Converting imported CUCM users to LDAP synch

We have an existing Unity 8.x implementation that was importing users from CUCM. We want to enable LDAP authentication for those users. Is is possible to "convert" a CUCM-imported user into an LDAP-synched user without dropping and recreating them? I noticed that a BAT export shows the LdapCcmUserId and CorporatePhoneNumber field end up being populated for LDAP imported users. I haven't tried running a BAT update against these fields to see if it'll push them over to LDAP synch vs. CUCM manual synch.
Has anyone done a migration like this before?

Most of my deployments have been LDAP-enabled so I've not tried this but here is the related documentation on how to deal with it:
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/user_mac/guide/8xcucmac105.pdf
You have to use BAT...look for the following section:
To change the LDAP integration status of Connection users who were created by importing from Cisco Unified Communications Manager, see the “Integrating Existing Connection User Accounts with LDAP User Accounts Using Bulk Administration Tool (Cisco Unity Connection 8.5 and Later Only)” section on page 12-6.
Hailey
Please rate helpful posts!

Similar Messages

Can CWMS import Local CUCM users without LDAP

Hello,
CWMS documentation states that CWMS integrates with LDAP via CUCM LDAP integration. My question is if the CUCM is not AD integrated will the CWMS be able to import local CUCM directory users via AXL?
Thanks
Aamir

Hello Aamir,
the "Directory Integretion" from CWMS is based on an integretion to the CUCM user data base.
So have to pull the data from the CUCM.
Just go to:
Users --> directory Integration
Directory integration can be performed in four steps:
Add CUCM server.
Synchronize now and set up a synchronization schedule.
Enable LDAP authentication.
Notify your users.
Hope that helps
Best regards
Ben

Error: "LDAP Synch status is enabled. Cannot add users through BAT."

In 10.x it looks like Cisco has disallowed user imports (via BAT) into LDAP-integrated systems. Has anyone else run into this? Below is the error I'm receiving in the Job Status log file. The error implies that "it's a feature, not a bug". How are large companies supposed to import new phones/users when they open new branches or do a phone refresh? Breaking LDAP to do the import isn't a option because you have to blow away your LDAP directory config to do so - not to mention people wouldn't be able to log into Jabber or their user pages while it was broken. I'm hoping someone has a workaround or has already spoken with TAC about this.
Failure Details :
Device Name/User ID Error Code Error Description
LDAP Synch status is enabled. Cannot add users through BAT.
Result Summary :
INSERT for 0 PHONES passed.
INSERT for 5 PHONES failed.
INSERT for 0 USERS passed.
INSERT for 5 USERS failed.

So if a company has a large CUCM deployment and adds another branch (let's say 100 phones/users), I would have to go user by user and do the phone associations, profile associations, primary extensions, etc 100 times?
Is there a better way that I'm missing? That just doesn't seem logical. In previous versions (I'm not sure about 6.x in the link. I started with 7.x) I could have sworn that I could import from BAT even if LDAP was integrated. I would get an error and only the non-LDAP fields would get changed, but the changes, associations, etc. would still go through.

Unity Connection 8.5 not import CUCM end users after reinstall

I needed to reinstall a Unity Connection 8.5 server (server crash due to power failure).
After the reinstallation and reconfiguration of the CUC, the same does not synchronize and / or import users from CUCM (version 8.5).
The CUCM is integrated with LDAP.
The version of servers are:
- CUC = version 8.5.1ES16.11900-16
- CUCM = version 8.5.1.11900-21
Before CUC crash, I could import users usually.
The test in AXL servers in CUC is normal: (Test message successfully sent to AXL server 172.16.21.11:443).
Any sugestions?
Regards,
Ronaldo Gama

Hi Ronaldo,
This is because the CUCM actually holds a database where all of these users are still tagged as being imported into UC already. You'll have to get fancy with some SQL queries, you can try these, but do it at your own risk.
Open SSH to the CUCM
1) For each user, find the mapping row:
          run sql select pkid from enduserappservermap where fkenduser in (select pkid from enduser where userid = 'my_user_alias') and fkappserver in (select pkid from appserver where ipaddr = 'my_connection_server_ip')
In the query above, replace my_user_alias with the alias of the end user and replace my_connection_server_ip with the IP address of the Connection server (or whatever the old Connection server IP address may have been if you changed it after the rebuild).
2) Delete the mapping row:
You should only get back one row. Delete it. Replace my_pkid with the actual pkid that you got back:
          run sql delete from enduserappservermap where pkid = 'my_pkid'
Try to import that user again via AXL. That's the user by user way of doing it if you don't have too many, but if you're confident they all can be deleted at once you can do the following:
1. Find all of the users mapped
           run sql select * from enduserappservermap
2. The users should all have matching value in the "fkappserver" object ID column if they were mapped to the same pre-existing Connection server. Once you've confirmed the "fkappserver" object ID of the old UC server, issue the bulk delete command, this is irreversible!
          run sql delete from enduserappservermap where fkappserver = 'fkappserver_for_old_UC'
Hope that helps,
Brad

The proble of import user by LDAP in BI Administrator tool

I can conn Ldap, but when I try to import user in the BI Administrator took, the error pop up "Not supported for Active services".
anyone knows this .

Hi
Yes, it is possible against AD - we've done it successfully.
There are a few links out there that's applicable:
http://oraclebizint.wordpress.com/2007/10/10/oracle-bi-ee-101332-using-ldapoid-authentication/
Some of the snags we ran into (might be different in your case):
- If LDAP version 3 doesn't work, try 2.
- Our User attribute is sAMAccountName
You might also get a sizelimit error when trying to import users. Look at my previous post on this at Re: LDAP Authenticationj with OBIEE
Note:
Why you need to import users in your admin tool -- what purpose your importing user in your rpd?
If it is for authentication purpose - no need to import users in your rpd.
Once you have set up your LDAP details on the rpd, do not import the users.
OBI will connect to the LDAP server and complete the authentication piece.
Now to authorize, you would need an external table. Here are instruction on how to set up that:
http://www.rittmanmead.com/2007/05/21/using-initialization-blocks-with-ldap-and-database-queries-to-control-authentication-and-authorization/
2.
In addition to the LDAP authentication you need to populate the GROUP variable (also shown in above link). This is where the relationship between users and groups is loaded. This normally requires the USERS=>GROUPS relationship to be in an external table although there are other ways to do it from LDAP such as in [this example|http://oraclebizint.wordpress.com/2007/10/12/oracle-bi-ee-101332-and-oid-user-and-group-phase-2/].
Refer the below links :
You can two ways we can implement authentication.
http://oraclebizint.wordpress.com/2007/10/10/oracle-bi-ee-101332-using-ldapoid-authentication/
http://oraclebizint.wordpress.com/2007/10/12/oracle-bi-ee-101332-and-oid-user-and-group-phase-2/
Hope it help's
Thanks,
Satya

Importing users from LDAP source

Importing users from LDAP source, "first name"/"last name" are not imported.
Is there a way to get those from LDAP source?

Not currently. This is something we expect in a release late this year/early next as we introduce additional LDAP support enhancements.
Jason
>>> ZGajsak<[email protected]> 8/29/2012 3:16 PM >>>
Importing users from LDAP source, "first name"/"last name" are not
imported.
Is there a way to get those from LDAP source?
ZGajsak
ZGajsak's Profile: http://forums.novell.com/member.php?userid=14389
View this thread: http://forums.novell.com/showthread.php?t=459442

LDIF Importing a user with a non-encrypted password fails, anywork arounds?

I was able to import a group without issue:
dn: cn=Authenticated,cn=Groups,dc=oraclelinux,dc=com
description: test group
objectClass: top
objectClass: groupOfUniqueNames
uniqueMember: cn=orcladmin,cn=People,dc=oraclelinux,dc=com
cn: Authenticated
But when I try to import a standard user:
dn: cn=testuser2,cn=Users, dc=oraclelinux, dc=com
userpassword:: password1
description: test user
objectClass: top
objectClass: person
sn: testuser2
cn: testuser2
It fails if I remove the password field then I can import the user without issue, but I need to include the password field as it is part of what was exported from the old LDAP Server.
If I create a user in an ldif import it then add a password using oracle's Directory Manager upon exporting it the entry loks like:
dn: cn=testuser, cn=Users, dc=oraclelinux, dc=com
authpassword;orclcommonpwd: {MD5}fGoYCzaJagqMAnh+6vsOTA==
authpassword;orclcommonpwd: {X- ORCLLMV}E52CAC67419A9A2238F10713B629B565
authpassword;orclcommonpwd: {X- ORCLNTV}5835048CE94AD0564E29A924A03510EF
authpassword;oid: {SASL/MD5}tUquh+Duowh2aWSEwONtcQ==
authpassword;oid: {SASL/MD5-DN}lcQ7Z5O5vcwzXMeaZ65fYw==
authpassword;oid: {SASL/MD5-U}AAWzkmDDCJLbs9mxoWBTiw==
userpassword:: e1NIQX00NHJTRkpROXF0SFdUQkF2cnNLZDVLL3AyajA9
description: test user
objectclass: top
objectclass: person
sn: testuser
cn: testuser
Changing my imported ldif to look like the following WORKS:
dn: cn=testuser2,cn=Users, dc=oraclelinux, dc=com
userpassword:: e1NIQX00NHJTRkpROXF0SFdUQkF2cnNLZDVLL3AyajA9
description: test user
objectClass: top
objectClass: person
sn: testuser2
cn: testuser2
So the password must be encrypted then?, if so how to I generate a password hash on the command-line and through JAVA?
Can an import be forced with a plain text password (Tivoli, SUN both support this functionality).
Can I change the constraint that the password must contain a numeric char? (Found in document: http://download-uk.oracle.com/docs/cd/B28196_01/idmanage.1014/b15991/pwdpolicies.htm#g1051713)
After fixing the constaints I can import a non-encrypted password from an ldif, but it can not be verified and only the authpassword;oid entries are created not the authpassword;orclcommonpwd entries.
Thanks for your assistance,
ERIC GANDT

Eric, my first guess would be that the OID password policy prevents loading of the password i.e. the password doesn't match the existing password policy.
What version is your "old" OID and what is the version of the current OID you're using?
What is the error msg you get?
regards,
--Olaf

OIM 11g R1 LDAP Synch with OID.

Hi,
We are doing an LDAP Synch with OID directly. The users from various organisations in OIM needs to be synched to different OU's in OID, instead of a single container. How do we acheive this? would it be easy if we involve OVD also?

Here is some sample code configuration which may give you a start - hope it helps.
Sample code that can be called in a pre-process event handler to copy the users organinisation to the LDAP Organization Unit
HashMap<String, Serializable> parameters = orchestration.getParameters();
Serializable param = parameters.get("act_key");
String act_key = null;
if (param instanceof ContextAware) {
act_key = ((ContextAware) param).getObjectValue().toString();
} else {
act_key = param.toString();
if (act_key != null) {
OrganizationManager orgMgr = Platform.getService(OrganizationManager.class);
Set<String> retAttrs = new HashSet<String>();
retAttrs.add("Organization Name");
Organization org = null;
try {
org = orgMgr.getDetails(act_key, retAttrs, false);
} catch (OrganizationManagerException e) {
} catch (AccessDeniedException e) {
String orgName = (String) org.getAttribute("Organization Name");
orchestration.addParameter("LDAP Organization Unit", orgName);
Sample container mapping rule
<rule>
<expression>LDAP Organization Unit=Test Organization</expression>
<container>ou=Test Organization,ou=users,o=org</container>
<description>Add user to the Test Organization OU in LDAP if their OU is set to Test Organization</description>
</rule>
Sample change in /db/LDAPUser



<reconAttr>
<oimFormDescriptiveName>act_key</oimFormDescriptiveName>
<reconFieldName xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">Organization Name</reconFieldName>
<reconColName>RECON_ACT_KEY</reconColName>
<emDataType>number</emDataType>
<formFieldType/>
<targetattr keyfield="false" encrypted="false" required="false" type="String" name="act_key"/>
</reconAttr>
<reconAttr>
<oimFormDescriptiveName>act_key</oimFormDescriptiveName>
<reconFieldName xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">ou</reconFieldName>
<reconColName>RECON_ACT_KEY</reconColName>
<emDataType>number</emDataType>
<formFieldType/>
<targetattr keyfield="false" encrypted="false" required="false" type="String" name="act_key"/>
</reconAttr>

Help required in OIM-OID LDap Synch and GTC flat file connector

Hi Experts,
I am using OIM 11.1.1.5 with OID LDap Synch enabled. I have OIM protected with OAM 11.1.1.5.0 and almost all normal things are working.
Once I am doing TRUSTED FLAT FILE GTC recon to OIM, the users are getting created in OIM without any password and due to that my users are not getting created in OID(Ldap Synch is enabled);
The following exception is getting thrown:
<Nov 13, 2011 9:48:21 AM CET> <Warning> <XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT> <BEA-000000> <FILE SUCCESSFULLY ARCHIVED : /home/oracle/OAM_ProtoTyping/TestCSV/Scheduled.csv>
<Nov 13, 2011 9:48:21 AM CET> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
<Nov 13, 2011 9:48:22 AM CET> <Error> <oracle.iam.ldapsync.impl.eventhandlers.user> <IAM-3010021> <An error occurred while creating the user in LDAP.
oracle.iam.platform.entitymgr.MissingRequiredAttributeException: [usr_password]
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.checkRequired(EntityManagerImpl.java:1450)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:263)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPPostProcessHandler.createUser(UserCreateLDAPPostProcessHandler.java:261)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPHandler.execute(UserCreateLDAPHandler.java:123)
at oracle.iam.platform.kernel.impl.OrchProcessData.runPostProcessEvents(OrchProcessData.java:1166)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:710)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:675)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:705)
at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
at sun.reflect.GeneratedMethodAccessor1821.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy335.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:380)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3822)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
Has any body faced similar kind of issue.
I tried to use post process event handler on create but while updating password its saying the user state is not in synch with OID.
So I am unable to use post process event handlers as well.
Regards,
J

Thanks Sunny,
But the post process event handler with reset/update password is not working on CREATE;
the following error message is being thrown:
oracle.iam.platform.kernel.EventFailedException: Password reset failed because user JSMITH151 is not synchronized to the LDAP directory.
at oracle.iam.ldapsync.impl.eventhandlers.user.util.LDAPUserHandlerUtil.resetPassword(LDAPUserHandlerUtil.java:203)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserResetPasswordLDAPHandler.execute(UserResetPasswordLDAPHandler.java:167)
at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:898)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:634)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:665)
In 11.1.1.3 OIM, I found the password was available for mapping in GTC connector, but in OIM 11.1.1.5, oracle has removed the password mapping attribute.
Can you please suggest?
I checked with Oracle Support, They are saying in OIM 11.1.1.5 they have introduced a new post process event handler which should generate the password on every trusted reconcilication event.
But in my environment its not behaving like that.
Regards,
J

Exporting and Importing Portal users from Source system to Target system

Hi All,
I have exported all portal users from source portal in to file Users.txt do i need to convert this file in to some other format so that i can import these users in Target portal.
any links documents
Regards,
Murali

Hi,
If you look in to User.txt
I have role also i have deleted role in User.txt uploded file with rest of the otherdata including group it it able to create users.
so in Nut shell let's say
1. UID-Murali
Role- Manager
Group- HRGroup
user existing in DEV and i want to trnasfer data to PRD
Role:Manger should exist in PRD, and group is not mandatory optional
but the link http://help.sap.com/saphelp_nw70/helpdata/EN/ae/7cdf3dffadd95ee10000000a114084/frameset.htm
says while uploading users role is optional it throws waring but i got error.
i am bit confused.
Now let's sau there are 10 users, 10 roles and 2 groups in source system if i want to export all users,roles,groups to target system what sequnce i have to follow without getting any error , warining is there any restriction on number of users, roles, groups i know file size should be less than 1MB.
Points are on the way.
Regards,
Murali

Ldap Synch Error in attribute conversion operation Issue in OIM 11g R2 PS1

Hi All,
We have enabled LDAP Synch in OIM11g R2 PS1 environment. We have requirement of users getting created through Web Services. When we create a user through Webservices, and provide all the attributes required to create user then we are getting LDAP Error in attribute conversion operation:
2014-01-03T02:31:52.249-05:00] [oim_server1] [WARNING] [] [oracle.adf.controller.faces.lifecycle.Utils] [tid: [ACTIVE].ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 1353004b0df87234:-67081615:143517a89d1:-8000-0000000000002807,0] [APP: oracle.iam.console.identity.self-service.ear#V2.0] ADF: Adding the following JSF error message: IAM-2050243 : Orchestration process with id 9864, failed with error message IAM-3010201 : LDAP create event failed : 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1.[[
oracle.iam.ui.platform.exception.OIMRuntimeException: IAM-2050243 : Orchestration process with id 9864, failed with error message IAM-3010201 : LDAP create event failed : 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1.
at oracle.iam.ui.platform.exception.OIMErrorHandler.reportServiceException(OIMErrorHandler.java:170)
at oracle.iam.ui.platform.exception.OIMErrorHandler.reportException(OIMErrorHandler.java:65)
at oracle.adf.model.binding.DCDataControl.reportException(DCDataControl.java:411)
at oracle.adf.model.binding.DCBindingContainer.reportException(DCBindingContainer.java:416)
at oracle.adf.model.binding.DCBindingContainer.reportException(DCBindingContainer.java:471)
at oracle.adf.model.binding.DCControlBinding.reportException(DCControlBinding.java:201)
at oracle.jbo.uicli.binding.JUCtrlActionBinding.reportException(JUCtrlActionBinding.java:2016)
at oracle.jbo.uicli.binding.JUCtrlActionBinding.doIt(JUCtrlActionBinding.java:1660)
at oracle.adf.model.binding.DCDataControl.invokeOperation(DCDataControl.java:2150)
at oracle.jbo.uicli.binding.JUCtrlActionBinding.invoke(JUCtrlActionBinding.java:740)
at oracle.adf.controller.v2.lifecycle.PageLifecycleImpl.executeEvent(PageLifecycleImpl.java:402)
at oracle.adfinternal.view.faces.model.binding.FacesCtrlActionBinding._execute(FacesCtrlActionBinding.java:252)
at oracle.adfinternal.view.faces.model.binding.FacesCtrlActionBinding.execute(FacesCtrlActionBinding.java:210)
at oracle.iam.ui.platform.utils.FacesUtils.executeOperationBinding(FacesUtils.java:165)
at oracle.iam.ui.platform.utils.FacesUtils.executeOperationBindingFromActionListener(FacesUtils.java:112)
at oracle.iam.ui.catalog.view.backing.CartReqBean.submitActionListener(CartReqBean.java:848)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sun.el.parser.AstValue.invoke(AstValue.java:187)
at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:297)
at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53)
at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1256)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183)
at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:1018)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:386)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:194)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.view.page.editor.webapp.WebCenterComposerFilter.doFilter(WebCenterComposerFilter.java:117)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.ui.platform.servletfilter.IdentityContextFilter.doFilter(IdentityContextFilter.java:50)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.servletfilter.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:164)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.bpel.services.workflow.client.worklist.util.WorkflowFilter.doFilter(WorkflowFilter.java:248)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.bpel.services.workflow.client.worklist.util.DisableUrlSessionFilter.doFilter(DisableUrlSessionFilter.java:70)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:179)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
In this case user is getting created in OIM but LDAP Synch is not happening we are getting the error as mentioned above.
When we create user in OIM not through Web Serives but through Identity Self Service and provide any date attribute for example Start Date,Provisoning Date, Deprovisoning Date or any other date attribute, then also we are geeting the same error of Error in attribute conversion operation Issue, in this case user is not getting created in OIM and LDAP Synch is not happening.
And when we create a user in OIM not through Web Serives but through Identity Self Service and did not give any of the date attribute then user is getting created and LDAP synch is also happening successfully.
We need to create users through Web Services and we need to resolve this issue asap, request you all to provide any helpful pointer on this.
Thanks
Varsha

This can happen due to OIM-LDAP wrong attribute mapping/value getting passed.
Can you please first try with OOTB attributes and see how it behaves?
J

Export and Import of Users with ABAP datasource to target standalone EP.

Hi Friends,
My customer is having
Source System:BS2
ABAP+ JAVA --- usage type : BW, EP
datasource -- ABAP
now, they need datasource as LDAP
so i have suggested as attached SOW
1.Install New Instance BS3 with JAVA,EP,EP Core
2.Patching BS3 to SP15 level
3.Import PCD from BS2 to BS3
4.Configure SSO between BS2 and BS3
5.Configure Data source to LDAP
6.Testing the Configurations
7. Uninstall JAVA DATABASE from BS2
Target System:
Standalone JAVA-- only EP
datasource -- LDAP configured
I have completed all steps successfully from 1 to 5
In source system, 45 users are there with ABAP datasource and ABAP roles... Now how can i import those users with ABAP roles into target System ( Standalone EP)
Any Usermapping is required to configure.
Please suggest me to workaround on this.
Regards,
Venkat.

You have to do this manually. In theory you can make a specially formatted text file to create the users and assign their portal groups, but it is quicker to just add them using the useradmin tool. If you export a user from the Java useradmin tool you can see the format of the text file. I ahve written an ABAP in the past to do the text file creation, but I can't find it now

Batch Import of User Parameters

Hello,
I've got situation as follows:
- UME J2EE datasource is corporate LDAP,
- users are available in J2EE ume.
I need to load initial information about portal roles assigned to users and mapping info to backend systems.
Is it allowed via Batch Import utility of J2EE UME? Is it possible to 'overwrite originals' when user come from LDAP, instead UME db?
regards,
Mry

Hi,
I tried procedure proposed by you, and it seems that NW04s SP09 has issues...
What I did was (all done using Admins account):
1. created group in ume database (users come from ldap), and then assigned role to group,
2. assigned this group permission (read / enduser) to particular PCD folder,
3. prepared flat file for batch import utility
[Group]
gid=group_name
user=user1;user2
4. started the batch import utility
5. procedure went well
Complete Import Record
user=[user1, user2]
gid=group_name
status=UPDATED
6. afterwards, no assignement between group and user is visible in ume
7. in defaulttrace.log i can find the exception
Undefined User Attribute debugParameters; return empty string
[EXCEPTION]
java.lang.NoSuchMethodException: com.sapportals.portal.prt.service.authenticationservice.AuthenticationService$UserContextWrapper.getdebugParameters() at java.lang.Class.getMethod(Class.java:986) at com.sapportals.portal.appintegrator.template_processor.context.UserWrapper.getTerminal(UserWrapper.java:95) at com.sapportals.portal.appintegrator.template_processor.TemplateProcessor.processWholeTagExpression(TemplateProcessor.java:152) at com.sapportals.portal.appintegrator.template_processor.compiler.ProcessWholeTagExpressionAction.execute(ProcessWholeTagExpressionAction.java:16) at com.sapportals.portal.appintegrator.template_processor.compiler.ProcessTemplateAction.execute(ProcessTemplateAction.java:39) at com.sapportals.portal.appintegrator.template_processor.TemplateProcessor.processImpl(TemplateProcessor.java:399) at com.sapportals.portal.appintegrator.template_processor.TemplateProcessor.process(TemplateProcessor.java:373) at com.sapportals.portal.appintegrator.template_processor.TemplateProcessor.process(TemplateProcessor.java:385) at com.sapportals.portal.appintegrator.template_processor.TemplateProcessorService.processTemplate(TemplateProcessorService.java:53) at com.sapportals.portal.appintegrator.template_processor.TemplateProcessorService.processTemplate(TemplateProcessorService.java:104) at com.sapportals.portal.appintegrator.layer.AbstractIntegrationLayer.processTemplate(AbstractIntegrationLayer.java:439) at com.sapportals.portal.appintegrator.layer.URLTemplateProcessLayer.processLayer(URLTemplateProcessLayer.java:33) at com.sapportals.portal.appintegrator.LayerProcessor.processActionPass(LayerProcessor.java:159) at com.sapportals.portal.appintegrator.AbstractIntegratorComponent.doActionPass(AbstractIntegratorComponent.java:67) at com.sapportals.portal.appintegrator.AbstractIntegratorComponent.doOnPOMReady(AbstractIntegratorComponent.java:53) at com.sapportals.portal.prt.component.AbstractPortalComponent.handleEvent(AbstractPortalComponent.java:396) at com.sapportals.portal.prt.pom.ComponentNode.handleEvent(ComponentNode.java:252) at com.sapportals.portal.prt.pom.PortalNode.fireEventOnNode(PortalNode.java:369) at com.sapportals.portal.prt.pom.PortalNode.processEventQueue(PortalNode.java:800) at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:652) at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240) at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522) at java.security.AccessController.doPrivileged(Native Method) at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325) at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887) at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241) at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92) at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148) at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33) at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41) at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37) at java.security.AccessController.doPrivileged(Native Method) at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100) at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Is this assignement done, or not? Has anyone had this issue?
regards,
Mry

Can we import a user list (CSV) into GW to create accounts?

We are needing to add a few hundred new user accounts into GroupWise 2012. Can this be done by importing a user list in the form of a .CSV file or something similar?
Anything would be better than single account creation. Do we need to create a template?
Thanks for any help.

As far as getting the accounts created in edirectory, you typically use an ldap import with an LDIF file, when i've had to bulk create accoutns in edir I normally use a spreadsheet with the accoutn details and a word doc then do a merge to create the required ldif file
however if you already have the accoutns in edirectory, just select your post office object and add the accounts that way and it will create them all for you

2004s - Users in LDAP,

I have modified the UME xml file, and am now pulling my users from our (readonly) ldap server(s). The users apppear to be successfully imported - I can login with a UME DB user, and search for users that exist only in LDAP. I can also login with an LDAP user, but they don't have any roles assigned to them.
When I try to assign a role to an LDAP user, I get an error:
"You need to enter a valid value to proceed with the requested action"
And it has marked in the details of the user the "Logon ID" as a required field. It isn't possible for me to edit this field (I assume because it is stored in the readonly LDAP database). Note that the logonalias field is correctly populated with the LDAP username
Does anyone know how I can assign roles to LDAP users? The roles should be held in the portal DB, as the LDAP database is readonly.
Have I missed a setting that tells the roles to be stored in the database, or is there something else that I'm missing?
Thanks in advance for any assistance.
Regards
Richard

I come from a Windows background. The "proper" way is for users into local groups, local into global groups, global gets the rights.
It is the same with any LDAP system. It's that way for good house keeping and it keeps users in a uniform way. Yes, you can assign a user directly to a role. But, in a production environment where users are coming and going and transferring in and out, it can get messy.
If your setup is to have your users in LDAP, make groups in you LDAP that correspond to your roles in the portal. Assign the roles to the groups in the UME then the users will have the rights.
Until I made myself do things that way... well I got burned a few times.

Converting imported CUCM users to LDAP synch

Similar Messages

Maybe you are looking for