AD to OID map - adding "orcluser"

I have a map file that works successfully, but it's missing the "orcluser" objectclass, which is mandatory for the Collaboration Provisioning. I need to know its attributes and how to add it to the mapping file without assigning a value from AD. Here's an example of the "orcluserV2" object.
givenName: : :person:displayName: :orcluserV2
The Mapping Attribute Rules are -
src-attrib:<mandatory flag>: :src-objectclasss : dest-attrib: :dest-objectclass:<edit rules>
How do I add the "orcluser" objectclass without assigning an AD value? And/or give an example?
Thanks,
Rick

Hi Rick!
The orcluser only has four optional attributes:
- orclGlobalID
- userPKCS12
- userPKCS12Hint
- orclPassword
The globalID could be mapped from the userprinciplename or the SAMAccountName.
My Active Directory shows that a user in there has also a list of "Published Certificates". Maybe (I'm not an AD expert) this has some information you could reuse to map it to the userPKCS12 and userPKCS12Hint.
Could you try for the password to map a fixed string (e.g. "welcome1") ?
cu
Andreas

Similar Messages

  • Problem while mapping Added field in DSO

    Hi SDNers,
    I want to add another filed (0CREATEDBY) in FIGL DSO. I have added that field by deleting the data in the DSO. that field has been added into Data Fields and activated it. Till now it is OK. But when i see that field in the Update Rules it is not in Green Colour but it is in disabled mode.  How to map it in Update Rules and Transfer Rules.
    Cud u plz give a step by step analysis for it.
    <removed by moderator>.
    Thanks and REgards,
    Phani.
    Edited by: Siegfried Szameitat on Nov 17, 2008 3:12 PM

    Hi Sonal,
    Thanks for your reply,
       As I am using 0FI_GL_4 Data Source it doesnt' consists that Field 0CreatedBy so what I have to do that Field is there in "0EC_PCA_3" this Data source how can i add this field in to my 0FI_GL_04 Data Source.
    Cud u plz tell me.
    Thanks
    Phani.

  • Basic question: Can OID map LDAP query to custom SQL query?

    Hi all,
    I have custom data in my Oracle Database and I wat to give them
    LDAP interface. Is it possible to use OID to achieve this or OID
    is for other purposes?
    To be more specific: I have schema MYSCHEMA and table
    MYSCHEMA.MYTABLE. Is it possible to configure OID to select from MYSCHEMA.MYTABLE for specific LDAP queries? And the same for update queries? Is there some OID manager console to map LDAP queries against Oracle tables and views?
    Thanx for any suggestions,
    Rob

    Rob,
    take a look at the Directory Integration Platform. We provide synchronization of data from an DB tables to OID.
    see "Synchronization with Relational Database Tables" http://download-west.oracle.com/docs/cd/B14099_14/idmanage.1012/b14085/odip_db.htm#i1042820
    another option could be to use the OID Plugin framework together with a PLSQL procedure to access the DB data
    http://download-west.oracle.com/docs/cd/B14099_14/idmanage.1012/b14087/svrplgin.htm#i741028
    regards,
    --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  • AD OID mapping rule questions

    Hi,
    Can someone please tell me how to map the first and last names from AD to OID in the mapping file. Currently I have the following and wanted to make sure if it's correct:
    sn,SAMAccountName: : :person:sn: :person:sn|SAMAccountName
    givenName: : :person:givenName: :person
    # Map the userprincipalname to the nickname attr by default
    #userPrincipalName: : :user:uid: :inetorgperson:userPrincipalName
    # Map the SamAccountName to the nickname attr if required
    # If this rule is enabled, userprincipalname rule needs to be disabled
    sAMAccountName: : :user:uid: :inetorgperson:sAMAccountName
    The other question I have is why we need to disable userprincipalname rule when the following is enabled. As I am also trying to enable WNA/SSO too, what other rules I need for that in my mapping file.
    sAMAccountName: : :user:uid: :inetorgperson:sAMAccountName
    Thanks

    I have these first two rules here and they seem to be working fine. But I think you will have trouble with the third one with WNA authentication.
    About the two last rules for uid, the reason you can only have onle one of these is that both are storing a value on the uid attribute. You need to choose wether you want to use the samaccountname or the userprincipalname on it.
    I remember seeing somewhere that for WNA authentication to work the uid should be in the format [email protected], so you would need to map userprincipalname to uid instead of samaccountname, I am not absolutely sure about this since I have never setup WNA.
    And also you would need to populate the krbprincipalname. I think this one is automatically copied to the orclsamaccountname attribute, which is required. I have a rule like this here:
    userPrincipalName: : :user:krbPrincipalName: :orcluserv2:trunc(userPrincipalName,'@')+'@'+toupper(truncl(userPrincipalName,'@'))
    There are some walktroughs on Oracle By Examples that I found very usefull. This one is for WNA:
    http://www.oracle.com/technology/obe/obe_as_10g/im/wna/wna.htm
    Regards,
    Luis

  • OID api adding groups?

    I'm currently using jdev 10.1.3.2, and running ocs 10g with jdk version 1.4.
    I am trying to use the jar for the OID api version 10.1.4 so that I can add/delete groups. This runs fine locally but when it's on the server it will not see the function 'add group'.
    it seems that ocs is running the jar with an earlier version of the OID api and my project is not picking up the jar i have added to the project. another theory is that it is picking up the jar but won't work with jdk version 1.4. Does anyone have any insight on this?
    Iis there a way around this? the earlier version does not have adding groups.

    Frank, thanks for the response.
    The JAR is deployed with the application. I would have thought that would work also, but it doesn't. I can't say i've ever had a problem like this with jars, which is why one theory is that the problem may be because the server runs jdk 1.4.
    any other suggestions?

  • OIM Connector Mapping Adding Space

    Hi all,
    I have a requirement that when a user from PeopleSoft is loaded into OIM through a connector that their default OIM password is a string literal concatenated with their employee id (i.e. 'ORG#jsmith' where 'ORG#' is the string literal and 'jsmith' is the employee id). I have configured the connector to perform this operation using the mapping action of "Create Mapping With Concatenation". When I load a new user everything goes well except that it adds a space between the string literal and the employee id (i.e. instead of 'ORG#jsmith' it is 'ORG#_jsmith' where '_' is an empty space) which is not acceptable for a password. I have verified that there is not an extra space at the end of string literal and I have also verified that there is not an extra space at the beginning of the employee id. I was wondering if anyone has run into a similar issue or has any suggestions to work around this.
    Regards,
    Luke

    I have seen similar issues every now and then over the years.
    The easiest way to solve the problem would probably be a pre insert entity adapter that simply builds the password and puts it in the password field.
    Hope this helps
    -Martin

  • Iweb'09 google map adding more than one address

    Is it possible to add more than one address to a single map. I am a gardener and wanted to show on one map where all my customers are.

    Wyodor wrote:
    Can you do it in Google Maps?
    Have you read the Google Maps Help?
    Go where the knowledge is.
    http://maps.google.com/support/
    http://maps.google.com/support/bin/topic.py?topic=23520
    [Add content to maps|http://maps.google.com/support/bin/answer.py?hl=en&answer=67842]
    After my less-than-satisfying experience with you in a thread I have noticed that you seem to make post after post with little putdowns of the users you are responding to. Would it be possible adjust your manner? It is especially annoying since your answers are not consistently correct or helpful.

  • Nokia Maps - adding intermediate point in planned ...

    I've planned the route from one town to another in my Lumia 920. How can I add intermediate point in this route (I want to go through another town not included in my route)?
    Solved!
    Go to Solution.

    Yes currently the Routes are not synchronising .. What you can do is Plan your Navigation in 2 parts.. Starting point to Intermediate point.. and then Intermediate point to End Point..

  • AD/OID import mapping not working

    Can you help debug my AD-OID mapping issue? I'm getting the below messages from ActiveChgImp.trc
    Sleeping for 5secs
    LDAP URL : (:0 cn=akloas1,ou="Service Accounts",OU=Users,OU=Managed-Objects,dc=corrections,dc=govt,dc=nz
    Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
    LDAP AuthenticationException javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
    [LDAP: error code 49 - Invalid Credentials]
    Reader initialization failed!
    LDAP URL : (AKLOAS1:389 cn=odisrv+orclhostname=AKLOAS1,cn=registered instances,cn=directory integration platform,cn=products,cn=oraclecontext
    Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
    LDAP Connection success
    Writer Initialised!!
    Writer proxy connection initialised!!
    MapEngine Initialised!!
    Filter Initialised!!
    ActiveChgImp:Error in Mapping EngineODIException: DIP_GEN_AUTHENTICATION_FAILURE
    javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
    at javax.naming.InitialContext.init(InitialContext.java:219)
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:133)
    at oracle.ldap.odip.gsi.LDAPConnector.connectLdap(LDAPConnector.java:301)
    at oracle.ldap.odip.gsi.ActiveChgReader.initialise(ActiveChgReader.java:202)
    at oracle.ldap.odip.engine.AgentThread.readerInitialise(AgentThread.java:390)
    at oracle.ldap.odip.engine.AgentThread.mapInitialise(AgentThread.java:439)
    at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:305)
    at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
    ActiveChgImp:about to Update exec status
    Updated Attributes
    orclodipLastExecutionTime: 20110504153900
    orclodipConDirLastAppliedChgNum: 0
    orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
    orclOdipSynchronizationErrors: Invalid Credentials
    Updated Attributes
    orclodipLastExecutionTime: 20110504153900
    orclodipConDirLastAppliedChgNum: 0
    orclOdipSynchronizationStatus: Agent Execution Successful, Mapping/IMPORT operation Failure
    orclOdipSynchronizationErrors: Agent Execution Successful, Mapping/IMPORT operation Failure
    Ending Mapping execution.
    -----

    Thanks for the reply. Syncronisation seems to be working.
    From oidadmin I added...
    Connected Directory URL = <AD_server.AD_domainname>:<port>
    After this, the Activechgimp.trc file is showing:
    Updated Attributes
    orclodipLastExecutionTime: 20110505102616
    orclodipConDirLastAppliedChgNum: 63237620
    orclOdipSynchronizationStatus: Synchronization Successful
    orclodipLastSuccessfulExecutionTime: 20110505102616
    ...But I can't see the test account in AD that was added in. It's not being picked up.

  • AD OID synchronization Update profile

    Hello everyone;
    We have success installed oid (10...) and ad, have success configured ad to oid synchronization...
    but now we change mapping file, for example, now email builds from other attributes, but previously synchronized users not changing theirs mails, only new added users have 'normal' email.
    how resync users for update their emails, without bulkdelete?
    thanks,
    jeff

    Bulkmodify, perhaps?
    Bottom line is you cannot change your sync profile and get it to update existing OID entries (previously synced from AD).
    Another option would be using an ldif file. Creating ldif file(s) is not that difficult, it would be something like:
    dn: cn=[your OID mapping]
    changetype: modify
    replace: mail
    mail: [email protected]
    dn: cn=[next entry, blank line above is needed!]
    You can create these, using ldapsearch -h [your MS DC name] -p 3268 -Z [smart conditions here]
    Load using ldapmodify

  • Adding Custom ObjClass to OIDUser Provisioned by Reconcilation frm FlatFile

    Hi,
    I am using OIM with OID.
    1) i have a flat file with following fields login|firstName|lastName|eMail|organization|status|EmployeeStatus
    2)i have added udf in OIM named EmployeeStatus.....it is added to Xellerate User RO and process form as well.
    3)created a custom obj class in OID and a custom attribute EmployeeStatus and then added this custom attribute to custom obj class.
    4) mapped EmployeStatus in AttrName.Recon.OID.Map and AttrName.Prov.OID.Map lookups
    Now i am running trusted source recon to reconcile user from flat file to OIM...user gets created in OIM with value of EmployeeStatus showing up in User Profile.Also the OID User Resource is provisioned..... But it does not include that custom obj class which includes EmployeeStatus Attribute....as a result EmployeeStatus value is showing up in process form.
    The OID user account created is not having that obj class....how can i include that

    You can add the custom object class in the Configuration look up of OID.
    ldapUserObjectClass = OOTB classes|yourCustomObjectClassUser
    Thanks
    Suren

  • XML MAPPING - swf not updating

    When I make a change to the xml file it is not picking up the change in my published swf file.  When I open the project in CX and refresh the mapping updates.
    So it is connected but when I click on "refresh" on the sxf it is not updating.
    I have xml maps, added in the data connection manager, with a refresh button tied to the xml connection.  I also have the refresh on load checked in the connection manager.
    Need help.
    Thanks
    Mark

    Shamim my scenario was that I wanted the SWF on a network so that a call center employee could access the file from a mapped drive, open the file direct on her/his client machine.  My problem was that I developed the file on the server machine and mapped the data connection path to the XML initially from the server, not the scenario of a client machine's path looking for the file. (not sure if cache is the right term)
    Initial Path from server development..  D:\Datafiles\data.xml
    The client machine(s) network path, mapped drive was Z: for example.  In the excelsius model you need to bind the data path to the excel model and hardcode the Path that the client machines will go thru to access the data.  This solved my issue perfectly.  Z or name of the mapped drive mapped to the server.
    Z:\Datafiles\data.xml
    So now if your on the server machine and try to open the file from the swf you will incur the error message that correlates to the swf not being able to find the data.  From the clients works fine but not from the server machine as the path has to be exact for the swf to find the data file.
    Hope this helps.
    I have a question for trying to deploy this same example on th server embedded into a swf movie player to the web.  Might have been my path issue, cross domain policy file... But I could not get it to be deployed in a website, live.  If you are familiar with this please explain to me.
    Regards,
    Mark

  • Adding a flash file?

    i know iweb does not support flash but is there a way to change the html code to fix this?
    i have tried to "insert" a flash file but it does not show up in the html code?

    Welcome to the Apple Discussions. iWeb does support flash files. What type of flash are you trying to add. These demo pages have a number of different types of embedded flash:
    Visitor Maps
    Adding Maps and Calendar via Widget
    Flash Audio Players
    Date/Time and Show/Hide Text Widgets
    Opening Item in New Specially Sized Window
    It's all done with HTML snippets, and sometimes, iFrame. Tell us exactly what you're trying to do.
    OT

  • OIM Trusted Reconciliation with OID

    Hi all,
    1. i am facing the problem with trusted reconciliation , i mapped AttrName.Recon.OID.Map with OOTB values , and in Reconciliation manager the Event is created with No Match Found,
    2. In provisioning i am using the Entity Adapter to generate the User ID is this causing the error ?.
    3. when i run Trusted Recon ii am getting the following error
    DEBUG,06 Apr 2011 16:49:48,655,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isDescription - Value: Cannot save: Bad SQL operation FATAL REJECT, raw value 2.
    DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isRemedy - Value:
    DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isDetail - Value:
    DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcErrorList/addError entered.
    DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/doRollback entered.
    ERROR,06 Apr 2011 16:49:48,656,[XELLERATE.DATABASE],Class/Method: tcDataBase/rollbackTransaction encounter some problems: Rollback Executed From
    java.lang.Exception: Rollback Executed From
    at com.thortech.xl.dataaccess.tcDataBase.rollbackTransaction(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.rollback(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.doRollback(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
    at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
    at com.thortech.xl.dataobj.tcRCE.createUserRecord(Unknown Source)
    at com.thortech.xl.ejb.databeansimpl.tcRCEBean.createUserRecord(Unknown Source)
    at com.thortech.xl.ejb.beans.tcRCE_4tknfu_EOImpl.createUserRecord(tcRCE_4tknfu_EOImpl.java:615)
    at com.thortech.xl.ejb.beans.tcRCE_4tknfu_EOImpl_WLSkel.invoke(Unknown Source)
    at weblogic.rmi.internal.activation.ActivatableServerRef.invoke(ActivatableServerRef.java:85)
    at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
    at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
    at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    INFO,06 Apr 2011 16:49:48,656,[XELLERATE.DATABASE],Class/Method: tcDataBase/setTransaction: ##########setTransaction getting called from: #######
    DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/doRollback left.
    DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/save left.
    DEBUG,06 Apr 2011 16:49:48,657,[XELLERATE.SERVER],Class/Method: tcRCE/createUserRecord left.
    DEBUG,06 Apr 2011 16:49:48,825,[XELLERATE.SERVER],Class/Method: tcErrorList/getErrors entered.
    DEBUG,06 Apr 2011 16:49:48,825,[XELLERATE.SERVER],Class/Method: tcErrorList/getErrors left.
    DEBUG,06 Apr 2011 16:49:48,887,[XELLERATE.SERVER],Class/Method: tcErrorList/ getRejections entered.
    DEBUG,06 Apr 2011 16:49:48,887,[XELLERATE.SERVER],Class/Method: tcErrorList/ getRejections left.
    DEBUG,06 Apr 2011 16:49:48,997,[XELLERATE.SERVER],Class/Method: tcDataBase/readEncryptedStatement entered.
    DEBUG,06 Apr 2011 16:49:48,998,[XELLERATE.SERVER],Class/Method: tcDataBase/readPartialStatement entered.
    Thank you.

    Hi Khanh,
    [This is not good for my use case.  I don't want the users from OID to be created in OIM]
    Remember this Ldap Sync we use when we want all users in OID -OIM to be in Synch. Otherwise you should have disabled Ldap Sync and used OID 11g Connector.
    So if you want to link users in OIM using OID process form/resouce, then its must to use OID 11g Connector.
    ~J

  • Need help understanding OID basic’s regarding portal

    Hi I am new to v2 portal and OID and need some help.
    Because all portal users are oid users, currently default settings are in place. My issues are follows:-
    Q1     Portal user passwords are expiring after a few weeks, how do I reset the expiration time for portal user passwords.
    Is using the OID Manager (Java – client app) the only way and how do you do it?
    Q2.     My understanding is that the OID contains all policy details regarding user access.
    How does OID map to portal so that portal uses use a particular OID, as portal v2 is install out of the box this is already done for me, an explanation would be very helpful.
    Thanks in anticipation
    SD.

    I'm no expert, but a command that weeds out some the local stuff would have beennetstat -af inet
    Most of those listings are local system sockets, and look fairly normal (with that command, my machine has about the same number of entries). Any given browsing session will open all kinds of temporary connections that eventually time out, and by closing Safari most of them should eventually close.
    Netstat will show a bunch of stuff, not necessarily limited to the internet. You can also use the *Activity Monitor* application, and another useful tool is MenuMeters - I still use it to keep track of network and disk activity. Are there other machines on your network (or cable node)? With a 25mbit connection, you would need to be running a lot of stuff to slow it down.

Maybe you are looking for