AD-OIM password synchronization connector error

Hi,
I have installed the AD password synchronization connector 9.1.1. to Windows 2003 SP2 server successfully. When I reset the users password I can see from the 20091217OIMMain.log file the following errors:
Debug [12/17/2009 2:08:31 PM] The SOAP start element is
Debug [12/17/2009 2:08:31 PM] <SPMLv2Document xmlns="http://xmlns.oracle.com/OIM/provisioning">
Debug [12/17/2009 2:08:31 PM] The SOAP end element is
Debug [12/17/2009 2:08:31 PM] </SPMLv2Document>
Debug [12/17/2009 2:08:31 PM] The path is
Debug [12/17/2009 2:08:31 PM] /spmlws/HttpSoap11
Debug [12/17/2009 2:08:31 PM] End of sgsloidi::setParameters
Debug [12/17/2009 2:08:31 PM] <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><faultcode xmlns="">env:Server</faultcode><faultstring
xmlns="">Internal Server Error</faultstring><faultactor xmlns=""></faultactor></env:Fault></env:Body></env:Envelope>
Debug [12/17/2009 2:08:31 PM] Inside sgsloidiOIMGeneralErrorHandler
Debug [12/17/2009 2:08:31 PM] Unable to update USR_NAME. There are error messages in the searchReponse. Please check log for details
Debug [12/17/2009 2:08:32 PM] Password updation failed in child process
Where is this searchResponce log file? I tried to see all the Windows log files, which has been updated after my password reset, but none of them has any errors which makes sense or the time would match. Also in 20091216043_PasswordChange.log everthing seems to go okay.
SPML web service is deployed and up and I can hit that URL from my machine. I don't get any printouts to the OIM log file.
Any ideas...? Thanks a bunch!
-J-

1. Check your ports, make sure they are open.
2. For password sync you'll need to have SSL certificates configured so AD, OIM and the connector can talk securely. Make sure the proper keystore is used and certificate is present on all 3 (the connector includes the guide to install them)
With the above I got my connector working to this point. Hope that helps.
- JP

Similar Messages

  • AD password synchronization connector error

    Hi,
    I have installed the AD password synchronization connector 9.1.1. to Windows 2003 SP2 server successfully.
    When I tried to reset the users password I can see from the 20120518OIMMain.log file the following errors:
    Debug [5/18/2012 8:20:19 PM] The SOAP start element is
    Debug [5/18/2012 8:20:19 PM] <SPMLv2Document xmlns="http://xmlns.oracle.com/OIM/provisioning">
    Debug [5/18/2012 8:20:19 PM] The SOAP end element is
    Debug [5/18/2012 8:20:19 PM] </SPMLv2Document>
    Debug [5/18/2012 8:20:19 PM] The path is
    Debug [5/18/2012 8:20:19 PM] /spmlws/HttpSoap11
    Debug [5/18/2012 8:20:19 PM] End of sgsloidi::setParameters
    Debug [5/18/2012 8:20:19 PM] <?xml version="1.0" encoding="UTF-8"?>
    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://xmlns.oracle.com/OIM/provisioning"><env:Body><env:Fault><faultcode>env:Server</faultcode><faultstring>Internal Server Error (Caught exception while handling request: java.rmi.RemoteException: null; nested exception is:
    *     java.lang.NullPointerException)*</faultstring></env:Fault></env:Body></env:Envelope>
    Debug [5/18/2012 8:20:19 PM] Inside sgsloidiOIMGeneralErrorHandler
    Debug [5/18/2012 8:20:19 PM] Unable to update USR_NAME. There are error messages in the searchReponse. Please check log for details
    Debug [5/18/2012 8:20:19 PM] Password updation failed in child process
    Can anyone tell me what's wrong with it? please..
    What's I should check?
    Thank a lot.

    1. Check your ports, make sure they are open.
    2. For password sync you'll need to have SSL certificates configured so AD, OIM and the connector can talk securely. Make sure the proper keystore is used and certificate is present on all 3 (the connector includes the guide to install them)
    With the above I got my connector working to this point. Hope that helps.
    - JP

  • Password Synchronization Connector Error in SSL secure mode (636)

    Hello friends,
    I tell them my case:
    I have an Oracle Identity Manager environment BP15 9.1.0.2 and I installed an Active Directory Password Synchronization plug. The connector works properly in unsafe mode (389), then you have configured the SSL connector in safe mode (636) the log shows the following:
    Inside *********** **************** sgslldpcopenLDAPConnection
    Debug [10/28/2011 2:21:00 PM] Inside sgsladac c-tor
    Debug [10/28/2011 2:21:00 PM] AD Host
    Debug [10/28/2011 2:21:00 PM] 192.168.1.10
    Debug [10/28/2011 2:21:00 PM]
    Debug [10/28/2011 2:21:00 PM] AD Port
    Debug [10/28/2011 2:21:00 PM] 636
    Debug [10/28/2011 2:21:00 PM]
    Debug [10/28/2011 2:21:00 PM] AD Base DN
    Debug [10/28/2011 2:21:00 PM] DC = domain1, DC = com
    Debug [10/28/2011 2:21:00 PM]
    Debug [10/28/2011 2:21:00 PM]
    Debugging the code
    Debug [10/28/2011 2:21:00 PM] Inside ConnectToADSI
    Debug [10/28/2011 2:21:00 PM]
    ldap_connect failed with
    Debug [10/28/2011 2:21:00 PM] Server Down
    Debug [10/28/2011 2:21:00 PM]
    Debug [10/28/2011 2:21:00 PM]
    Connection to AD failed
    Debug [10/28/2011 2:21:00 PM]
    Out of openLDAPConnection ********** *****************
    Debug [10/28/2011 2:21:00 PM] Inside sgsladac destroyer
    Debug [10/28/2011 2:21:01 PM] Datastore --- Connect to AD
    Debug [10/28/2011 2:21:01 PM]
    Inside *********** **************** sgslldpcopenLDAPConnection
    Any suggestions to solve this problem.
    thank you very much

    1. Check your ports, make sure they are open.
    2. For password sync you'll need to have SSL certificates configured so AD, OIM and the connector can talk securely. Make sure the proper keystore is used and certificate is present on all 3 (the connector includes the guide to install them)
    With the above I got my connector working to this point. Hope that helps.
    - JP

  • Password changes in AD - Password Synchronization Connector Issue

    Hey all,
    Newbie question/problem... I have the 9.1.1.0 version of the AD Password Synchronization Connector installed on all domain controllers in my AD. My OIM system is IDM 9.1.0.1 running with JBoss.
    When a password is changed on the target machine that OIM is connected to, the password synchronizes across to OIM fine.
    When I change a password on another DC, the password does not synchronize. I check the logs and instead get an error saying... User not found. This shows in the AD eventlog as well saying... user not found in AD, please verify the configuration parameters.
    The weird thing is... if I change my OIM host to point to the 2nd DC that threw that error and change the Password Synchronization Connector to point to itself as the host, the password change will now work and synchronize back to OIM. The password change on the original DC will now throw the same error, user not found.
    I am totally stumped on this one... any help would be greatly appreciated.
    Thanks in advance.
    -B

    Well finally figured it out... each password synchronization connector on each domain controller must:
    for the host entry: use the IP of the current Domain controller box you are installing on
    for the OIM host: enter the OIM server's hostname (not ip)
    Just wanted to share my pains and struggles so others wouldn't have to.

  • Password Synchronization Connector Installation

    Hello friends,
    About Password Synchronization Connector, my query is:
    You can install this connector, with a different user account with administrator account used to start the server in Active Directory.
    thanks

    Another query, this has to be used in the installation of the connector, in addition to the permit program should install another permit what should you be assigned in the Active Directory?
    Thank you for responding, there is some documentation that specifies your claim.

  • Password Sync Connector Error 11gR2

    Hi all,
    I am using following products
    IDM 11.1.2.0,
    activedirectory-11.1.1.5.0 connector with Patch P14190610_111150_Generic.
    MSFT_PSync_91150 for Password Sync.
    Please let me know that AD Password Sync Connector 9.1.1.5 can be configured with OIM *11gR2* ?
    Because I am getting error *"Password updation failed in child process "* I have used the same connector with OIM 11.1.1.5.0 (11gR1) and it was working fine. do i need to make any changes / settings in the OIM for AD Resource also?
    Thanks

    thanks for your reply,
    Please can you help me on the following ....
    I have installed AD PasswordSync Connector 9.1.1.5.0 (MSFT_AD_PSync_9.1.1.5.0) with newly released patch MSFT_AD_PSync_9.1.1.5.6 (patch 14627510). I am getting error that Password updation failed in child process
    its not making any sence as the same connector was working fine with 11gR1. I have uninstalled and reconfigured the connector but no luck.
    Can you through some light on it?
    what i think that there is some communication issue between IDM and AD server, I have check the communication and found no issue. is it that SSL is compulsory for this connector although its not mentioned in any of the document.
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    ebug [10/09/12 14:09:27] Inside sgsloidi::setParameters
    Debug [10/09/12 14:09:27] The SOAP start element is
    Debug [10/09/12 14:09:27] <processRequest xmlns=""><sOAPElement>
    Debug [10/09/12 14:09:27] The SOAP end element is
    Debug [10/09/12 14:09:27] </sOAPElement></processRequest>
    Debug [10/09/12 14:09:27] The path is
    Debug [10/09/12 14:09:27] /spmlws/OIMProvisioning
    Debug [10/09/12 14:09:27] End of sgsloidi::setParameters
    Debug [10/09/12 14:09:27] Begin function sgsloidi::queryADUserAttribute()
    Debug [10/09/12 14:09:27] Inside sgsladac c-tor
    Debug [10/09/12 14:09:27] AD Host
    Debug [10/09/12 14:09:27] 172.20.20.135
    Debug [10/09/12 14:09:27]
    Debug [10/09/12 14:09:27] AD Port
    Debug [10/09/12 14:09:27] 389
    Debug [10/09/12 14:09:27]
    Debug [10/09/12 14:09:27] AD Base DN
    Debug [10/09/12 14:09:27] DC=YYYt,DC=vvv,DC=www
    Debug [10/09/12 14:09:27]
    Debug [10/09/12 14:09:27] Inside ConnectToADSI
    Debug [10/09/12 14:09:27]
    ADSI Bind success full
    Debug [10/09/12 14:09:27] Begin function sgsladac::searchAttrValue()
    Debug [10/09/12 14:09:27] [Base DN : DC=yyy,DC=vvv,DC=www]; [Filter : (&(objectClass=user)(samAccountName=IDM005))]; [Attribute : samAccountName]
    Debug [10/09/12 14:09:27] Search success with one result.
    Debug [10/09/12 14:09:27] End function sgsladac::searchAttrValue()
    Debug [10/09/12 14:09:27] End function sgsloidi::queryADUserAttribute()
    Debug [10/09/12 14:09:27] Inside sgsladac destructor
    Debug [10/09/12 14:09:27] <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault><faultcode>env:Client</faultcode><faultstring>Unknown method</faultstring></env:Fault></env:Body></env:Envelope>
    Debug [10/09/12 14:09:27] Inside sgsloidiOIMGeneralErrorHandler
    Debug [10/09/12 14:09:27] Unable to update IDM005. There are error messages in the searchReponse. Please check log for details
    Debug [10/09/12 14:09:27] Inside sgsladds::sgslperwriteData YOOOO
    Debug [10/09/12 14:09:27] Inside sgsladac c-tor
    Debug [10/09/12 14:09:27] AD Host
    Debug [10/09/12 14:09:27] 172.20.20.135
    Debug [10/09/12 14:09:27]
    Debug [10/09/12 14:09:27] AD Port
    Debug [10/09/12 14:09:27] 389
    Debug [10/09/12 14:09:27]
    Debug [10/09/12 14:09:27] AD Base DN
    Debug [10/09/12 14:09:27] DC=yyy,DC=vvv,DC=www
    Debug [10/09/12 14:09:27]
    Debug [10/09/12 14:09:27] Only dataattribute
    Debug [10/09/12 14:09:27] Got Registry enteries
    Debug [10/09/12 14:09:27] contact
    Debug [10/09/12 14:09:27] description
    Debug [10/09/12 14:09:27] Got Entiredn
    Debug [10/09/12 14:09:27] OU=oimpwdsyncmoetest.gov.kw,ou=OIMADPasswordSync,DC=yyy,DC=vv,DC=wwww
    Debug [10/09/12 14:09:27] Encrypted record already exists in Datastore
    Debug [10/09/12 14:09:27] Already Exists
    Debug [10/09/12 14:09:27] Encrypted record already exists in Datastore
    Debug [10/09/12 14:09:27] Already Exists
    Debug [10/09/12 14:09:27] Inside sgsladdsSearchUser
    Debug [10/09/12 14:09:27] Firing Search Request
    Debug [10/09/12 14:09:27] AD search for a user objectGUID is successfull
    Debug [10/09/12 14:09:27] Count success
    Debug [10/09/12 14:09:27] Search result fetched
    Debug [10/09/12 14:09:27] 0:430 6 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAn+Kii3Krv0GOKE3aE8a/vwAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADVc9Vqwy5JzRFSKTMKlZcowXUmtY/Giw1nYgIz01HZQgAAAAAOgAAAAAIAACAAAADnr10j8OQlKm35BMRt7yKNNQYNeR2JRPMQrlWheBs3XUAAAAB6it/wjG20tJgo5T9euni2Jldb/agmY5RDsoKVpvLnHAkptSd4OUIIaysGAWkqfv9iK69FtzUuh+DcmgkdSLtOQAAAAGMpkx8yFJaKXwnzoCZyElCZbrzdg5f3GNj+S56lk4/UpVij9hFk5VeysObVw21NClzmGnuiBRtO+WF+LzChEUM=
    Debug [10/09/12 14:09:27] --------------------&&&----------------
    Debug [10/09/12 14:09:27] Inside sgsladds::sgsladdsgetData NEW Look
    Debug [10/09/12 14:09:27] 0:430 6 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAn+Kii3Krv0GOKE3aE8a/vwAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADVc9Vqwy5JzRFSKTMKlZcowXUmtY/Giw1nYgIz01HZQgAAAAAOgAAAAAIAACAAAADnr10j8OQlKm35BMRt7yKNNQYNeR2JRPMQrlWheBs3XUAAAAB6it/wjG20tJgo5T9euni2Jldb/agmY5RDsoKVpvLnHAkptSd4OUIIaysGAWkqfv9iK69FtzUuh+DcmgkdSLtOQAAAAGMpkx8yFJaKXwnzoCZyElCZbrzdg5f3GNj+S56lk4/UpVij9hFk5VeysObVw21NClzmGnuiBRtO+WF+LzChEUM=
    Debug [10/09/12 14:09:27] Encoded Data Extracted in sgsladdsgetData
    Debug [10/09/12 14:09:27] 430 6 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAn+Kii3Krv0GOKE3aE8a/vwAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADVc9Vqwy5JzRFSKTMKlZcowXUmtY/Giw1nYgIz01HZQgAAAAAOgAAAAAIAACAAAADnr10j8OQlKm35BMRt7yKNNQYNeR2JRPMQrlWheBs3XUAAAAB6it/wjG20tJgo5T9euni2Jldb/agmY5RDsoKVpvLnHAkptSd4OUIIaysGAWkqfv9iK69FtzUuh+DcmgkdSLtOQAAAAGMpkx8yFJaKXwnzoCZyElCZbrzdg5f3GNj+S56lk4/UpVij9hFk5VeysObVw21NClzmGnuiBRtO+WF+LzChEUM=
    Debug [10/09/12 14:09:27] Moving out sgsladdsgetData
    Debug [10/09/12 14:09:27] Encoded Data Extracted
    Debug [10/09/12 14:09:27] 430 6 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAn+Kii3Krv0GOKE3aE8a/vwAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADVc9Vqwy5JzRFSKTMKlZcowXUmtY/Giw1nYgIz01HZQgAAAAAOgAAAAAIAACAAAADnr10j8OQlKm35BMRt7yKNNQYNeR2JRPMQrlWheBs3XUAAAAB6it/wjG20tJgo5T9euni2Jldb/agmY5RDsoKVpvLnHAkptSd4OUIIaysGAWkqfv9iK69FtzUuh+DcmgkdSLtOQAAAAGMpkx8yFJaKXwnzoCZyElCZbrzdg5f3GNj+S56lk4/UpVij9hFk5VeysObVw21NClzmGnuiBRtO+WF+LzChEUM=
    Debug [10/09/12 14:09:27] Incrementing the MAX_RETRY LIMIT:
    Debug [10/09/12 14:09:27] 1
    Debug [10/09/12 14:09:27] numretries ======
    Debug [10/09/12 14:09:27] 1
    Debug [10/09/12 14:09:27] Inside sgslcodsupdateChild
    Debug [10/09/12 14:09:27] 1:430 6 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAn+Kii3Krv0GOKE3aE8a/vwAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADVc9Vqwy5JzRFSKTMKlZcowXUmtY/Giw1nYgIz01HZQgAAAAAOgAAAAAIAACAAAADnr10j8OQlKm35BMRt7yKNNQYNeR2JRPMQrlWheBs3XUAAAAB6it/wjG20tJgo5T9euni2Jldb/agmY5RDsoKVpvLnHAkptSd4OUIIaysGAWkqfv9iK69FtzUuh+DcmgkdSLtOQAAAAGMpkx8yFJaKXwnzoCZyElCZbrzdg5f3GNj+S56lk4/UpVij9hFk5VeysObVw21NClzmGnuiBRtO+WF+LzChEUM=
    Debug [10/09/12 14:09:27]
    Encrypted record data updated successfully
    Debug [10/09/12 14:09:27] Inside sgsladac destructor
    Debug [10/09/12 14:09:27] End of sgsloidiOIMGeneralErrorHandler
    Debug [10/09/12 14:09:27] Password updation failed in child process
    Debug [10/09/12 14:09:27]
    Relaxing while processing records from datastore
    Debug [10/09/12 14:09:29]
    About to UNBIND datastore after processing the Records
    Debug [10/09/12 14:09:29]
    Deleting datastore object pointer
    Debug [10/09/12 14:09:30] Datastore --- Connect to AD
    Debug [10/09/12 14:09:30]

  • OIM Password sync connector installation issue

    Hi All,
    I am trying to configure password synchronziation between OIM & Active Directory. while installing AD Password Sync connector on AD Host it is returniing following.
    Error occurred while uploading prepAD.ldif. , please refer to %TEMP%\oimpwdsync.log. Please upload
    prepAD.ldif to Active Directory Domain Controller before applying ACLs.
    Kindly suggest me on this.
    Regards,
    Madhu

    I'm also getting the same error.
    This is the content of the log file :
    (Apr 14, 2011 6:19:27 AM), Install, com.oracle.installshield.adpwd.pathValidator, dbg, Directory does not exists, will get created at the installation time
    (Apr 14, 2011 6:19:38 AM), Install, com.installshield.product.actions.UninstallerJVMResolution, dbg.jvm, attempting to use the current JVM
    (Apr 14, 2011 6:19:38 AM), Install, com.installshield.product.actions.UninstallerJVMResolution, dbg.jvm, searching for a JVM
    (Apr 14, 2011 6:19:38 AM), Install, com.installshield.product.service.product.PureJavaProductServiceImpl$Installer, err, ProductException: (error code = 601; message="JVM not found")
    STACK_TRACE: 8
    ProductException: (error code = 601; message="JVM not found")
         at com.installshield.product.actions.JVMResolution.install(JVMResolution.java:171)
         at com.installshield.product.service.product.PureJavaProductServiceImpl$InstallProduct.checkUninstallerJVMResolution(PureJavaProductServiceImpl.java:4793)
         at com.installshield.product.service.product.PureJavaProductServiceImpl$InstallProduct.install(PureJavaProductServiceImpl.java:4554)
         at com.installshield.product.service.product.PureJavaProductServiceImpl$Installer.execute(PureJavaProductServiceImpl.java:3758)
         at com.installshield.wizard.service.AsynchronousOperation.run(AsynchronousOperation.java:41)
         at java.lang.Thread.run(Unknown Source)
    (Apr 14, 2011 6:19:38 AM), Install, com.oracle.installshield.adpwd.execTool, err, Cannot run program "C:\Program": CreateProcess error=2, The system cannot find the file specified
    (Apr 14, 2011 6:19:38 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, ASCII file C:\Program Files\oracle\OIMADPasswordSync\prepAD.ldif does not exist and will be created.
    (Apr 14, 2011 6:19:38 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, gen exp
    (Apr 14, 2011 6:19:38 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, C:\Program Files\oracle\OIMADPasswordSync\prepAD.ldif (The system cannot find the file specified)
    Anyone fixed it. I have checked JAVA env is set in my machine
    C:\>echo %JAVA_HOME%
    D:\oracle\Middleware\jdk160_14_R27.6.5-32
    C:\>java -version
    java version "1.6.0_12"
    Java(TM) SE Runtime Environment (build 1.6.0_12-b04)
    Java HotSpot(TM) Client VM (build 11.2-b01, mixed mode)
    Did anyone fix the issue?

  • Password Synchronization Connector in HA

    Hello friends,
    As I can configure the Password Synchronization plug idm Oracle Identity Manager on Oracle WebLogic Server deployed in Cluster (2 nodes)
    Thanks.

    Yes, you can configure it for 2 nodes in clustered environment. Refer http://docs.oracle.com/cd/E11223_01/doc.904/e10450.pdf 2.3 4. You need to install connector on one node and configure it on both, if it is 11g.
    regards,
    GP

  • Configuration settings for the AD Password Sync Connector

    Hi,
    I am looking for information on how do retries work for the OIM Password (Sync) Connector for Active Directory. We are currently using version 9.1.1.5.10. If anyone can help answer any of the below questions, it will be very appreciated. Also, if there is a doc that explains this, please do let me know. The official connector doc on the Oracle site provides a good architectural overview but it does not talk about any of these registry settings.
    a) What does this registry setting "OIMConfig\ConfigSleepTime" control
    b) What does this registry setting "OIMConfig\MAX_RETRIES" control
    c) What does this registry setting "OIMConfig\SleepTime" control
    - In my experience this is the time when the password update thread kicks off. So in other words it represents the max latency between when you change a password in AD and when it will get pushed down to OIM. If you set this to 300 seconds, then you are looking at a worse case scenario of a 300 second lag between the time you changed your AD password and when it was pushed to OIM.
    d) According to this doc, http://docs.oracle.com/cd/E11223_01/doc.910/e11218/overview.htm#CEGHJCJE, bullet #6 states:
    "If Oracle Identity Manager rejects the password change, then the password update thread keeps resending SPML requests until the retry count reaches the maximum number of retries."
    I am trying to understand what is the reasoning behind having the connector retry the password update if OIM has already rejected it once. Is there a possible scenario where OIM would reject a password update the first time and then accept the same password update on a second attempt?
    e) Referring back to question #d above, what is the frequency at which the connector will attempt retries?
    Thanks
    Aspi Engineer
    Putnam Investments

    That is the problem...
    When I installed the connector I didn't get any error and I get a message the connector was installed ok. I think I will reinstall it.
    Thanks,
    Renato

  • AD Password Sync connector 9.1.1 With OIM 11g R2 - ERROR OVER SSL

    I have set up AD password sync with from AD to OIM 11G R2
    The password syncs from AD to OIM 11G R2 on non ssl port 389.
    But if fails on SSL Port 636.
    Errors in OIMMain.Log:_
    Debug [10/11/2012 10:49:34 AM] Inside ConnectToADSI
    Debug [10/11/2012 10:49:34 AM]
    ldap_connect failed with
    Debug [10/11/2012 10:49:34 AM] Server Down
    Debug [10/11/2012 10:49:34 AM]
    Steps Carried Out thus far:_
    AD is up and running.
    Configured AD Password Sync Connector on 636 and selected ssl.
    Created Certificate on OIM host, configured custom identity key store on weblogic. Restarted Weblogic.
    Imported Certificate to AD. After this, restarted the AD
    I can Telnet port 636 from OIM Box and also connect to AD through LDAP Browser on 636 and view OU and CN, so this seems fine.
    Provisioning from OIM through Connector Server to AD works over SSL and this works fine.
    Help would be appreciated.
    Many Thanks

    This question is now been fixed.
    Instead of explicitly stating 636 for SSL,
    Use the same port 389 for ssl and also configured oim port to be 140001 which is the ssl port for oim in the configuration of OIM Password Sync.
    Export Certificates from AD to java security keystore and to weblogic keystore
    Export .pem certificate created on OIM host machine to AD.
    Restart weblogic, oim and AD
    Everything would work fine.
    For all the other information, refer to doc.
    Thanks

  • Error Installing AD Password sync connector in windows 2008

    HI,
    i am trying to install AD Password sync connector in windows 2008 but i am getting following error.
    **Error occurred while uploading prepAD.ldif. , please refer to %TEMP%\oimpwdsync.log. Please upload**
    **prepAD.ldif to Active Directory Domain Controller before applying ACLs.**
    Thanks,

    Dont do any thing. just restart your machine,a dn re-configure, because first time passwordsync10.dll has not initialized on AD machine. after that just put same parameter value what you have given previously. it will work
    same time verify if AD Authentication or xelsysadm Authentication is wrong

  • Password Synchronization from OIM to target systems

    Hi All,
    Is there any OOTB functionality in OIM9.1.0.1 for password synchronization.
    I have a user with multiple IT resources provisioned into his account. Now whenever user changes his password in OIM, I want that to be updated on particular target system which user selects. For ex. If a user has 5 IT resources configured and whenever he changes his password that has to be updated on only 3 IT resources and not all.
    As per my understanding each IT resource configured will have some process task for updating the password on target system(Password Update in case of iPlanet resource) which will be triggered if an entry for this is present in USR_TRIGGERS. If I use this kind of approach it will update on all IT resources.
    How can I make this dynamic so that the changes are done only to a list of specific IT resources selected by user.
    Thanks & Regards,
    Mahantesh

    There is no OOTB functionality for the end user to decide which resources get their password changed and when. The OOTB functionality lets you use the Lookup.USR_PROCESS_TRIGGER to define which USR table fields have triggers configured for modification. Then you can create the task associated with the field in any provisioning process definition to insert that task when the field changes.
    If you want the user to be able to pick and choose which fields get propagated to which targets, it becomes custom coding.
    Off hand, to be able to decide which passwords get propagated to which targets, i might suggest some way for the end user to set the targets before hand because when a user changes their password, it's only the password that is being changed. You are going to need a field somewhere that says "yes this resource will propagate the password". You have 2 locations i can think of to do this, on the USR form as a UDF, or a field no the user's resource profile. Next you need a way to fill in these values. If it's on the USR form, you could put these on the user's self modification page to be able to check and uncheck these per resource. Or you can create a self requestable resource, or organization type requestable that has the list of targets, and the user can choose which ones they want to propagate the password to. You cannot have a dynamic list of targets though of the resource form. It has to be a set defined list. You could however create a child table with a list of all available objects and have them just add them in. Once the selection is done, you will either have these checked, or the provisioning side will update the values.
    Now, when the password is changed, and you have your "Change User Password" task running, your adapter will have an input that maps to the UDF field to check if it should pass the new password to the Password Field on the form to trigger the Password Updated task, or return the existing password.
    Or you create a custom page that lets you do whatever you want :)
    -Kevin

  • AD password sync connector configuration for OIM Cluster

    Hi
    I have OIM running on clustered environment in two nodes.
    I have some AD domain controller. I need to install the AD password sync connector (version 9.1.1) in the AD domain controller.
    I remember that in the earlier versions we need to install the user management console and then change the value in xlConfig file to have both the node name.
    Version 9.1.1 is changed to use the SPML webservices. I have installed the SPML WS in both the nodes.
    My question is where do i specify in the AD password sync connector that I have two server as there is no xlConfig or any other config file that I can give both the server address.
    I referred the following PDF http://download.oracle.com/docs/cd/E11223_01/doc.910/e11218.pdf
    Thanks
    Narendar Doshi

    have you tried importing the cert in cacerts under $JAVA_HOME?

  • OIM AD password Sync connector. Connection to AD through SSL

    Hi.
    I am trying to configure AD password sync connector 9.1.1.5 with patch 14627510 to connecto to AD through SSL.
    At this moment, connector is able to connect to OIM through SSL but not to the AD. If i set AD port number to 389 on the connector configuration, everything works fine.
    If i set it to 636, it is not able to connect to the AD.
    I've imported the AD SSL certificate to <connector install directory>\OIMADPasswordSync\_jvm\lib\security\cacerts and restarted the domain controller but still no luck.
    To test that the certificate and everything else is OK, i've also installed a jxplorer and imported the same certificate into <jexplorer install directory>\jxplorer321\security\cacerts. Jxplorer is able to connect to the AD through SSL on port 636 so user credentials, certificate, etc.. are ok
    Connector documentation doesn't mention anything regarding SSL connection to AD, it only describes SSL connection to OIM.
    Anyone has donde this before? Is there any additional step i should follow to enable SSL connection from AD password sync connector to AD? Does the connector support SSL connection to AD?
    Regards.

    have you tried importing the cert in cacerts under $JAVA_HOME?

  • How configure password sync connector in OIM cluster environmet

    Hi,
    i want some inputs to configure password sync connector in OIM cluster environmet.
    Thanks,

    Use a load balanced URL.
    -Kevin

Maybe you are looking for

  • Visual Composer 7.0 - Change the Y-axis from decimal scale to integer

    Hi Experts, I'm new in Visual Composer 7.0, my report is work fine, but when I want to show the data in bar-chart, the values on y-axis are 0.0, 0.4.0.8,1.2,1.6.2.0 but i want like 1,2,3,4. Normally, this happen when values on y-axis less than 5, if

  • ITunes not recognizing iPod Classic; tried many solutions but none seem to work

    Dear Apple Support Community, I just dug up my 6 year old iPod Classic from the grave and would like to start using it again as my HTC's headphone jack is extremely faulty lately. My iPod Classic is completely empty - I have no music, no photos, nor

  • How to copy one Analysis/Report in Business Model A to Business Model B?

    I have created a Business Model, Presentation layer in my RPD. I have many subsequent reports/analysis for that BM. Now, i have created a second BM/Presentation layer, in the same RPD, which uses a new set of identical tables (columns and table names

  • Page Items displayed in table borders

    Hello, This might be a 'newbie' question, but I need to design a form layout in a 'Grid', so I need to know how to enable borders around each page item (cell). I wish there was a way to create a layout in Dreamweaver and then have Html DB insert each

  • Re:  texteditor

    Hi,        I written the code for texteditor . I want to save my texteditor values into the standard texts. And i know how to save the texts into sap by using read_text and save_text. But problme is that, as per my requirement text object is not avai