Auto Assign Organization - AD User Trusted Recon

Hi,
I am running a AD User trusted recon against a 2008 AD-DC.
AD Lookup Organizatoin recon doesn't work as it is a bug in OIM 11.1.1.3.0
I need to logically group the users into organizations in OIM.
For e.g., IF USER ATTRIBUTE IN AD Company = ABC, on recon the user should be created in OIM under Organization ABC
IF USER ATTRIBUTE IN AD Company = XYZ, on recon the user should be created in OIM under Organization XYZ
I have the exhaustive list of organizations being created in OIM.
Please let me know.
Thanks,
KJJ1983
Edited by: kjj1983 on Jan 8, 2012 2:16 AM

Not sure what lookup recon bug you are talking about in OIM 11.1.1.3, if you say that organization lookup does not work in 11.1.13 then effectively AD Trusted recon would not work in 11.1.1.3.
I can understand that since the pre-populate does not work, thus you cannot put any values in the user create HashMap. Thus if that is the case an if you want the organization in OIM should be computed based on user attribute in AD, then you can probably use the transformation class to calculate the same.
Doc: http://docs.oracle.com/cd/E11223_01/doc.910/e11197/extnd_func.htm#BGBBBCGE
-Bikash

Similar Messages

Need help in OID user Trusted recon

Hi all,
I am using oim9.1.0.1,oid 9.0.4.7.
When i run the OID user trusted recon it is bringing users based on pagesize.The problem is if i set the page size as 100 then it brought 98 users where as i have 30000 users in my OID.When i set the page size to 1000 it brought 998 users and ended the process.what i didn't understand is why it is not looping again and not bringing all my 30000 records.
regards,
Rajesh.

Hi All,
I ran the OID trusted recon which brought most of my records from OID.Now i got a requirement to rerun the scheduler one more time,but this time it is not picking the records which it already brought. I changed the recontimestamp to 0 but then also it didn't brought all the records.
Can anyone help me of how i can rerun the trusted recon again which will bring all my records.
Regards,
Rajesh

IPlanet User Trusted Recon

I've deployed iPlanet connector in OIM 11g.
Executed scheduler iPlanet User Target Recon. users are reconciled.
Bt when I try to execute iPlanet User Trusted Recon, no users are getting reconciled and even no events are generated.
For the scheduler iPlanet User Trusted Recon, the parameter Trusted Resource Object is Xellerate Users.
So for Xellerate Users RO, do I need to
add recon fields,
add recon action rules,
map recon fields in process def
and create recon rule
Is this the way to follow or is there something else I am missing....

Did you import "iPlanetXLResourceObject.xml" ?
Check Connector Guide (2.3.1.6 Configuring Trusted Source Reconciliation), it will ask you to perform some more steps for Trusted Recon.

Avoid certain ou containers during AD User Trusted recon

All,
Is there any way to not synchronize users from certain containers (such as cn=users on the AD side) during AD User Trusted Recon.
thanks in advance.
Prasad.

yes, why not try below
1. update "search base" in trusted recon scheduled task as perticular OU or any individual container
2. there is a search filter attribute in scheduled task where you can put expression
regards,
nayan

Trusted Recon: LDAP

Hi Experts,
I am doing trusted recon with LDAP and everything is fine.
1. While doing trusted recon i have to give organization name in the 'iPlanet Trusted User Recon' scheduled job. (say user in 'Temp' org)
2. After that Another scheduler would run and update the user's organization (now user in 'Org1')
3. If i run the trusted recon with some changes, user is again moved back to 'Temp'. This moving of user I don't want.
Any suggestions? any approach?
I thought of writing some post process event handler after user update to move back to old org. Does it recommendable?
Please give your iinputs.
Thanks

Not recommended because in that case it will raise the reconciliation event again... So, this back forth will happen at every recon cycle...
Trusted Recon will give it TEMP... Scheduler will give it ORG1... Next Recon will again give it TEMP... Scheduler will give it ORG1...
Better map ORG1 in the 'iPlanet Trusted User Recon itself...
Post Process Event Handler approach won't be necessary then... However, yes, if on the basis of some attribute it could be decided that this TEMP org is given by the 'iPlanet Trusted User Recon in the first attempt and the Post Process Event Handler won't do anything... And then when the scheduler again gives it ORG1.... Next time again the 'iPlanet Trusted User Recon will give it TEMP... This time the Post Process Event Handler should change it back to ORG1... However it would be quite inefficient design... Better map ORG1 in the Trusted Recon itself... Don't use TEMP at all.....
In iPlanet User Trusted Recon Task, Organization scheduler variable, provide ORG1...

Active Directory Trusted Recon ends with NullPointerException

Hi,
I have installed OIM 11.1.2.2.0 and AD connector version: ActiveDirectory 11.1.1.6.0. when i run "Active Directory Group Lookup Recon", I can see the groups created in "Lookup.ActiveDirectory.Groups". But when I tried to do "Active Directory User Trusted Recon" OIM given below error. I attached ITResource and Scheduler configurations.
Any help is greatly appreciated.
[2015-04-29T21:20:40.816+05:30] [oim_server1] [ERROR] [] [] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: eefe7b19b2a021e0:6c7958f0:14d05d5c757:-8000-000000000000009d,0] [APP: oim#11.1.2.0.0] [DSID: 0000Ko5qWtjFW7WFLz6UOA1LGFhL000004] Failed to communicate with any of configured Access Server, ensure that it is up and running.
[2015-04-29T21:20:40.863+05:30] [oim_server1] [NOTIFICATION] [] [oracle.iam.features.scheduler.agentry.operations] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: eefe7b19b2a021e0:6c7958f0:14d05d5c757:-8000-000000000000009d,0] [APP: oim#11.1.2.0.0] [DSID: 0000Ko5qWtjFW7WFLz6UOA1LGFhL000004] [[
java.lang.NullPointerException
at java.io.ByteArrayInputStream.<init>(ByteArrayInputStream.java:89)
at oracle.iam.scheduler.vo.JobHistory.getExceptionObject(JobHistory.java:123)
at oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1277)
at oracle.iam.features.scheduler.agentry.operations.LookupActor.refresh(LookupActor.java:3069)
at oracle.iam.features.scheduler.agentry.operations.LookupActor.receiveEvent(LookupActor.java:3056)
at oracle.iam.consoles.faces.mvc.canonic.Model.handleIntent(Model.java:975)
at oracle.iam.consoles.faces.mvc.canonic.Controller.doHandleIntent(Controller.java:533)
at oracle.iam.consoles.faces.mvc.canonic.Controller.doSelectAction(Controller.java:204)
at oracle.iam.consoles.faces.event.NavigationListener.processAction(NavigationListener.java:99)
at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXComponentBase.java:748)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:179)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:93)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:371)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:97)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:104)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:93)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:371)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:97)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:98)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:957)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:427)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:207)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:128)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:112)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:265)
at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:133)
at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

I believe suddenly after running use cases related with target recon, you are trying to run trusted recon.
Make sure you update the following value in IT Resource whenever u run it for trusted recon:
Configuration Lookup
This parameter holds the name of the lookup definition that stores configuration information used during reconciliation and provisioning.
If you have configured your target system as a target resource, then enterLookup.Configuration.ActiveDirectory.
If you have configured your target system as a trusted source, then enterLookup.Configuration.ActiveDirectory.Trusted.
Default value: Lookup.Configuration.ActiveDirectory
http://docs.oracle.com/cd/E22999_01/doc.111/e20347/deploy.htm#BABGFCFE
~J

Issue with OIM AD Trusted Recon

Hi All,
I am using OIM 11g BP05 and Active Directory Connector 11.1.1.5.0 version.
While running the Active Directory User Trusted Recon, I am getting below exception in logs:
<Dec 17, 2012 12:36:08 PM PST> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.RECON.SEARCHRECONTASK> <BEA-000000> <oracle.iam.connectors.icfcommon.recon.SearchReconTask : handle : Recon event skipped>
<Dec 17, 2012 12:36:09 PM PST> <Error> <oracle.iam.reconciliation.impl> <IAM-5010000> <Generic Information: {0}
oracle.iam.reconciliation.exception.InvalidDataFormatException: Required column name RECON_RECON_OBJECTGUID and value does not exist
     at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.checkRequiredColValue(ReconOperationsServiceImpl.java:1918)
     at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.convertReconFieldsToOIMFields(ReconOperationsServiceImpl.java:1506)
     at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:371)
     at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:356)
     at Thor.API.Operations.tcReconciliationOperationsIntfEJB.ignoreEventx(Unknown Source)
     at sun.reflect.GeneratedMethodAccessor1393.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
     at java.lang.reflect.Method.invoke(Method.java:611)
     at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
I have already added the field RECON_OBJECTGUID in the RO and mapped it in Process Definition and also created the reconcilliation profile. I don't know why it's looking for RECON_RECON_OBJECTGUID. I tried creating this column too in RO and did all the mapping and after that, its give the same error but column name is now RECON_RECON_RECON_OBJECTGUID.
Any pointers on this issue?
Regards,
Sunny
Edited by: delhi on Dec 17, 2012 3:02 PM

My Mistake, I was making RECON_OBJECTGUID as requiered field.

OIM 11 - Trusted Recon creates random number of users in "disabled" state

We are on OIM 11.1.1.5 with LDAP sync enabled to OID 11.
When creating users from trusted recon, we get a random number of users always created as "disabled". The recon event details shows orchestration:*create* and orchastration:*Enabled*. However Enable orchestration events show compensated or failed. And the user gets created in OIM as "disabled".
We have turned on the loggings for Trusted recon. But do not see any error for these specific number of users.
Has anyone seen this kind of behavior?
Thanks in advance for your answer!
MBiswal

I've seen this before if the user is created with a blank password. Run a select * from usr where usr_login='BARBERDW'; and validate that usr_password is not blank. It should be filled in with an encrypted value. If not, you need to look at your process handlers for setting this value.

One fundamental question: When users gets ceated in IDM from trusted recon

I have a very basic question which I am not able to understand.
When user accounts gets created in IDM from trusted recon, then the trusted recon resource object is not displayed in resource profile page of the user account. If we want to see whether the user account was created through trusted source or by manually by admin, then where can we see that?
This information is stored anywhere in IDM DB which will distinguish user accounts created through trusted recon and those created manually in IDM?
Please let me know if you are not able to understand my question.
Thanks,
Kalpana.

You may be able to use the USR_CREATEBY field in the database. For an admin created user this should contain the USR_KEY value of the admin who created the user. I think for a reconciliation created user it may contain the USR_KEY of the OIMINTERNAL user.

Few users getting reconciled after running trusted recon

Hi Experts,
i ran a trusted recon for a particular Active Directory search base and it reconciled only 6 out of some 50 odd users. I checked if the remaininig users are already present in OIM, which they are not. I checked all the parameters and they look fine. Please kindly guide me on some pressure points to check for errors.
Thank you for your time.

Verify data of your users. Check reconciliation events, if they generated for all users. That would give you some idea. Click on re-evaluate button there to relink that specific user. Also make sure xlReconbatchsize system property is set to 500(by default). Also make sure (if this is cusomt code), bulk execute method of your schedule task is implemented properly.
If nothing is clear, put logs here.
regards,
GP

AD Trusted Recon not working OOTB

I am using OIM 9.1 on Oracle Application Server 10g, Java 1.4.2 provided by the Oracle Application Server, in a RedHat environment.
I require multiple trusted resources -
1. flat file
2. AD (non-SSL)
My Flat File works fine, I can reconcile users in successfully. I have imported the Trusted Recon XML from AD already, and use the fields auto-generated from AD as my Xellerate User Recon Object mapping for the flat file.
However, when I run the scheduled task, ActiveDirectoryReconTask, it gives me two issues.
1) The scheduled task won't get out of "RUNNING" mode.
2) The scheduled task throws the following NoClassDefFoundError, as shown in the logs:
========================
DEBUG,14 May 2008 15:49:57,724,[XL_INTG.ACTIVEDIRECTORY],ActiveDirectoryRecon/performOrgReconciliation Start
DEBUG,14 May 2008 15:49:57,724,[XL_INTG.ACTIVEDIRECTORY],Before Connect
DEBUG,14 May 2008 15:49:57,756,[XL_INTG.ACTIVEDIRECTORY],After Connect
DEBUG,14 May 2008 15:49:57,756,[XL_INTG.ACTIVEDIRECTORY],
********tcADUtilLDAPController ----- Starting internal ldap search with SEARCH CONTROLS
DEBUG,14 May 2008 15:49:57,756,[XL_INTG.ACTIVEDIRECTORY],Before Searching
DEBUG,14 May 2008 15:49:57,762,[XL_INTG.ACTIVEDIRECTORY],After Searching
DEBUG,14 May 2008 15:49:57,768,[XL_INTG.ACTIVEDIRECTORY],ActiveDirectoryRecon/performOrgReconciliation: Org attributes are: {name=name: test, instancetype=instanceType: 4, ou=ou: test, usncreated=uSNCreated: 50129, usnchanged=uSNChanged: 50129, objectclass=objectClass: top, organizationalUnit, distinguishedname=distinguishedName: OU=test,DC=lab,DC=com, objectcategory=objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=lab,DC=com, objectguid=objectGUID: [B@a6a14b, whencreated=whenCreated: 20080428182832.0Z, whenchanged=whenChanged: 20080428182832.0Z}
DEBUG,14 May 2008 15:49:57,768,[XL_INTG.ACTIVEDIRECTORY],ActiveDirectoryRecon/getHashtableFromAttributes
DEBUG,14 May 2008 15:49:57,769,[XL_INTG.ACTIVEDIRECTORY],ActiveDirectoryRecon/getHashtableFromAttributes: dn :OU=test,DC=lab,DC=com
DEBUG,14 May 2008 15:49:57,769,[XL_INTG.ACTIVEDIRECTORY],Class tcADUtilDAPController :: getUsrParentOrg() :: usrDN :: OU=test,DC=lab,DC=com
08/05/14 15:49:57 Exception in thread "QuartzWorkerThread-2" java.lang.NoClassDefFoundError: netscape/ldap/LDAPDN
08/05/14 15:49:57      at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.getUsrParentOrg(Unknown Source)
08/05/14 15:49:57      at com.thortech.xl.schedule.tasks.ActiveDirectoryRecon.getHashtableFromAttributes(Unknown Source)
08/05/14 15:49:57      at com.thortech.xl.schedule.tasks.ActiveDirectoryRecon.getOrgHashtableFromAttributes(Unknown Source)
08/05/14 15:49:57      at com.thortech.xl.schedule.tasks.ActiveDirectoryRecon.performOrgReconciliation(Unknown Source)
08/05/14 15:49:57      at com.thortech.xl.schedule.tasks.ActiveDirectoryRecon.performReconciliationFirst(Unknown Source)
08/05/14 15:49:57      at com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask.execute(Unknown Source)
08/05/14 15:49:57      at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)
08/05/14 15:49:57      at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionAction.run(Unknown Source)
08/05/14 15:49:57      at Thor.API.Security.LoginHandler.oracleLoginSession.runAs(Unknown Source)
08/05/14 15:49:57      at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown Source)
08/05/14 15:49:57      at org.quartz.core.JobRunShell.run(JobRunShell.java:178)
========================
The error that is consistent is
08/05/14 15:49:57 Exception in thread "QuartzWorkerThread-2" java.lang.NoClassDefFoundError: netscape/ldap/LDAPDN
I am able to provision to this same AD Instance.
I've included all the relevant information below...
The scheduled task fields are as follows:
DeleteRecon:     false
FieldLookupCode:     Lookup.ADReconciliation.FieldMap
MaintainHierarchy:     true
Object:     AD User
Server:     ADITResource
TransformLookupCode:     Lookup.ADReconciliation.TransformationMap
UseFieldMapping:     true
UseTransformMapping:     false
XellerateOrg:     Xellerate Users
XellerateObject:     Xellerate User
GroupObject:     AD Group
MultiValueAttributes:     memberOf
StartRecord:     1
BatchSize:     2
NumberOfBatches:     All Available
My IT Resource is as follows:
AD Sync installed (yes/no):     no
ADDisableAttr Lookup Definition:     Lookup.ADProvisioning.DisableAttrLookup
ADGroup LookUp Definition:     Lookup.ADReconliation.GroupLookup
Admin FQDN:     [email protected]
Admin Login:     oimadmin
Admin Password:     *******
AtMap ADUser:     AtMap.AD
AtMap Group:     AtMap.ADGroup
Custom Attribute Name:
CustomizedReconQuery:
Last Modified Time Stamp:     0
Last Modified Time Stamp Group:
OIM User UDF:
Root Context:     OU=test,DC=lab,DC=com
SSL Port Number:     636
Server Address:     x.x.x.x
Target Locale: Country     US
Target Locale: Language     en
Use Disable Attr:     false
Use SSL:     false
My IT Resource Type Definition is as follows:
ADDisableAttr Lookup Definition:     Lookup.ADProvisioning.DisableAttrLookup
Use Disable Attr:     false
Target Locale: Language     en
Target Locale: Country     US
Server Address:
Root Context:
Admin FQDN:
Admin Password:          1
Use SSL:     false
SSL Port Number:     636
Admin Login:
AtMap ADUser:     AtMap.AD
AtMap Group:     AtMap.ADGroup
Last Modified Time Stamp:     0
Last Modified Time Stamp Group:     0
ADGroup LookUp Definition:     Lookup.ADReconliation.GroupLookup
CustomizedReconQuery:
AD Sync installed (yes/no):     no
Custom Attribute Name:
OIM User UDF:
My questions are:
1. Has anyone run into this issue, or know what the origin of this issue is? It looks like it's not picking up a class file. However, I have the LDAP jar downloaded, provisioning works fine.
3. How can I get my scheduled task to get out of RUNNING mode and actually stop? The "Last Stop Time" doesn't update, and the only time I can re-run the task is by bouncing the server.
Thanks for your help.
Message was edited by:
sake
Message was edited by:
sake

The problem that you are having is because the ldapsdk-4.17.jar is not in your third party directory.
To quote the deployment guide for the connector:
"You can search for and download the ldapsdk-4.17.jar file from the Internet and copy it into the OIM_home/xellerate/ThirdParty directory."
(Not the most clear and straightforward language but at least it is mentioned.)
You can get the SDK here: http://www.mozilla.org/directory/javasdk.html
I thought the 9.0.1.4 version was supposed to have transitioned over to pure JNDI but it seems like the connector stills uses some things in the old lib. Oracle also used to distribute the old Netscape build of this component as a part of the connector but it seems like someone (probably the Oracle lawyers) disliked this practice.
Good luck!
/M

OIM11g Error GTC trusted recon using Database Application Tables 9.1.0.5.0

Hi!
I'm using OIM 11g (11.1.1.3.0) with Database Application Tables 9.1.0.5.0.
I've setup GTC trusted recon connector as follows:
1st Step: Filled required Run time parameters
2nd Step: Mapped 11 fields
- User ID
- First Name
- Last Name
- Email
- Organization
- Role
- Design Console Access
- Status
- Employee Number
When I run the task I get an error in the log.
[2011-11-09T11:34:41.334-02:00] [oim_server1] [ERROR] [IAM-5010000] [oracle.iam.reconciliation.impl] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000JE8YQ9L1nZvLSYs1yc1EiM5O0000OA,0] [APP: oim#11.1.1.3.0] Generic Error/Information: {0}[[
oracle.iam.platform.utils.SuperRuntimeException: -9: Attribute field (EMPLOYEE_NUMBER) does not exist in table USR.
at oracle.iam.reconciliation.dao.ReconActionDao.executeBulkUserMatchCRUD(ReconActionDao.java:697)
at oracle.iam.reconciliation.impl.UserHandler.executeBulkCUD(UserHandler.java:568)
at oracle.iam.reconciliation.impl.BaseEntityTypeHandler.process(BaseEntityTypeHandler.java:34)
at oracle.iam.reconciliation.impl.ActionEngine.processBatch(ActionEngine.java:129)
at oracle.iam.reconciliation.impl.ActionEngine.execute(ActionEngine.java:90)
at oracle.iam.reconciliation.impl.ActionTask.execute(ActionTask.java:73)
at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy355.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:328)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3822)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
The error is "(EMPLOYEE_NUMBER) does not exist in table USR". This field is a default OIM field. If I remove it from the mapping, the recon works OK.
I have the same error if I mapping a UDF field that the label has a white space (eg.: Cost Center).
This happens with other default OIM field:
- Hire Date
- Display Name
Any idea?
Are there any workaround for this?
Thanks,
Ariel

Hi!
I found the bug in metalink "Bug 10041190 GTC Recon Failed With new OIM UDF Attribute Map If Attribute Name Has Space"
The workaround is: Don't use UDF's with a space in the attribute name.
This issue is fixed in 11.1.1.3.2
Thanks,
Ariel

Issue in evaluation of Role Membership Rule in gtc trusted recon.

Hi All,
I got a issue in evaluation of role membership in gtc trusted recon.
i created a custom UDF in user profile.i am updating that field from gtc trusted recon.
i created a rule based on that custom UDF.But that is not triggering while we run the gtc trusted recon.users are coming to oim from database .but rule is not evaluating.
if we manually create any user rule is evaluating.role is assingning .
how to solve this problem.it is very urgent for me.
thanks in advance.
-Hanuman

hi bikash,
i am using oim 11.1.1.5 version.
Access policy is triggering if role is assigned to the user ,when i directly create the user in oim, instead of gtc trusted recon.
that udf field is mobile status.it is custom udf .
Thanks & Regards,
Hanuman. T

......Trusted Recon With Oracle 11g Fail. All details explained

Ok...... How can I delete this post? ---- > I resolve the issues......
Hi, When I create the trusted Recon, connector sendme:
ERROR [ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)' org.apache.struts.actions.DispatchAction - Request[CreateConnector] does not contain handler parameter named method
follow by
ERROR [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' XELLERATE.SERVER - Class/Method: tcTableDataObj/setTimestamp encounter some problems: {1}
java.lang.NullPointerException
     at com.thortech.xl.dataobj.tcDataSet.setTimestamp(Unknown Source)
     at com.thortech.xl.dataaccess.tcDataSet.setTimestamp(Unknown Source)
     at com.thortech.xl.dataobj.tcTableDataObj.setTimestamp(Unknown Source)
     at com.thortech.xl.ddm.instance.visitor.ImportVisitor.visitStarted(Unknown Source)
===================================================================
Hi, I think I need to re install the GTC or OIM because all works fine (Recon with AD, Exchange... DataBase Provisioning) But when Im try to Recon with Oracle Databse11g Fails.
I read the manuals but nothing..... ok I do the next configs:
- Generic Technology Connector
- Create
=========================*Step 1*=================
Name                              ReconCity
Transport Provider (Reconciliation)................Database Application Tables Reconciliation
Format Provider (Reconciliation).....................Database Application Tables Reconciliation
Trusted Source Reconciliation.........................Selected
========================*Step 2*==================
Database Drive : oracle.jdbc.driver.OracleDriver
Database URL : jdbc:oracle:thin:@192.168.1.101:1521:DFGOB
Database User ID : system
Database Pass......: my_pass
parent Table/View
Name.......................: Recon_Users
Batch Size...............: All
Stop Reconciliat
ion Threshold..........: None
Stop Threshold........: None
Sourcedate Format: yyyy/MM/dd hh:mm:ss z
Reconcile Deletion
of Multival.................: "Selected"
Reconciliation
Type..........................: Full
========================*Step 3 (try 1)*===========
SOURCE.................*RECON STAGING*.......................*OIM*
USER_ID--------------> USER_ID -------------> User ID
FIRTS_NAME--------> FIRST_NAME ----------> FIRST_NAME
LAST_NAME---------> LAST_NAME ----------> . --> Yes, I map all fields to OIM
PASSWORD----------> PASSWORD ---------> .
EMAIL------------------> EMAIL ----------------> .
STATUS---------------> STATUS --------------> .
..........|Xellerate |--> ORGANIZATION ------------> .
..........|End-User |------> EMPLOYEE TYPE -----> .
..........|Full-Time |-------> USER TYPE ------------> .
- (STATUS values from my database table is: Active or Disabled)
- ( I try (Enabled/Disabled) )
For Fields USER_ID to STATUS
(Edit option)
Dataset.......................: Reconciliation Staging
Child Dataset Name :
Field Name.................: USER_ID
Mapping Action..........: Create mapping Without Transformation
Matching Only............: Not Applicable
Case-Insensitive........: Not Applicable
Data Type      *.............: String
Required.....................: Selected
For Fields ORGANIZATION to USER TYPE
(Add option)
Dataset........................: Reconciliation Staging
Child Dataset Name :
Field Name.................: ORGANIZATION
Mapping Action..........: Create mapping Without Transformation
Matching Only.............: Not Applicable
Case-Insensitive........: Not Applicable
Data Type      *.............: String
Required.....................: Selected
Input
Literal: Xellerate
===After save on step 4 I go to Resource Manager-->Manage Scheduled task--> RUN NOW and the log send me
DEBUG QuartzWorkerThread-4 XELLERATE.ADAPTERS - Class/Method: tcStructureUtil/getUserDefinedCols entered.
ERROR QuartzWorkerThread-4 XELLERATE.APIS - Class/Method: tcReconciliationOperationsBean/ignoreEventData encounter some problems: {1}
java.lang.NullPointerException
     at com.thortech.xl.dataobj.util.tcAttributeSource.getAttrColumnName(Unknown Source)
     at com.thortech.xl.dataobj.util.tcReconciliationUtil.getRuleElementWhere(Unknown Source)
     at com.thortech.xl.dataobj.util.tcReconciliationUtil.getRuleWhere(Unknown Source)
     at com.thortech.xl.dataobj.util.tcReconciliationUtil.getMatchedUserList(Unknown Source)
     at com.thortech.xl.dataobj.util.tcReconciliationUtil.getMatchedUserList(Unknown Source)
     at com.thortech.xl.dataobj.util.tcReconciliationUtil.ignoreEvent(Unknown Source)
     at com.thortech.xl.ejb.beansimpl.tcReconciliationOperationsBean.ignoreEventData(Unknown Source)
     at com.thortech.xl.ejb.beansimpl.tcReconciliationOperationsBean.ignoreEvent(Unknown Source)
     at com.thortech.xl.ejb.beans.tcReconciliationOperationsSession.ignoreEvent(Unknown Source)
     at com.thortech.xl.ejb.beans.tcReconciliationOperations_gmh3ba_EOImpl.ignoreEvent(tcReconciliationOperations_gmh3ba_EOImpl.java:692)
     at Thor.API.Operations.tcReconciliationOperationsClient.ignoreEvent(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(Unknown Source)
     at weblogic.security.Security.runAs(Security.java:41)
     at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
     at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
     at $Proxy62.ignoreEvent(Unknown Source)
     at com.thortech.xl.gc.runtime.GCScheduleTask.execute(Unknown Source)
     at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)
     at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionAction.run(Unknown Source)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(Unknown Source)
     at weblogic.security.Security.runAs(Security.java:41)
     at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
     at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown Source)
     at org.quartz.core.JobRunShell.run(JobRunShell.java:178)
     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:477)
ERROR QuartzWorkerThread-4 XELLERATE.GC.FRAMEWORKRECONCILIATION - Reconciliation Encountered error:
Thor.API.Exceptions.tcAPIException: java.lang.NullPointerException
     at com.thortech.xl.ejb.beansimpl.tcReconciliationOperationsBean.ignoreEventData(Unknown Source)
     at com.thortech.xl.ejb.beansimpl.tcReconciliationOperationsBean.ignoreEvent(Unknown Source)
     at com.thortech.xl.ejb.beans.tcReconciliationOperationsSession.ignoreEvent(Unknown Source)
     at com.thortech.xl.ejb.beans.tcReconciliationOperations_gmh3ba_EOImpl.ignoreEvent(tcReconciliationOperations_gmh3ba_EOImpl.java:692)
     at Thor.API.Operations.tcReconciliationOperationsClient.ignoreEvent(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(Unknown Source)
     at weblogic.security.Security.runAs(Security.java:41)
     at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
     at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
     at $Proxy62.ignoreEvent(Unknown Source)
     at com.thortech.xl.gc.runtime.GCScheduleTask.execute(Unknown Source)
     at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)
     at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionAction.run(Unknown Source)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(Unknown Source)
     at weblogic.security.Security.runAs(Security.java:41)
     at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
     at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown Source)
     at org.quartz.core.JobRunShell.run(JobRunShell.java:178)
     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:477)
WARN QuartzWorkerThread-4 XELLERATE.GC.FRAMEWORKRECONCILIATION - Though Reconciliation Scheduled task has encountered an error, Reconciliation Transport providers have been "ended" smoothly. Any provider operation that occurs during that "end" or "clean-up" phase would have been executed e.g. Data archival. In case you want that data to be a part of next Reconciliation execution, restore it from Staging. Provider logs must be containing details about storage entities that would have been archived
==========================================
========================*Step 3 (try 2)*==============
SOURCE..................*RECON STAGING*....................*OIM*
USER_ID--------------> USER_ID -------------> User ID
FIRTS_NAME--------> FIRST_NAME ----------> FIRST_NAME
LAST_NAME---------> LAST_NAME ----------> .
PASSWORD----------> PASSWORD ----------> .
EMAIL------------------> EMAIL -----------------> .
........|Xellerate |--> ORGANIZATION -------------> .
........|End-User |------> EMPLOYEE TYPE ------> .
........|Full-Time|-------> USER TYPE --------------> .
........|Active |------> SATUS -----------------> .
- (On STATUS I try (*Active/Enabled/Disabled*) )
For Fields USER_ID to EMAIL
(Edit option)
Dataset.......................: Reconciliation Staging
Child Dataset Name :
Field Name.................: USER_ID
Mapping Action.........: Create mapping Without Transformation
Matching Only.............: Not Applicable
Case-Insensitive.........: Not Applicable
Data Type      *..............: String
Required.......................: Selected
For Fields ORGANIZATION to STATUS
(Add option)
Dataset.......................: Reconciliation Staging
Child Dataset Name :
Field Name................: STATUS
Mapping Action..........: Create mapping Without Transformation
Matching Only............: Not Applicable
Case-Insensitive........: Not Applicable
Data Type      *.............: String
Required......................: Selected
Input
Literal: Active
===After save on step 4 I go to Resource Manager-->Manage Scheduled task--> RUN NOW and the log sende me the same ERRROR posted up.
===============Step 3 (try 3)=======================
SOURCE...................*RECON STAGING*...................... OIM
USER_ID--------------> USER_ID -----------> User ID
FIRTS_NAME--------> FIRST_NAME ----------> FIRST_NAME
LAST_NAME---------> LAST_NAME ----------> .
PASSWORD----------> PASSWORD ----------> .
EMAIL------------------> EMAIL ------------> .
USER_STATUS----| T |--> USER_STATUS ---> .
.....................................|
.........................|Lookup.M4..|
............|Xellerate |--> ORGANIZATION ------------> .
............|End-User |------> EMPLOYEE TYPE ------> .
............|Full-Time |-------> USER TYPE -------------> .
- (USER_STATUS have the next Values: True/False)
For Fields USER_ID to EMAIL
(Edit option)
Dataset.......................: Reconciliation Staging
Child Dataset Name :
Field Name.................: USER_ID
Mapping Action..........: Create mapping Without Transformation
Matching Only.............: Not Applicable
Case-Insensitive.........: Not Applicable
Data Type      *..............: String
Required......................: Selected
For Fields ORGANIZATION to USER_TYPE
(Add option)
Dataset........................: Reconciliation Staging
Child Dataset Name :
Field Name................: ORGANIZATION
Mapping Action..........: Create mapping Without Transformation
Matching Only............: Not Applicable
Case-Insensitive........: Not Applicable
Data Type      *.............: String
Required.....................: Selected
Input
Literal: Xellerate
Dataset.......................: Reconciliation Staging
Child Dataset Name:
Field Name................: USER_STATUS
Mapping Action.........: Create Mapping with Translation
Matching Only...........: Not Applicable
Case-Insensitive.......: Not Applicable
Data Type      *............: String
Required....................: Selected
Field Name USER_STATUS
Input
Dataset........:Source
Field Name :USER_STATUS
Lookup Code Name
Literal...........: Lookup.M4.Recon
===============
Lookup Definition
Code : Lookup.M4Recon
Field:
Lookup Type(Selected)
Required (Not Selected)
Group: Object
Lookup Code Info
| Code Key | Decode |
1 | True/False | Active/Disabled|
===After save on step 4 I go to Resource Manager-->Manage Scheduled task--> RUN NOW and the log sende me the same ERROR posted up.=============
I hope you can help me, Thanks.....
Edited by: user11296330 on Oct 18, 2009 8:55 PM
Edited by: user11296330 on Oct 18, 2009 10:10 PM
Edited by: user11296330 on Oct 19, 2009 3:33 PM
Edited by: user11296330 on Oct 20, 2009 1:52 AM
Edited by: user11296330 on Oct 21, 2009 9:08 AM
Edited by: user11296330 on Nov 8, 2009 10:16 PM
Edited by: user11296330 on Nov 8, 2009 10:20 PM

Hi amigo I solve my problem with the next:
OK, all above is good but in the manual they mistake something.... one step.
(All succesful with --> ========================*Step 3 (try 2)*==============)
1.- Ok, if you got every thing like above the last thing you need is follow the next link:
http://www.oracle.com/technology/obe/fusion_middleware/im1014/oim/obe12_using_gtc_for_reconciliation/using_the_gtc.htm
Go to: "Modifying the GTC" ( just do this part)
Restart the OIM and Enjoy it.
Good day Amigo.
And don't forget on step three:
Click the Edit icon of the User ID field of the OIM - User data set.
b. On the Step 1: Provide Field Information page:
- From the Mapping Action list, select Create Mapping Without Transformation.
- Select Matching Only.
- Click Continue.
Mapping Information page, select Reconciliation
Staging from the Dataset list, select EMPLOYEE_ID (your ID Field) from the Field Name
list, and then click Continue.
If something go bad, tell me the steps like I did with the log.... see ya
Edited by: user11296330 on Nov 8, 2009 9:57 PM
Edited by: user11296330 on Nov 8, 2009 10:21 PM

Trusted Recon OIM Password Setup

Hi Experts.
My User profiles are stored in Oracle Data base table and I am reconciling the users every 10 minutes using the trusted reconciliation. I have done the following mapping in GTC in admin Console.
Source Attribute Name = OIM Attribute Name
first_name = First Name
User_ID = User ID
Last_Name = Last Name
UserType = User Type
Password = Password
employeeType=Employee Type
Department = Organization
After Mapping is Done and I have run the reconciliation using the adminconsole > Resource Management > Manage Schedule Task > my trust_gtc
I am getting the following error while running the reconciliation. The error details are given below.
ERROR,20 May 2010 14:00:57,015,[XELLERATE.DATABASE],Class/Method: tcDataBase/rollbackTransaction encounter some problems: Rollback Executed From
java.lang.Exception: Rollback Executed From
at com.thortech.xl.dataaccess.tcDataBase.rollbackTransaction(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.rollback(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.doRollback(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.createUserRecord(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.applyActionRules(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.checkDataSorted(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.eventPostUpdate(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.finishDataReceived(Unknown Source)
at com.thortech.xl.schedule.jms.reconOffline.ProcessOfflineReconMessages.finishReconciliationEvent(Unknown Source)
at com.thortech.xl.schedule.jms.reconOffline.ProcessOfflineReconMessages.execute(Unknown Source)
at com.thortech.xl.schedule.jms.messagehandler.MessageProcessUtil.processMessage(Unknown Source)
at com.thortech.xl.schedule.jms.messagehandler.ReconMessageHandlerMDB.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:327)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4547)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4233)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3709)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:114)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5058)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
I have fixed the above problem using the design console > Process Management >my trust_GTC > reconciliation field mappings and edit the Password field and it mapped to User Password to Identity. After mapping the Password to Identity then reconciliation went successfully. After that I couldn't able to login to admin console using the password as provided in the reconciliation mapping. I am getting error Invalid User.
But I am able to login to the admin console with user name and password as the same (User ID).
I couldn't figure out what went wrong. Why password is taking as user name in the password field while doing the trusted reconciliation.
Any body face this issue. Please help me.
Thanks
IDMOIM.

Hi,
This is default functionality of OIM when you create a user through Recon its user id will be mapped as his password.
If you have different password for created user you can achieve the same through Per-Insert adpater.
Let me know if you have any query for the same...
Regards
Alabhya Goel

Auto Assign Organization - AD User Trusted Recon

Similar Messages

Maybe you are looking for