 09:48:01 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58667] disconnect jid=unbound, packets: 0
  I reset the jabber server configuration as described here to no avail: https://discussions.apple.com/thread/5354428
  The DNS configuration looks good:
  changeip -checkhostname
  Primary address     = 10.0.17.15
  Current HostName    = comet.ADdomain.private
  DNS HostName        = comet.ADdomain.private
  The names match. There is nothing to change.
  dirserv:success = "success"
  The Jabber status from jabber:
  serveradmin fullstatus jabber
  jabber:state = "RUNNING"
  jabber:roomsState = "RUNNING"
  jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
  jabber:logPaths:MUC_STD_LOG = "/var/log/system.log"
  jabber:logPaths:JABBER_LOG = "/var/log/system.log"
  jabber:proxyState = "RUNNING"
  jabber:currentConnections = "0"
  jabber:currentConnectionsPort1 = "0"
  jabber:currentConnectionsPort2 = "0"
  jabber:pluginVersion = "10.8.211"
  jabber:servicePortsAreRestricted = "NO"
  jabber:servicePortsRestrictionInfo = _empty_array
  jabber:hostsCommaDelimitedString = "comet.ADdomain.private"
  jabber:hosts:_array_index:0 = "comet.ADdomain.private"
  jabber:setStateVersion = 1
  jabber:startedTime = "2014-03-01 17:39:06 +0000"
  jabber:readWriteSettingsVersion = 1
  Full jabber server startup log:
  Mar  1 09:52:19 comet.ADdomain.private servermgrd[180]: servermgr_jabber[N]: waiting for jabberd to finish startup...
  Mar  1 09:52:19 comet.ADdomain.private jabberd/router[1785]: starting up
  Mar  1 09:52:19 comet.ADdomain.private jabberd/router[1785]: loaded user table (1 users)
  Mar  1 09:52:19 comet.ADdomain.private jabberd/router[1785]: couldn't open filter file /etc/jabberd/router-filter.xml: No such file or directory
  Mar  1 09:52:19 comet.ADdomain.private servermgrd[180]: servermgr_jabber[N]: jabberd service startup completed.
  Mar  1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: starting up
  Mar  1 09:52:19 comet.ADdomain.private jabberd/s2s[1787]: starting up (interval=60, queue=60, keepalive=0, idle=86400)
  Mar  1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: starting up
  Mar  1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: modules search path: /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd/modules
  Mar  1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: initialized auth module 'apple_od'
  Mar  1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: initialised storage driver 'sqlite'
  Mar  1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: modules search path: /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd/modules
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'sess-end' (order 0 index 0 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'validate' added to chain 'in-sess' (order 0 index 1 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'in-sess' (order 1 index 2 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'in-sess' (order 2 index 3 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=5347] listening for incoming connections
  Mar  1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [comet.ADdomain.private] configured; realm=comet.ADdomain.private, registration disabled, using PEM:/etc/certificates/mail.ADdomainbio.com.E41BBC081993E348B26181D9CB334A28137A8D8D.concat.pem
  Mar  1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: attempting connection to router at 127.0.0.1, port=5347
  Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49353] connect
  Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49353] authenticated as jabberd
  Mar  1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: connection to router established
  Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [c2s] online (bound to 127.0.0.1, port 49353)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [::, port=5222] listening for connections
  Mar  1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [::, port=5223] listening for SSL connections
  Mar  1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: ready for connections
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'in-sess' (order 3 index 4 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: attempting connection to router at 127.0.0.1, port=5347
  Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49354] connect
  Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49354] authenticated as jabberd
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'in-sess' (order 4 index 5 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: connection to router established
  Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [s2s] set as default route
  Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [s2s] online (bound to 127.0.0.1, port 49354)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: ready for connections
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-ping' added to chain 'in-sess' (order 5 index 6 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-private' added to chain 'in-sess' (order 6 index 7 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private Rooms[1792]: Starting up...
  Mar  1 09:52:20 comet.ADdomain.private Rooms[1792]: Loading persistent rooms from disk...
  Mar  1 09:52:20 comet.ADdomain.private Rooms[1792]: Finished loading rooms from disk
  Mar  1 09:52:20 comet.ADdomain.private Rooms[1792]: Connecting to XMPP server at 'comet.ADdomain.private' as 'rooms.comet.ADdomain.private'...
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'in-sess' (order 7 index 8 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'in-sess' (order 8 index 9 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'in-sess' (order 9 index 10 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'in-sess' (order 10 index 11 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'in-sess' (order 11 index 12 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'deliver' added to chain 'in-sess' (order 12 index 13 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'session' added to chain 'in-router' (order 0 index 14 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'validate' added to chain 'in-router' (order 1 index 1 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'in-router' (order 2 index 12 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'in-router' (order 3 index 2 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'out-router' (order 0 index 2 seq 2)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'pkt-sm' (order 0 index 0 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-ping' added to chain 'pkt-sm' (order 1 index 6 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-time' added to chain 'pkt-sm' (order 2 index 15 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-version' added to chain 'pkt-sm' (order 3 index 16 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'pkt-sm' (order 4 index 9 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'pkt-sm' (order 5 index 8 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'pkt-sm' (order 6 index 11 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'help' added to chain 'pkt-sm' (order 7 index 17 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'echo' added to chain 'pkt-sm' (order 8 index 18 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'pkt-sm' (order 9 index 12 seq 2)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'pkt-user' (order 0 index 3 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'pkt-user' (order 1 index 12 seq 3)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'pkt-user' (order 2 index 5 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'pkt-user' (order 3 index 9 seq 2)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'deliver' added to chain 'pkt-user' (order 4 index 13 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'pkt-user' (order 5 index 4 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'pkt-user' (order 6 index 10 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'pkt-user' (order 7 index 0 seq 2)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'session' added to chain 'pkt-router' (order 0 index 14 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'pkt-router' (order 1 index 8 seq 2)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-load' (order 0 index 19 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'autobuddy' added to chain 'user-load' (order 1 index 20 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'user-load' (order 2 index 3 seq 2)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster-publish' added to chain 'user-load' (order 3 index 21 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'user-load' (order 4 index 2 seq 3)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'user-load' (order 5 index 4 seq 2)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-create' (order 0 index 19 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'template-roster' added to chain 'user-create' (order 1 index 22 seq 0)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-delete' (order 0 index 19 seq 2)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'user-delete' (order 1 index 11 seq 2)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'user-delete' (order 2 index 10 seq 2)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'user-delete' (order 3 index 2 seq 4)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'user-delete' (order 4 index 3 seq 3)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'user-delete' (order 5 index 4 seq 3)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'user-delete' (order 6 index 0 seq 3)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-private' added to chain 'user-delete' (order 7 index 7 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'user-delete' (order 8 index 5 seq 2)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-version' added to chain 'disco-extend' (order 0 index 16 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'help' added to chain 'disco-extend' (order 1 index 17 seq 1)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: version: jabberd sm 2.2.17-409
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: [comet.ADdomain.private] configured
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: attempting connection to router at 127.0.0.1, port=5347
  Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49355] connect
  Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49355] authenticated as jabberd
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: connection to router established
  Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [sm] online (bound to 127.0.0.1, port 49355)
  Mar  1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: sm ready for sessions
  Mar  1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [comet.ADdomain.private] online (bound to 127.0.0.1, port 49355)
  Mar  1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49356] connect
  Mar  1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49356] authenticated as proxy65.comet.ADdomain.private
  Mar  1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [proxy65.comet.ADdomain.private] online (bound to 127.0.0.1, port 49356)
  Mar  1 09:52:23 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49357] connect
  Mar  1 09:52:24 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49357] authenticated as rooms.comet.ADdomain.private
  Mar  1 09:52:24 comet.ADdomain.private jabberd/router[1785]: [rooms.comet.ADdomain.private] online (bound to 127.0.0.1, port 49357)
  Mar  1 09:52:24 comet.ADdomain.private Rooms[1792]: Successfully connected to XMPP server, ready for activity
  I am not sure if it's attempting to authenticate to AD or not, and if so, why it might be failing. Any suggestions would be greatly appreciated!

  uscadvit wrote:
  Here is the output without the name of our AD:
  Advanced Options - User Experience
    Create mobile account at login = Disabled
       Require confirmation        = Enabled
    Force home to startup disk     = Enabled
       Mount home as sharepoint    = Enabled
    Use Windows UNC path for home  = Enabled
       Network protocol to be used = smb
    Default user Shell             = /bin/bash
  Advanced Options - Mappings
    Mapping UID to attribute       = not set
    Mapping user GID to attribute  = not set
    Mapping group GID to attribute = not set
    Generate Kerberos authority    = Enabled
  Advanced Options - Administrative
    Preferred Domain controller    = not set
    Allowed admin groups           = not set
    Authentication from any domain = Enabled
    Packet signing                 = allow
    Packet encryption              = allow
    Password change interval       = 14
    Restrict Dynamic DNS updates   = not set
    Namespace mode                 = domain
  That looks correct. Lets collect a few more config items.
  Copy / paste the output of this command when run against c2s.xml:
  sudo grep '<id require-starttls="true" pemfile="' /Library/Server/Messages/Config/jabberd/c2s.xml
  Ours looks like this:
  <id require-starttls="true" pemfile="/etc/certificates/chat.example.com.1234567890.concat.pem" private-key-password="12345678-1234-1234-12345678" cachain="/etc/certificates/chat.example.com.1234567890.chain.pem" realm="example.com">example.com</id>
  Copy / paste the output of this command when run against sm.xml. To give us context, it will display the 6 lines above and below the text:
  sudo grep -C 6 'If not set, the SM id is used. -->' /Library/Server/Messages/Config/jabberd/sm.xml
  Ours looks like this:
  <!-- Local network configuration -->    <local>        <!-- Who we identify ourselves as.         Users will have this as the domain part of their JID.         If you want your server to be accessible from other         Jabber servers, this IDs must be FQDN resolvable by DNSes.         If not set, the SM id is used. -->        <id>example.com</id>        <!--    <id>vhost1.localdomain</id>    <id>vhost2.localdomain</id>    -->    </local>
  Copy / paste the output of this command:
  sudo serveradmin settings jabber
  Ours looks like this:
  jabber:dataLocation = "/Library/Server/Messages"jabber:s2sRestrictDomains = nojabber:jabberdDatabasePath = "/Library/Server/Messages/Data/sqlite/jabberd2.db"jabber:sslCAFile = "/etc/certificates/chat.example.com.1234567890.chain.pem"jabber:jabberdClientPortTLS = 5222jabber:sslKeyFile = "/etc/certificates/chat.example.com.1234567890.concat.pem"jabber:initialized = yesjabber:enableXMPP = nojabber:savedChatsArchiveInterval = 7jabber:authLevel = "STANDARD"jabber:hostsCommaDelimitedString = "example.com"jabber:jabberdClientPortSSL = 5223jabber:requireSecureS2S = nojabber:savedChatsLocation = "/Library/Server/Messages/Data/message_archives"jabber:enableSavedChats = nojabber:enableAutoBuddy = yesjabber:s2sAllowedDomains = _empty_arrayjabber:logLevel = "ALL"jabber:hosts:_array_index:0 = "example.com"jabber:eventLogArchiveInterval = 7jabber:jabberdS2SPort = 0
  Also, while you're troubleshooting, I found Adium's debug window to be invaluble for showing errors during logon (even if you plan to use Messages).
  You can open it in debug mode by holding option + click Adium.app, select "start in debug mode". Then in Adium menu > Debug window.

• Error while running AD User Target Recon

  Hi,
  We are getting the below error while running AD User Target Recon:
  [2012-09-04T10:07:32.262-04:00] [oim_server2] [NOTIFICATION] [] [oracle.iam.features.scheduler.agentry.operations] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 98fe4d9aa175090d:7101298f:13991840195:-8000-0000000000000235,0] [APP: oim#11.1.2.0.0] ADP ClassLoader failed to load: Script1[[
  java.lang.ClassNotFoundException: ADP ClassLoader failed to load: Script1
  at com.thortech.xl.dataobj.tcADPClassLoader.findClass(tcADPClassLoader.java:229)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
  at java.lang.Class.forName0(Native Method)
  at java.lang.Class.forName(Class.java:247)
  at oracle.iam.scheduler.vo.ClassLoaderObjectInputStream.resolveClass(ClassLoaderObjectInputStream.java:72)
  at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1574)
  at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1495)
  at java.io.ObjectInputStream.readClass(ObjectInputStream.java:1461)
  at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1311)
  at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
  at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
  at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
  at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
  at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
  at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
  at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
  at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
  at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
  at oracle.iam.scheduler.vo.JobHistory.getExceptionObject(JobHistory.java:78)
  at oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1282)
  at oracle.iam.features.scheduler.agentry.operations.LookupActor.refresh(LookupActor.java:3074)
  at oracle.iam.features.scheduler.agentry.operations.LookupActor.perform(LookupActor.java:2495)
  at oracle.iam.consoles.faces.mvc.canonic.Model.perform(Model.java:579)
  at oracle.iam.consoles.faces.mvc.admin.Model.perform(Model.java:326)
  at oracle.iam.consoles.faces.mvc.canonic.Controller.doPerform(Controller.java:257)
  at oracle.iam.consoles.faces.mvc.canonic.Controller.doSelectAction(Controller.java:179)
  at oracle.iam.consoles.faces.event.NavigationListener.processAction(NavigationListener.java:99)
  at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
  at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXComponentBase.java:675)
  at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:179)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
  at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
  at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
  at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475)
  at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:889)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:379)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:194)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
  at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
  at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:179)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
  at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
  at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  [2012-09-04T10:07:32.314-04:00] [oim_server2] [NOTIFICATION] [] [oracle.iam.features.scheduler.agentry.operations] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 98fe4d9aa175090d:7101298f:13991840195:-8000-0000000000000235,0] [APP: oim#11.1.2.0.0] [[
  java.lang.NullPointerException
  at java.io.ByteArrayInputStream.<init>(ByteArrayInputStream.java:89)
  at oracle.iam.scheduler.vo.JobHistory.getExceptionObject(JobHistory.java:76)
  at oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1282)
  at oracle.iam.features.scheduler.agentry.operations.LookupActor.refresh(LookupActor.java:3074)
  at oracle.iam.features.scheduler.agentry.operations.LookupActor.perform(LookupActor.java:2495)
  at oracle.iam.consoles.faces.mvc.canonic.Model.perform(Model.java:579)
  at oracle.iam.consoles.faces.mvc.admin.Model.perform(Model.java:326)
  at oracle.iam.consoles.faces.mvc.canonic.Controller.doPerform(Controller.java:257)
  at oracle.iam.consoles.faces.mvc.canonic.Controller.doSelectAction(Controller.java:179)
  at oracle.iam.consoles.faces.event.NavigationListener.processAction(NavigationListener.java:99)
  at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
  at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXComponentBase.java:675)
  at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:179)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
  at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
  at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
  at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475)
  at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:889)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:379)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:194)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
  at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
  at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:179)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
  at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
  at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  Have anyone faced this issue ?? Any idea how to resolve this ??
  Thanks,
  Hrushi

  920194 wrote:
  Hi Bikash,
  Thank you that helped a bit!! I see the same behaviour i.e., recon events are created when using displayName or givenName attribute and it does not work using "samAccountName". Were you able to find the solution for this ??The solution would have to be provided by Oracle as this looks like a bug, since the connector doc gives example of filter as samAccountName.
  Also, when we reconcile using displayName/givenName attribute, even though the recon event is created, the status if the scheduler is Failed with "oracle.iam.connectors.icfcommon.exceptions.OIMException: Thor.API.Exceptions.tcAPIException: Row index out of bounds" Any idea on this ??Full stacktrace??
  Thanks,
  Hrushi

• OIM 11g - User Not enabled After the job "enable user after start date"

  Hi,
  I have a future hired user in OIM whose start date is set in OIM. The status of the user in OIM is 'Disabled Until Start Date'.
  After the start date has passed and the scheduled job 'enable user after start date' is run, I see that the user is still in the status 'Disabled Until Start Date'. I re-run the scheduled job 'enable user after start date', this time manually, still the state of the user remains unchanged.
  Please help in troubleshooting as to find out the root cause of the issue and a workaround/solution, if possible.
  This issue is intermittent and has happened with quite a number of user. Any pointer would be helpful.
  Regards,
  Sudipto S.

  I agree with Nayan.
  One alternative approach can be to write your own custom scheduler which can overcome the limitation of OOTB scheduled job 'enable user after start date'. Let the OOTB job get executed first. After it, your custom scheduler should fire a simple SQL Query:
  SELECT USR_KEY, USR_STATUS FROM USR WHERE (USR_START_DATE > SYSDATE -1) AND USR_STATUS='Disabled Until Start Date';
  //Means those users who are supposed to get enabled today and are still not yet enabled and are in 'Disabled Until Start Date'. May be 2-3 user keys at max will come...
  As you said it happens only intermittently and not for all users... So, let the OOTB scheduled job take care of most of such users... And after it has finished, if any user still remains in 'Disabled Until Start Date', your custom scheduler should enable it via using tcUserOperationsIntf.enableUser(userKey);
  Using API is always better than database update... Because APIs trigger downstream provisioning workflows as well and not just updates OIM Database...
  Keeping your constraints in mind, I think it is the correct answer.

• After I updated user for i phone 4 s iCloud password is no way I can not phone and e-mail address has been blocked. I did not bring the solution to Turkey APPLE chief BILKOM is forgotten the password and e-mail address in the e-mail address asking for hel

  After I updated user for i phone 4 s iCloud password is no way I can not phone and e-mail address has been blocked. I did not bring the solution to Turkey APPLE chief BILKOM is forgotten the password and e-mail address in the e-mail address asking for help from you I will make the iphone does not open e-mail address associated with it @hotmail.com mail to this address icloud iphone phone's password is forgotten, I want to thank you in advance for your help tell a method of opening up again.
  <Email Edited by Host>

  Welcome to the Apple Community.
  I have asked for your email address to be edited out. Posting your address in an open thread is a sure way to be bombarded by unwanted email, remember it will be here long after you have resolved your problem, for automated detection software to find.
  If you want people to contact you, enable others to see your email address in your profile.
  This feature has been introduced to make stolen phones useless to those that have stolen them.
  However it can also arise when the user has changed their Apple ID details with Apple and not made the same changes to their iCloud account/Find My Phone on their device before upgrading to iOS 7.
  The only solution is to change your Apple ID back to its previous state with Apple at My Apple ID, verify the changes, enter the password as requested on your device and then turn off "find my phone".
  You should then change your Apple ID back to its current state, verify it once again, delete the iCloud account from your device and then log back in using your current Apple ID. Finally, turn "find my phone" back on once again.
  Apple Topluluk hoş geldiniz.
  Ben düzenlenebilir için e-posta adresi için istedi. Açık bir konu adres gönderme istenmeyen e-posta ile bombardıman bir emin yoludur, bulmak için otomatik algılama yazılımı için, size sorunu giderilmiştir sonra burada uzun olacak unutmayın.
  Eğer insanlar sizinle iletişim istiyorsanız, başkalarının profilinizde e-posta adresinizi görmelerini sağlar.
  Bu özellik onları çalıntı olduğunu bu işe yaramaz çalıntı telefonları için getirilmiştir.
  Ancak aynı zamanda kullanıcı Apple ile Apple ID ayrıntıları değişti ve iCloud hesabı için aynı değişiklik yapmamış ortaya çıkar / iOS 7 yükseltmeden önce cihaz üzerinde My Phone bul olabilir.
  Tek çözüm My Apple ID de Apple ile önceki durumuna geri Apple ID değiştirmek için, değişiklikleri doğrulamak cihazınızda talep olarak, şifreyi girin ve sonra kapatın "benim telefon bulmak".
  Daha sonra tekrar bugünkü durumuna Apple ID değiştirmek gerekir, bir kez daha doğrulamak cihazınızdan iCloud hesabı silmek ve daha sonra mevcut Apple kimliği kullanarak oturum açın. Son olarak, geri bir kez daha üzerinde "benim telefon bulmak" açın.