Bulk load in OIM 11g enabled with LDAP sync
Have anyone performed bulk load of more than 100,000 users using bulk load utility in OIM 11g ?
The challenge here is we have OIM 11.1.1.5.0 environment enabled with LDAP sync.
We are trying to figure out some performance factors and best way to achieve our requirement
1.Have you performed any timings around use of Bulk Load tool. Any idea how long will it take to LDAP sync more than 100,000 users into OID. What are the problems that we could encounter during this flow ?
2.Is it possible we could migrate users into another environment and then swap this database for the OIM database? Also is there any effective way to load into OID directly ?
3.We also have some custom Scheduled Task to modify couple of user attributes (using update API) from the flat file. Have you guys tried such scenario after the bulk load ? And did you face any problem while doing so ?
Thanks
DK
to Update a UDF you must assign a copy value adpter in Lookup.USR_PROCESS_TRIGGERS(design console / lookup definition)
eg.
CODE --------------------------DECODE
USR_UDF_MYATTR1----- Change MYATTR1
USR_UDF_MYATTR2----- Change MYATTR2
Edited by: Lighting Cui on 2011-8-3 上午12:25
Similar Messages
-
How to update UDF in OID11g(OIM 11g configured with LDAP SYNC)
Hi All,
I have configured OIM11g with LDAP SYNC and it is working fine. i have added some UDF on the user creation form and the same attributes has been created on OID as well. Now, when i create users on OIM with these custom attributes the values are not getting updated on OID resource, can anyone please let me know how to update these attributes on OID?
Thanks in advance,to Update a UDF you must assign a copy value adpter in Lookup.USR_PROCESS_TRIGGERS(design console / lookup definition)
eg.
CODE --------------------------DECODE
USR_UDF_MYATTR1----- Change MYATTR1
USR_UDF_MYATTR2----- Change MYATTR2
Edited by: Lighting Cui on 2011-8-3 上午12:25 -
OVD/OID group reconciliation in OIM 11g with LDAP sync
Hi All!
Is it possible to reconcile OID groups to OIM using LDAP sync? How to achieve such configuration?
I have OIM with LDAP sync and user and roles provisining to OVD is working.
best
mpHi,
I want to Integrate OIM and OID. Can you guide me in doing so?. The platform I will use is Windows 2003 Server, OIM version is 9.1. Also please tell me which version of OID i should use.
Note: I am new to OID and OIM.
Thanks in advance.
Regards,
Kazmi -
Error running Organization Lookup Recon in OIM 11g R2 with Active Directory
Hi all,
I have an implementation of OIM 11g R2, with an Active Directory 11.1.1.5.0 connecting to an instance of Active Directory on Windows Server 2008. I am trying to run the "Active Directory Organization Lookup Reconciliation" scheduled task, but the job fails with this error:
oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=ActiveDirectory.Connector bundleVersion=1.1.0.6380 connectorName=Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector ) not found
This is the full stack trace from the oim_domain.log file:
oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=ActiveDirectory.Connector bundleVersion=1.1.0.6380 connectorName=Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector ) not found
at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:176)
at oracle.iam.connectors.icfcommon.recon.AbstractReconTask.init(AbstractReconTask.java:115)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:382)
at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:135)
at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:116)
at sun.reflect.GeneratedMethodAccessor739.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:266)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:75)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
The Connector Server is installed on the AD instance, and the key has been set, and used appropriately in the Active Directory Connector Server IT Resource in OIM.
Any advice on how to resolve this error or on any possible causes would be much appreciated, thank you.From the installation media, copy and extract contents of the bundle/ActiveDirectory.Connector-1.1.0.6380.zip file to the CONNECTOR_SERVER_HOME directory
Refer http://docs.oracle.com/cd/E22999_01/doc.111/e20347/deploy.htm#CHDDJGIG -
OIM 11g - Issue with Bulk Load Utility for Account Data
Hi,
We are trying to load the account data for users in OIM 11g using bulk load utility.
We are trying to load the account data for resource "iPlanet". For testing purpose, we made one account entry in csv file and run the bulk load utility. After the bulk load process completes, we have noticed that resource is provisioned to the user multiple times and multiple entries have been created in process form table.
We have tried to run the utility multiple times with a different user record each time.
The out put of the below sql query:
SELECT MSG FROM OIM_BLKLD_LOG
WHERE MODULE = 'ACCOUNT' AND LOG_LEVEL = 'PROGRESS_MSG'
ORDER BY MSG_SEQ_NO;
is coming as follows:
MSG
Number of Records Loaded: 126
Number of Records Loaded: 252
Number of Records Loaded: 504
Number of Records Loaded: 1008
Number of Records Loaded: 2016
Number of Records Loaded: 4032
We have noticed that each time the number of records loaded is increased to double from the records loaded in last run even when the csv file contains only one record.
Provided below are the parent and child csv file entries.
Parent file:
UD_IPNT_USR_USERID,UD_IPNT_USR_FIRST_NAME,UD_IPNT_USR_LAST_NAME,UD_IPNT_USR_COMMON_NAME,UD_IPNT_USR_NSUNIQUEID
KPETER,Peter,Kevin,Peter Kevin,
Child file 1:
UD_IPNT_USR_USERID,UD_IPNT_GRP_GROUP_NAME
KPETER,group1
Child file 2:
UD_IPNT_USR_USERID,UD_IPNT_ROL_ROLE_NAME
KPETER,role1
Can you please throw some insight on what could be the potential cause for this issue and how it could be resolved?
Thanks
Deepa
Edited by: user10955790 on Jun 25, 2012 6:45 AMHi Deepa,
I know from 'User load' perspective that is required to restart Oracle Identity Manager when we need to reload data that was not loaded during the first run.
So, my suggestion is restart it before reload.
Reference: http://docs.oracle.com/cd/E21764_01/doc.1111/e14309/bulkload.htm#CHDEICEH
I hope this helps,
Thiago Leoncio. -
Role creation in OIM 11.1.1.5.0 fails with LDAP Sync Enabled
I am in the process of configuring LDAP sync for OIM 11.1.1.5.0 with ODSEE.
At this time, when I add a user in OIM, I can see that the user gets created in LDAP under the LDAP dn that I supplied when configuring OIM (Configuration process screen name = "LDAP Server Continued", field name = "LDAP User Container")
However when I try to add a role in OIM, the call fails. OIM server logs have the following exception message:
<Jul 14, 2011 1:21:52 PM EDT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
<Jul 14, 2011 1:21:53 PM EDT> <Error> <oracle.iam.platform.entitymgr.provider.ldap> <IAM-0042002> <An error occurred while creating the entity in LDAP, and the corresponding error is - {0}
javax.naming.NameNotFoundException: Error: NO_SUCH_OBJECT
null [Root exception is oracle.ods.virtualization.service.VirtualizationException]
at oracle.ods.virtualization.jndi.OVDUtil.mapErrorCode(OVDUtil.java:151)
at oracle.ods.virtualization.jndi.OVDContext.createSubcontext(OVDContext.java:512)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:183)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.createSubcontext(LDAPUtil.java:1045)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.create(LDAPDataProvider.java:487)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:291)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:239)
at oracle.iam.ldapsync.impl.eventhandlers.role.RoleCreateLDAPHandler.create(RoleCreateLDAPHandler.java:128)
at oracle.iam.ldapsync.impl.eventhandlers.role.RoleCreateLDAPHandler.execute(RoleCreateLDAPHandler.java:46)
at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:898)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:634)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:664)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:435)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:381)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:334)
at oracle.iam.identity.rolemgmt.impl.RoleManagerImpl.create(RoleManagerImpl.java:188)
at oracle.iam.identity.rolemgmt.api.RoleManagerEJB.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
Any idea whats going on?
When configuring OIM, I provided a value for the "LDAP Role Container" as "ou=Groups,dc=mycompany,dc=com". The docs shown an example of "cn=groups, dc=mycountry, dc=com" (see http://download.oracle.com/docs/cd/E21764_01/install.1111/e12002/oidonly.htm#CDDDIAIC, step 18). Could this difference in container type be causing this problem?
Any idea where OIM stores this container information if I wanted to test ldap sync with the different roles container?
Thanks
Aspi Engineer
Putnam InvestmentsAspi,
OIM keeps its ldap config under "$IDM_HOME/server/ldap_config_util" as "ldapconfig.props"
Thanks,
Sandeep Gupta -
Error while running bulk load utility for account data with CSV file
Hi All,
I'm trying to run the bulk load utility for account data using CSV but i'm getting following error...
ERROR ==> The number of CSV files provided as input does not match with the number of account tables.
Thanks in advance........Please check your child table.
http://docs.oracle.com/cd/E28389_01/doc.1111/e14309/bulkload.htm#CHDCGGDA
-kuldeep -
OIM 11g issues with design console, creating resource
Hi All,
I have installed OIM 11g, OAM 11g.
I am facing issues while starting design console or creating a resouce.
<Sep 2, 2010 9:30:53 PM GMT+05:30> <Error> <XELLERATE.SCHEDULER.TASK> <BEA-0000
0> <Error while calling reissue on AUD_JMS messages
com.thortech.xl.dataaccess.tcClientDataAccessException:
at com.thortech.xl.dataaccess.tcDataBaseClient.getDatabaseProductName(t
DataBaseClient.java:944)
at com.thortech.xl.schedule.tasks.ReIssueAuditMessage.processAllByIdent
fier(ReIssueAuditMessage.java:87)
at com.thortech.xl.schedule.tasks.ReIssueAuditMessage.execute(ReIssueAu
itMessage.java:78)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerB
seTask.java:384)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:144)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:16
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.
ava:529)
>
<Sep 2, 2010 9:30:53 PM GMT+05:30> <Error> <XELLERATE.DATABASE> <BEA-000000> <Cl
ass/Method: tcDataBaseClient/bindToInstance encounter some problems: java.lang.A
ssertionError: Can only export activatable objects
oracle.iam.platform.utils.ServiceInitializationException: java.lang.AssertionErr
or: Can only export activatable objects
at oracle.iam.platform.Platform.getService(Platform.java:264)
at oracle.iam.platform.OIMInternalClient.getService(OIMInternalClient.ja
va:152)
at com.thortech.xl.dataaccess.tcDataBaseClient.bindToInstance(tcDataBase
Client.java:151)
at com.thortech.xl.dataaccess.tcDataBaseClient.<init>(tcDataBaseClient.j
ava:75)
at com.thortech.xl.server.tcDataBaseClient.<init>(tcDataBaseClient.java:
33)
at com.thortech.xl.client.dataobj.tcDataBaseClient.<init>(tcDataBaseClie
nt.java:67)
Please helpYou need to copy the files from the linux box to a windows box and change the startup paramaters to meet that of a Windows machine.
I have the following files once moved to my windows machine:
basecp.bat:
>
set CLASSPATH=.;.\lib\oimclient.jar;.\lib\iam-platform-auth-client.jar;.\lib\iam-platform-pluginframework.jar;.\lib\iam-platform-utils.jar;.\lib\iam-platform-context.jar;.\lib\XellerateClient.jar;.\lib\xlAPI.jar;.\lib\xlLogger.jar;.\lib\xlVO.jar;.\lib\xlUtils.jar;.\lib\xlCrypto.jar;.\lib\xlAuthentication.jar;.\lib\xlDataObjectBeans.jar;.\ext\log4j-1.2.8.jar;.\ext\jhall.jar;
>
classpath.bat:
>
call basecp.bat
set CLASSPATH=%CLASSPATH%;.\ext\spring.jar;.\ext\security-api.jar;.\ext\commons-logging.jar;.\ext\logging-utils.jar;.\ext\jakarta-oro-2.0.8.jar;.\ext\bsh.jar;.\ext\mail.jar;.\ext\jboss-j2ee.jar;.\ext\jboss-jaas.jar;.\ext\jbosssx.jar;.\ext\jts.jar;.\ext\jbossall-client.jar;.\ext\concurrent.jar;.\ext\getopt.jar;.\ext\gnu-regexp.jar;.\ext\jacorb.jar;.\ext\jboss-client.jar;.\ext\jboss-common-client.jar;.\ext\jbosscx-client.jar;.\ext\jbossha-client.jar;.\ext\jboss-iiop-client.jar;.\ext\jbossjmx-ant.jar;.\ext\jboss-jsr77-client.jar;.\ext\jbossmq-client.jar;.\ext\jboss-net-client.jar;.\ext\jbosssx-client.jar;.\ext\jboss-system-client.jar;.\ext\jboss-transaction-client.jar;.\ext\jcert.jar;.\ext\jmx-connector-client-factory.jar;.\ext\jmx-ejb-connector-client.jar;.\ext\xdoclet-module-jboss-net.jar;.\ext\jsse.jar;.\ext\jnet.jar;.\ext\jmx-rmi-connector-client.jar;.\ext\jmx-invoker-adapter-client.jar;.\ext\jnp-client.jar;.\ext\wlfullclient.jar;.\ext\webserviceclient+ssl.jar;.\ext\sas.jar;.\ext\oc4jclient.jar;.\ext\ejb.jar;.\ext\oscache.jar;.\ext\commons-logging.jar;.\ext\javagroups-all.jar
>
xlclient.cmd:
>
@echo off
setlocal
call classpath
REM SET DEBUG_OPTS=-classic -Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5001 -DXL.RedirectSysOutErrToFile=TRUE -DXL.SysOutErrLogFile=.\logs\Client.System.Out.Err.log
REM Make sure to remove java.naming.provider.url and read it from the configuration
REM once the JNDI Profiles are implemented.
REM make sure you are using j2sdk1.4.2_05
"C:\jdk1.6.0_22\bin\java" %DEBUG_OPTS% ^
-DXL.ExtendedErrorOptions=TRUE -DXL.HomeDir=C:\oracle\oim1_11g\designconsole ^
-Djava.security.policy=config\xl.policy ^
-Dlog4j.configuration=config\log.properties ^
-Dweblogic.security.SSL.trustedCAKeyStore=%TRUSTSTORE_LOCATION% ^
-Djava.security.manager -Djava.security.auth.login.config=config\authwl.conf ^
com.thortech.xl.client.base.tcAppWindow -server server
endlocal
>
See if this works.
-Kevin -
Hi,
Am looking for some document for reporting in OIM11g using BI Publisher. I couldn't get any doc on how the reports work and how to customize a report.
Can any help me in getting a report documentation in OIM 11g.
The only link i can search is
http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14309/understanding.htm#BABHJIEH
http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14316/workingrep.htm#CHDFBEFI
Thanks in AdvanceHi,
I was able to deploy the default reports that are generated during installation.
Am adding an extra attribute to the existing reports and trying to display the value in the output report. I can see the template to display is defined in .rtf file.
But am unable to print the extra attribute value. How do I map this value in rtf file ?
example: by default in a report I have Fname, Lname and Userid. Am adding extra attribute EmailID. But am unable to generate the value of emaild id in the report.
How do I map it in rtf file ?? -
Organization field in Bulk Load for OIM
Adding users in Bulk load utility- what is the field for 1)organization and 2)Role
How to add user under a particular Role?Pass organization name for Organization attribute and User Type for Role attribute. if you don't pass anything below default value is being passed
ORG_NAME: Xellerate Users
USR_TYPE: End-User
USR_STATUS: Active
USR_EMP_TYPE: Full-Time
If you have Role and membership in the external system you can import those things as well using this utility
http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/bulkload.htm#BJEHFIBC -
OIM-OAM integration and LDAP Sync
Hello All, I have deployed OIM 11g R2 and OAM/OVD 11.1.1.5. Now I need to enable LDAP sync for OIM-OAM integration and I'm not allowed to extend Oracle schema in AD. So I decided to use OUD for FMW schema and I have completed all those steps and OUD is up and running. Since my enterprise directory is AD and OUD is my FMW directory, I need to think of a split profile setting in OVD. I'm following this link http://fusionapplications-ateam.blogspot.com/2012/04/split-profiles-with-ad-and-oid-for.html for this deployment. I have OVD adapters configured for AD, OUD, Join view and changelog. The link does not clearly explain the steps in OIM for LDAP Sync.
When I configure LDAP Sync in OIM, should I point the sync to the OUD users container?
When and how this cn=shadowentries container will be used? I understand that the password (obattributes) are used for password management by OAM, but wondering where will that get stored in OUD?
Please let me know your thoughts.
Thanks.Hi,
when I use url:
http://idm1:14000/admin/faces/pages/Admin.jspx
I get Access Manager login page, I can click links: register new user, reset password and I get correct OIM pages. But when I type xelsysadm and password I get error on the next page:
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
I can't logon to EM, OAMconsole, Weblogic etc. when the OAM is running. In OIM log I got errors from oam-agent: "User is not authorized to access resource, MinorCode: DENY, MajorCode: DENY".
I have got user xelsysadm in OIM and in LDAP, when the OAM is not running I can login to OIM, create users in OIM (they appear in OID) etc. The user xelsysadm is added to group: OAMAdministrators. Also when I try to logon to OAM console (http://idm1:7001/oamconsole) using orcladmin name I get error: Access to administration console is restricted. But when I use weblogic username (the user is in OAMAdministrators group in OID) i can get OAMconsole.
How can I change logon type in OIM?
best
mp
Edited by: J23 on 2011-01-10 00:47 -
How to authenticate OIM from AD using LDAP sync
Hi Team,
We do not want to use password synchronization connector for AD password sync to OIM
After reading few article' I found two probable ways for it:
1. Authenticate OIM via AD using libOVD with OIM and LDAP sync enable
2. Authenticate OIM via AD using libOVD, OID and LDAP sync enable.
Please suggest whether theses approcahes are practicaly possible or not.
If yes then please shae related architecture docs.
Thanks,
GauravHere is the one of the doc:
Configuring LDAP Authentication When LDAP Synchronization is Enabled -
hi,
i am trying to figure out how to move existing user from OIM to OID in bulk.
Is there anyway by which we can move all the existing user in OIM simultaneously rather than one by one through resource profile by provisioning.
Regards
PegasusI don't know if I understood the question, ignore me if I'm wrong.
If you want to provision all your users in a Resource you can do the following:
1) Create an "Access Policy" through Admin. Console, wich provisions your OID Resource (ensure you check the "Retrofit Access Policy" Checkbox!)
2) When creating the Policly you'll be asked to select the Users Groups that will be affected by the policy. As all OIM users belong to "ALL USERS" group, you can assign your Access Policy to this group. By the way I would consider to create a new Users Group if there is any chance that you add a user to OIM who you won't need to be provisioned in OID.
You can have a look to chapters 10 and 11 in the Admin. Console Documentation:
link
Shout me if I missunderstood you ;)
Regards, -
How to configure SOA Suite 11g Worklist with LDAP Identity Store
Hi
Im trying to configure the worklistapp to use an ldap identity store (SOA Suite 11g)
The ldap is a open source ldap (Open DS in this case), is NOT : OID, OVD, Active Directory, WLS OVD, IPlanet.
for doing so, i did the next configurations:
workflow-identity-config.xml
<configuration realmName="realm1">
<provider providerType="JPS" name="JpsProvider" service="Identity">
<property name="jpsContextName" value="worklist" />
</provider>
</configuration>
jps-config.xml
<?xml version="1.0" encoding="UTF-8" standalone='yes'?>
<jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" schema-major-version="11" schema-minor-version="1">
<!-- This property is for jaas mode. Possible values are "off", "doas" and "doasprivileged" -->
<property name="oracle.security.jps.jaas.mode" value="off"/>
<property name="custom.provider" value="true"/>
<serviceProviders>
<serviceProvider type="IDENTITY_STORE" name="idstore.ldap.provider" class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider">
<description>LDAP-based IdentityStore Provider</description>
</serviceProvider>
</serviceProviders>
<serviceInstances>
<serviceInstance name="idstore.ldap.opends" provider="idstore.ldap.provider">
<property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<property name="idstore.type" value="CUSTOM"/>
<property name="ldap.url" value="ldap://host:port"/>
<property name="subscriber.name" value="dc=company,dc=com"/>
<property name="search.type" value="SIMPLE"/>
<property name="security.principal" value="cn=adminuser,dc=company,dc=com"/>
<property name="security.credential" value="!adminuser_password"/>
<property name="user.login.attr" value="cn"/>
<property name="username.attr" value="cn"/>
<property name="groupname.attr" value="cn"/>
<extendedProperty>
<name>group.mandatory.attrs</name>
<values>
<value>cn</value>
<value>objectClass</value>
</values>
</extendedProperty>
<extendedProperty>
<name>group.object.classes</name>
<values>
<value>top</value>
<value>groupOfUniqueNames</value>
</values>
</extendedProperty>
<extendedProperty>
<name>group.filter.object.classes</name>
<values>
<value>groupOfUniqueNames</value>
</values>
</extendedProperty>
<extendedProperty>
<name>group.member.attrs</name>
<values>
<value>uniqueMember</value>
</values>
</extendedProperty>
<extendedProperty>
<name>group.search.bases</name>
<values>
<value>o=groups,dc=company,dc=com</value>
</values>
</extendedProperty>
<extendedProperty>
<name>user.mandatory.attrs</name>
<values>
<value>cn</value>
<value>objectClass</value>
<value>sn</value>
</values>
</extendedProperty>
<extendedProperty>
<name>user.object.classes</name>
<values>
<value>organizationalPerson</value>
<value>person</value>
<value>inetOrgPerson</value>
<value>top</value>
</values>
</extendedProperty>
<extendedProperty>
<name>user.filter.object.classes</name>
<values>
<value>inetOrgPerson</value>
</values>
</extendedProperty>
<extendedProperty>
<name>user.search.bases</name>
<values>
<value>o=users,dc=company,dc=com</value>
</values>
</extendedProperty>
</serviceInstance>
</serviceInstances>
<jpsContexts default="default">
<jpsContext name="worklist">
<serviceInstanceRef ref="credstore"/>
<serviceInstanceRef ref="keystore"/>
<serviceInstanceRef ref="policystore.xml"/>
<serviceInstanceRef ref="audit"/>
<serviceInstanceRef ref="idstore.ldap.opends"/>
</jpsContext>
</jpsContexts>
</jpsConfig>
but i get the error:
Jul 2, 2009 12:52:40 PM oracle.security.jps.internal.idstore.util.IdentityStoreUtil getIdentityStoreFactory
WARNING: The identity store factory name is not configured.
Jul 2, 2009 12:52:40 PM oracle.bpel.services.common.ServicesLogger __logException
SEVERE: <.> Error in authenticating user.
Error in authenticating and creating a workflow context for user realm1/user1.
Verify that the user credentials and identity service configurations are correct.
ORABPEL-30501
Error in authenticating user.
Error in authenticating and creating a workflow context for user sigfe.com/user1.
Verify that the user credentials and identity service configurations are correct.
at oracle.bpel.services.workflow.verification.impl.VerificationService.authenticateUser(VerificationService.java:603)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
So, anyone knows how i can specify the identity store factory?
or the correct parameters for a ldap identity store repository?
I used the 11G documentation for the security file :
http://download.oracle.com/docs/cd/E12839_01/core.1111/e10043/jpsprops.htm
thanksI am having exactly the same issue. Once I configure jps-config.xml file to use my custom authenticator and login into the worklist app, the following gets thrown. I was wondering if you need map some roles to the existing users in the Custom Authenticator.
Exception
exception.70692.type: error
exception.70692.severity: 2
exception.70692.name: Error while granting BPMOrganizationAdmin role to SOAOperator.
exception.70692.description: Error occured while granting the application role BPMOrganizationAdmin to application role SOAOperator.
exception.70692.fix: In the policy store, please add SOAOperator role as a member of BPMOrganizationAdmin role, if it is not already present. -
Issue with Bulk Load Post Process Scheduled Task
Hello,
I successfully loaded users in OIM using the bulk load utility. I also have LDAP sync ON. The documentation says to run the Bulk Load Post Process scheduled task to push the loaded users in OIM into LDAP.
This works if we run the Bulk Load Post Process Scheduled Task right away after the run the bulk load.
If some time had passed and we go back to run the Bulk Load Post Process Scheduled Task, some of the users loaded through the bulk load utility are not created in our LDAP system. This created an off-sync situation between OIM and our LDAP.
I tried to use the usr_key as a parameter to the Bulk Load Post Process Scheduled Task without success.
Is there a way to force the re-evaluation of these users so they would get created in LDAP?
Thanks
KhanhThe scheduled task carries out post-processing activities on the users imported through the bulk load utility.
Maybe you are looking for
-
Scaling video without dithering pixels
Hello, I've performed some screen capture that I've imported into my Premiere CS4 project. Occasionally I want to zoom in, but Premiere chooses to dither (or "smooth" or "interpolate") the image whenever it's scaled. I'd prefer it not to resample,
-
Graphics Distortion in Presenter 7 and Breeze
I am new to using Breeze, my company uses it. I noticed that the graphics in our .ppt presentations are blurry quite often when we publish the Breeze presentations. We usually insert .gif or .jpg graphics (usually screen shots of applications). I dec
-
Whats wrong with the Nokia update servers?
Ive been trying to update my 5800 with the latest software version using the updtaer built in on the phone. Im using my home wireless connection to do so, it happens that it either stops downloading on the middle or says server doesnt respond. any id
-
What references are required to access ..i
Hi Curt, I want to add that from the list of references I used in previous correspondence , NIDAQmxCAPI , IF i AM CORRECT IS RELEVANT.mAYBE THER'S ANOTHER ONE NOT ON THE LIST?Please let me know. yours jeff
-
How can I access from one program to anothe program through package If i get a simple example, it will be helpful for me.