Addiing Resources(Database/LDAP) to Sun IDM through SPML

Similar Messages

• Provisioning User IDs in Remedy Help Desk with Sun IdM 7.0.

  Hi,
  Our team is in the process of defining a approach to provision user IDs in Remedy Help Desk system using Sun IdM version 7.0.
  What we wanted to know is whether it is possible to use the Remedy resource adapter bundled with Sun IdM 7.0 to provision user IDs. We think that this resource adapter is used to provision help desk tickets into the help desk system and not user IDs. Is the understanding correct?
  If user IDs cannot be provisioned using the resource adapter, we are planning the following approach to provision user IDs into Remedy:
  1. Understand the table schema of the Remedy database.
  2. Configure the Database Table resource adapter to provision into the Remedy user tables.
  We are looking for inputs from people who have come across a similar design issues with Remedy Help Desk and could validate our design approach. We will highly appreciate any inputs on this.
  Thank You.
  Regards,
  Vallabh Vengulekar.

  "We think that this resource adapter is used to provision help desk tickets into the help desk system and not user IDs"
  hi as per ur post...where did u find this information..I am looking for this information of how to manage Remedy tickets through IDM.
  If you can help me it wil be great...looking for your inputs...
  thanks in advance.

• Managing LDAP groups and roles through SUN IDM

  Hi Guys,
  We have a requirement to build the following functionality in our Sun IDM tool.
  1.     Ability to create/manage Static LDAP group.
  2.     Ability to create/manage filtered LDAP group.
  3.     Ability to create/manage Static LDAP roles.
  4.     Ability to create/manage filtered LDAP roles.
  Can anyone let us know any pointers as to how to accomplish this or any ideas for the path to follow for this.
  Any reply will be appreciated.

  http://myidm.blogspot.com/2009/06/how-to-create-groups-in-ldap-or-active.html

• Sun Idm with LDAP failover

  Hi All,
  Not sure if anyone encountered this issue.
  I m using Sun Idm version 7.1 and sun one directory server 5.2 as corp ldap. I want to configure failover for ldap. I have setup master-master replication between ldaps. Now in idm on resource configuration page for ldap, I specified url of failover server. I brought down current ldap server and checked the connection. It shows successful because it picked failover one.
  Now, after this stage I am not able to create/modify accounts on ldap (now running on failover) and its giving me the error "javax.naming.NameNotFoundException. [LDAP error code 32- No such object]"
  Any suggestions, please provide.

  Hi
  Came across this issue myself (just now) and fixed it so thought I'd comment. I appreciate this post is quite old now but this might help anyone else who has this issue.
  We are using IDM 8.1 and have 2 DSEE 6.3 instances - one master and one replica. In the help description for Failover Server on the LDAP resource configuration page it says:
  "List all servers in the form of "ldap://ldap.example.com:389/o=LdapFailover" which follows the standard LDAP v3 URLs described in RFC 2255. Only the host, port, and dn parts of the URL are relevant in this setting."
  We originally listed our second server as above and included the "/o=LdapFailover" bit on the end and we got the same error. We removed the "/o=LdapFailover" and just left "ldap://<host>:<port>" there and it all works.
  Hope this helps someone.

• How to create an Virtual resource Adapter in SUN IDM 7.1?

  Hi,
  Can anyone know how to create an Virtual resource Adapter in SUN IDM 7.1?
  Regards
  Damodar

  Hi Dinesh,
  Try using waveset.adminRoles
  Thanks

• Expert pls help: Sun IDM with ldap active sync

  Hi all,
  Currently i am configuring Sun IDM 6.0 SP1 to active sync with Sun directory server. I have enabled Retro Change Log but yet i cant find my changeNumber in directory server. Could anyone show me a way (search?) to get what changeNumber directory server currently running?

  Check the account used by IDM to access DS can search cn=changelog branch. If he is not Directory Manager, you probably need to set an ACI on that branch.
  HTH

• Linking a new resouce with user account in Sun IDM via activesync

  Hi,
  I am having a new resource which contains the user records. Now I want to link that resource to the existing and new users in Sun IDM.
  I do not want to update and create user in the new resource. I just need that a link is created in Sun IDM when ever activesync runs on users account.
  Please guide me how to achieve the same.
  Regards,
  Nitin

  I'm afraid I can't share the exact code but it should be straight forward through the following:
  1. define a field (call it ldapDN)
  2. create a rule to user getResourceObjects to search for the user DN and return the DN to ldapDN.
  3. when ldapDN is not null, expand waveset.resources and add your LDAP resource, like:
  <Field name='waveset.resources'>
  <Expansion>
  <append>
  <s>LDAP</s>
  4. Then set the accountId for that resource as
  <Field ........ accounts[LDAP].accountId>
  <Default><s>ldapDN</s></Default>
  and you should be set... hope it helps.

• Oracle BPM (former ALBPPM) Hybrid LDAP Support for IDM

  So far ALBPM Enterprise (now Oracle BPM) had its best (by far) setup on a hybrid setting. In this case, ALBPM Directory had its own database, but authentication (users & groups) was set against an LDAP server (Sun One or Active Directory).
  Are there any plans to extend the hybrid configuration to Oracle IDM LDAP?
  Thanks.

  Create a new user oracle and proceed with the installation
  --> useradd -g oinstall oracle
  If your are forwarding your GUI using xming or vnc you would need to copy the xauth of root user and set it to oracle
  [server1:root] xauth list
  bangvmpllE.com/unix:11 MIT-MAGIC-COOKIE-1 b23d63374fe25a3577751b6b95b2210e
  [server1:root] sudo su - oracle
  [server1:oracle] export DISPLAY=localhost:10.0
  [server1:oracle] xauth add bangvmpllE.com/unix:11 MIT-MAGIC-COOKIE-1 b23d63374fe25a3577751b6b95b2210e

• Configure sun IDM 8.0

  I need the steps to configure sun IDM 8.0

  Hello,
  Download the package and go through the README.
  The IDM database storage method is the only one thing which is confusing. It can either be stored in the local file system or in the database. If you are planning for database, you have to install one of the database ( oracle,mysql etc) with proper connectors before the IDM installation.
  hint:BETTER GO FOR MYSQL.....................BCZ SUN ACQUIRED MYSQL :)
  Thanks,
  Sal.

• Anyone has experience with sun idm data exporter /warehouse funtionality ?

  Anyone has experience with sun idm data exporter /warehouse functionality. There is not much documentation about how to debug it. I created everything like in the document. Everything seems running fine. I get the following the server tasks->Run Tasks
  Data Warehouse Exporter      Data Warehouse Exporter      Configurator      executing
  Prior to that i created database and 50 tables as it said in the doc.
  I created accounts and modify email address. Nothing is getting to my warehouse database and i don;t know where to look for the errors. Any information is appreciated.

  Hi there,
  I have been looking at the source code and I think I have found the problem.
  IDM determines whether to update or create a resource account
  by attempting to fetch the user from the resource.
  If the user exists then update, otherwise create.
  In the code, if the user does not exist, the code throws the
  exception: EntityDoesNotExist(1301)
  The code then catches this exception
  and then returns a null back to IDM,
  indicating that the user does not exist.
  Well, that is what the code says but this does
  not match its actual behaviour....
  I then decompiled the actual class (jar) files
  and the code there does NOT catch the exception,
  so it bubbles up to IDM, which regards it as an error.
  Soo, the jar file that is on the website has a bug in it.
  The source code in SVN is correct, but it appears
  that the jar file was not rebuilt.
  I am attempting to rebuild a new version of the jar file...
  John I

• SUN IDM Failover means session failover concept

  Hi All
  Anybody have idea how to do configure failover in SUN IDM .
  Is there any session failover concept or not?
  If not then how we simple failover in SUN IDM?
  Thanks
  SAini

  Hi
  Came across this issue myself (just now) and fixed it so thought I'd comment. I appreciate this post is quite old now but this might help anyone else who has this issue.
  We are using IDM 8.1 and have 2 DSEE 6.3 instances - one master and one replica. In the help description for Failover Server on the LDAP resource configuration page it says:
  "List all servers in the form of "ldap://ldap.example.com:389/o=LdapFailover" which follows the standard LDAP v3 URLs described in RFC 2255. Only the host, port, and dn parts of the URL are relevant in this setting."
  We originally listed our second server as above and included the "/o=LdapFailover" bit on the end and we got the same error. We removed the "/o=LdapFailover" and just left "ldap://<host>:<port>" there and it all works.
  Hope this helps someone.

• Error while Reading Idocs from ECC 6.0 to Sun IDM .

  Hi Gurus,
  We have a scenerio where we have to update the Sun IDM Server with all the changes in HR Data happening in ECC.
  For that... we have
  1. Created a Logical System for Sun IDM server, Port, RFC Connection (TCP/IP).
  2. Assigned Partner Profiles, Distribution Model etc. for msg. type HRMD_A ;
  3. We have created a Communications User used by the IDM server to connect to ECC.
  Idocs are created daily and are in status 03 - Data passed to Port OK !
  and on the In Sun Identity manager 8.0 we have created SAP resource adapter for ECC 6.0,
  after giving resource parameters our test connection is successful.
  We also changed edit synchronisation policy for the same but when we start synchronisation in IDM, it is unable to read any idocs although Idocs are generated in SAP .
  Log file gives the message as "Incoming IDoc list request containing 0 documents"
  We also have one more error ;
  some times while doing a connection test : JCO.Server could not find server function '剆䍟偉乇'
  while most of the times the connection is successful.
  Please suggest .

  Hi Gurus,
  The error got resolved .
  The changes in the settings i did :
  SAP SIDE : Made the RFC Connection Unicode.
  IDM SIDE : Checked on the "SAP Server Unicode" checkbox; while doing the HR Activ Synch Settings.
  This Resolved the error.
  regards
  Vaibhav

• SUN IDM Role removal does not remove the set atributes

  Hi,
  I am using SUN IDM Roles to set a multi valued attrubute on a resource using merge with value property.
  But when I remove any of the assigned role the corresponding ATTRIBUTE value is not getting removed.
  Is there anything specific which needs to be done.
  eg: Role1 sets attribute PRIV on resource A to "ADMIN"
  Role2 sets attribute PRIV on resource A to "MANAGER"
  If I assign both Role1 and Role2 the PRIV will have "ADMIN" and "MANAGER"
  But if I remove Role1 still "ADMIN" is present under PRIV.
  Is there any workaround for this. Please advice.
  - Thanks, ARK

  Try using "Authoritative Merge with Value" instead of just "Merge with Value".

• Getting Error IDM8.1patch11WebLogic Server com/sun/idm/idmx/txn/Transaction

  I installed IDM 8.1 Patch 11 on WebLogic server. When I start the server I am getting following error. The Login page never shows up. I will appreciate if you can give me the pointer.
  ] Root cause of ServletException.
  java.lang.NoClassDefFoundError: com/sun/idm/idmx/txn/TransactionManager
       at com.waveset.ui.LoginHelper.csrfGuardTokenEnabled(LoginHelper.java:2471)
       at com.waveset.ui.LoginHelper.handleCSRFGuardToken(LoginHelper.java:2186)
       at jsp_servlet.__login._jspService(__login.java:251)
       at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at com.sun.idm.profiler.instrumentation.RequestTimingFilter.doFilter(RequestTimingFilter.java:76)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Edited by: 842717 on Mar 8, 2011 12:16 PM

  You are receiving this error because one of the fields being pulled from IdM, exceeds he column limit defined in the GLOBALUSERS database table.
  I received this error before because the PRIMARYEMAIL column in the GLOBALUSERS table was defined as [PRIMARYEMAIL] [nvarchar](50).
  I went into Microsoft SQL Server Management Studio and updated the field to [PRIMARYEMAIL] [nvarchar](100), and then the import worked.
  Hope this helps,
  Larry L. Viars | Senior Consultant
  Logic Trends, Identity & Access Management Specialists

• Error when calling powershell from Sun IDM

  Hello Experts,
  In our environment we have a powershell script which takes command-line arguments as input and creates mailbox. To create a mailbox for newly on-boarded user we just need to call this script and pass the args. When i run the script from Gateway server (by physically logging into the server) it works as expected but when i call the same script from Sun IDM (using resource actions) I'm getting the following error,
  The type initializer for 'InstanceContext' threw an exception
  any idea to fix or troubleshoot this?
  We are using Sun IDM 6.0 SP1 and exchange 2007.

  Which version of the Gateway?
  Are you calling the script with afterAction scriptcalls?
  Adapter or connector?
  I do know that the powershellcalls are supposed to have two restrictions which are truly hampering...
  1.0 (which means not remote calls?) and 32 bits.
  If you have any insights, please share :D
  I will start coding agains this next week I think, so I guess I will see all problems then :D