Create AD account by adding a Role in oim 11g R2

Similar Messages

• Regarding Authorization policy and Roles in OIM 11g

  Hi,
  In OIM 11g Admin interface, is there a way to find out what all authorization polices, a role has been assigned to ?.
  I am asking this because, if you search for a user, you will know what all roles he is a member of, and similarly if you search for a role, you will know who all users are members of that role.
  Similarly, if you search for a Authorization policy, you will know what are roles are assigned to this policy. But if I search for a role, I am not able to find what all authorization policies has been assigned to this role.
  Looking forward to hearing from you,
  Many thanks in advance

  I understand your concern. But, this feature has not been available
  --nayan                                                                                                                                                                                   

• Adding a role thru oim API

  Hi Experts,
  I am getting role from object form and the user will be added to this role once the provisioning is completed to a resource.
  If I want to pass this role to child form and then trigger corresponding addroletask in schedule task using Oracle API, please let me know the process and steps that I have to take care. If you have any sample code just for my reference, plz post it here.

  Here is the Code which you can refer. Change it per your requirement
  process Key = ORC_KEY
  long formKey = formInstanceIntf
                                .getProcessFormDefinitionKey(processKey);
                      int formVersion = formInstanceIntf
                                .getProcessFormVersion(processKey);
                      tcResultSet childTable = formInstanceIntf
                                .getChildFormDefinition(formKey, formVersion);
                      long childDefKey = 0L;
                      for (int i = 0; i < childTable.getRowCount(); i++) {
                           childTable.goToRow(i);
                           if (childTable.getStringValue(
                                     "Structure Utility.Table Name").equalsIgnoreCase(
                                     "UD_ADSTDPRO")) {
                                childDefKey = childTable
                                          .getLongValue("Structure Utility.Child Tables.Child Key");
                                break;
                      tcResultSet childData = formInstanceIntf
                                .getProcessFormChildData(childDefKey, processKey);
  //if want to remove the value
  for (int j = 0; j < childData.getRowCount(); j++) {
                           childData.goToRow(j);
  long childPrimaryKey = childData
                                          .getLongValue("UD_ADSTDPRO_KEY");
  formInstanceIntf.removeProcessFormChildData(
                                          childDefKey, childPrimaryKey);
  //if want to add a value
  HashMap proxyMap = new HashMap();
  proxyMap.put("UD_ADSTDPRO_PROXY_ADDRESS", SAMPLE VALUE);
  formInstanceIntf.addProcessFormChildData(childDefKey,
                                          processKey, proxyMap);

• Reassign the task one of the user from part of Role in OIM 11g

  I was looking for any possibility here for one of the requirement.
  One Task is assigned to one user and while reassigning the task, I would like to see only those users are belong to one Particular Role.
  Currently I am able to see all the users present in OIM.
  Any idea/suggestion ?

  OIM allows searching of user on Organization Level only not at role level. We'll have to wait for next release.

• Adding Custom Tab in OIM 11g  Self Service Page

  Hi All,
  I have to add a custom tab in oim self service page and when i click on that tab it should show two tab like "Search Resource" and "User Info" and when i click on "Search Resource"
  it should show Resources list and when i click on User Info tab it should show the all the attribute of user.
  Please help me how i can do it.
  thanks,

  For OIM 11g R2, we don't have any composer and all. You need to understand the OIM UI then you need to proceed with Customization.
  Steps:
  http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/oim/oim_11g/customize_oim_ui_selfservice_tabs/customize_oim_ui_selfservice_tabs.htm
  Pointers: http://docs.oracle.com/cd/E23943_01/doc.1111/e14309/uicust.htm#BABIGCJA

• Is there a way to open an apple store account without adding card info?

  I want to have an apple store account for 2 reasons only.
  1. To download the art covers for my music
  2. So iTunes stops asking me every 30 seconds 'do I want an iTunes account'
  At the end of registering I realised that apple are asking for my card details. I can't seem to bypass this. Is there a way to create an account without adding my card details?
  If not and I have to add my card details in. Can i just check - I only pay something if i download a piece of music, movie, game etc. and there are no other charges?
  thanks jason

  Hi,
  You have to put a credit card. It is mandatory to verify in which country you're living and for Apple to validate in which Store your can buy music if you want to do so.
  But if you never buy music, your credit card won't be charge at all. Don't worry about this.
  You'll also be able to download the free song of the week, which is completly free each week. And for your cover art, it will not be a charge at all too.
  Hope this help.

• OIM 11g R2 - Creating a new role using API

  Hi,
  I am trying to create a new role in OIM 11g R2 using RoleManager API.The requirement is to provide "Role Owner" also while creating the role.May I know how to do that?.Thanks in advance.

                      HashMap <String, String> groupMap = new HashMap <String, String> ();
                      groupMap.put("Groups.Group Name", groupName);
                      groupMap.put("Groups.Role Description", "Just for testing");
                      long groupKey = -1L;
                      try {
                              groupKey = goi.createGroup(groupMap);
                              logger.info("RESULT: Group with group_key '" + groupKey
                                              + "' has been successfully created");
                      } catch (tcAPIException e) {
                              logger.info("Creating client...."+e);
                      } catch (tcDuplicateGroupException ex) {
                           return getGroupKey(goi, groupName);
                              //logger.info(""+ex.toString());
                      } catch (tcInvalidAttributeException er) {
                              logger.info(""+er.toString());
  I hope this really helps you,
  Thiago Leoncio.
  (Blog: thiagoleoncio)

• How to obtain Role name in OIM 11g using API's

  Hello,
  I have a scenario in which I create Role/Group in OIM 11g & it gets provisioned in AD [=works fine] & other part is when i delete role in OIM 11g then it should
  get deleted from AD.I have written postprocess event handler to achieve this.
  In role creation part i get all parameters using "orchestration.getParameters();" , but when i delete role then "orchestration.getParameters();" is empty,so i am
  not able to get role name.
  Is there a way to get role name while deleting roles using API ?
  Thanks,
  Rahul Shah

  Hi Raghav,
  Following is my code :
  tcRODetails = orgOpInterface.getObjects(organizationKey);
  for(int i = 0;i < tcRODetails.getRowCount();i++){
  tcRODetails.goToRow(i);
  // resourceName=AD Group
  if(resourceName.equalsIgnoreCase(tcRODetails.getStringValue("Objects.Name"))&&
  tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Provisioned")||
  tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Enabled")) {
  System.out.println("<<<FOUND>>>");
  processKey = tcRODetails.getLongValue("Process Instance.Key");
  provisionObjectKey = tcRODetails.getLongValue("Objects.Key");
  tcProcessSet = oimFormUtility.getProcessFormData(processKey);
  for(int j=0;j<tcProcessSet.getRowCount();j++){
  tcProcessSet.goToRow(j);
  if(grpName.equalsIgnoreCase(tcProcessSet.getStringValue("UD_ADGRP_NAME"))){
  System.out.println("MATCH FOUND!!!!!");
  orgOpInterface.removeObjectAllowed(organizationKey,provisionObjectKey);
  break;
  & i get following error :
  <Mar 22, 2012 1:54:43 PM IST> <Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcOrganizationOperationsBean/removeObjectAllowed encounter some problems: Object with key=7 is not already set as an allowed object for Organization with key=1>
  Thanks
  Rahul Shah

• OIM 11g support for Temporary roles with expiration date

  Dear All,
  Is there a support provided for temporary roles in OIM 11g?
  If not, what is the recommendation as for implementation?
  Kind regards
  Maria Adair

  I'm also interested if someone has any recommendation as for how to implement such a feature. Anyone has any ideas?

• Adding Picasa account: Android error - There was an error creating your account. Please try again.

  I successfully synced with gmail (contacts, mail, etc.), youtube, as well as some other services. I am unable to create the account that accesses Picasa. Each time I try, I enter the email and userid for my account, and I get the same error message "There was an error creating your account. Please try again". I verified that the username and password are correct by signing into Picasa Web directly. A number of other people are experiencing this problem, as can be seen here: http://www.google.com/support/forum/p/Picasa/thread?fid=446b5bd3493325ff0004ad7d643c968c&hl=en
  Does anyone know what to do to make this linkage work? I want to be able to use the integrated gallery to access my Picasa pictures.

  Oracle forums: current quality level...

• How Do I Create User Account with "limited admin rights"?

  Hello;
  I would like to give a handful of users the ability to login to the DCC and enable them to add/delete/modify users and or hosts only, I.e. People and/or hosts.
  Is there anyway to:
  1.  Make a user with this admin capability?
  2.  Segregate the containers they are able to modify?
  Thanks to all in advance.

  BobM53, That would be needed regardless of what front end my users log in with, in my case I was looking for them to access the DIT via the DSCC/DCC, which is not possible.  Regardless, thank you for your reply, it is reassuring to know I am headed in the right direction.
  I am now looking towards installing something else like Apache Directory Studio, or some other GUI for users to manage the directory. 
  I will most likely create one or more ACI's to build groups, adding members to those groups as needed; each group being allowed to perform functions such as create users, lockout users, add/modify hosts, etc.
  I will most likely follow the steps outlined in:
  Directory Server Groups, Roles, and CoS - 11g Release 1 (11.1.1.7.0)
  Slightly OT, does anyone have a suitable and similar proven method to "lockdown" root accounts, and who has root access?
  Thank you

• I am not able to access Firefox under one user account on my computer so I created another account. How can I transfer the bookmarks from the old account?

  I use windows Vista and I cannot open Firefox under one user account (I keep receiving the "firefox profile cannot be loaded . . ." error message) on my computer so I created another account. How can I transfer the bookmarks from the old account?

  NOTE: you can skip this 1st step.
  Step 1
  I'm on Win7 so the paths might be slightly different... C:\Users\(YOUR PC ACCOUNT)\AppData\Roaming\Mozilla\Firefox\Profiles\bnelgkol.default\bookmarkbackups ... Find the "bookmarks-[DATE].json" you want and copy it to the profile you want. You may want to change the date to a name you will recognize.
  Step 2
  Then on your browser "Bookmarks>Show All Bookmarks or Ctrl+Shift+B ". This will bring up the Bookmark Organizer, I think they call it Library now. From there click "Import & Back up>Restore" this will bring up a drop down with your back ups. If you followed step 1, find the json you added and select it. If you skipped step 1, from "Import & Back up>Restore" select "Choose File..." Then browser for the json you want to import. Which should be in a similar location as mentioned in step 1.
  NOTE: "AppData" is a hidden folder, will have to set show hidden folders to be able to see it.

• How can i review my account without adding a credit card number?

  how can i review my account without adding a credit card number?

  - Try redeeming an iTunes gift card.
  - Contact iTunes by:
  Contact iTunes
  - Create a NEW account/ID for her using these instructions. Make sure you follow the instructions. Many do not and if you do not you will not get the None option. You must use an email address that you have not used with Apple before. Make sure you specify a birthdate that results in being at least 13 years old
    Creating an iTunes Store, App Store, iBookstore, and Mac App Store account without a credit card
  More details of how:
  http://ipadhelp.com/ipad-help-tips-tricks/how-to-get-free-apps-from-the-app-stor e-without-a-credit-card/

• Error creating a role from the process task adapter - OIM 11g R2 PS1

  I have a requirement to create an OIM role dynamically when a resource account is created. Also once the role is created, I need to assign that role to the user dynamically. Following code works perfectly fine if I replace the Platform with OIMClient and run it remotely. It fails when I run it from OIM:
  Exception:
  An exception occurred while performing the operation.
  java.lang.NullPointerException
  at oracle.iam.request.impl.RequestEngine.startOrchestrationFromPreProcess(RequestEngine.java:5516)
  at oracle.iam.request.impl.RequestEngine.triggerOperation(RequestEngine.java:5439)
  at oracle.iam.request.impl.RequestEngine.doOperation(RequestEngine.java:5154)
  at oracle.iam.impl.OIMServiceImpl.doOperation(OIMServiceImpl.java:43)
  at sun.reflect.GeneratedMethodAccessor6238.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:601)
  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at com.sun.proxy.$Proxy943.doOperation(Unknown Source)
  public static User searchUserByLogin(String login) {
          List<User> users = null;
          Set<String> retAttrs = new HashSet<String>();
          retAttrs.add(UserManagerConstants.AttributeName.USER_KEY.getId());
          SearchCriteria criteria;
          criteria = new SearchCriteria(UserManagerConstants.AttributeName.USER_LOGIN.getId(), login, SearchCriteria.Operator.EQUAL);
          try {
              UserManager userManager = Platform.getService(UserManager.class);
            users = userManager.search(criteria, retAttrs, null);
          } catch (AccessDeniedException ade) {
              // handle exception
          } catch (UserSearchException use) {
              // handle exception
          if (users.size() > 0) {
              return users.get(0);
          } else {
              return null;
      public static boolean grantRole(String usrLogin, String roleKey) throws oracle.iam.platform.authz.exception.AccessDeniedException, UserMembershipException, ValidationFailedException, RoleGrantException {
          RoleManager roleMgr = (RoleManager) Platform.getService(RoleManager.class);      
          adpLogger.debug("Entering grantRole(1): User - " + usrLogin + " Role - " + roleKey);
          Set userKeys = new HashSet();
          User user = searchUserByLogin(usrLogin);
          userKeys.add(user.getEntityId());
          if (!roleMgr.isRoleGranted(roleKey, user.getEntityId(), false)) {
              RoleManagerResult result = roleMgr.grantRole(roleKey, userKeys);
              adpLogger.debug("Role granted " + result.getStatus());
          } else {
              adpLogger.debug("Role is already granted");
          return true;
      public static String createOrUpdateRole(String usrLogin, String roleName) throws oracle.iam.platform.authz.exception.AccessDeniedException, RoleSearchException, ValidationFailedException, RoleAlreadyExistsException, RoleCreateException, RoleGrantException, UserMembershipException {
          adpLogger.debug("Entering createOrUpdateRole(1) Role " + roleName);
          RoleManager roleMgr = (RoleManager) Platform.getService(RoleManager.class);
          SearchCriteria criteria;
          criteria = new SearchCriteria(RoleManagerConstants.ROLE_NAME, roleName, SearchCriteria.Operator.EQUAL);
          Set<String> ret = new HashSet<String>();
          User user = searchUserByLogin(usrLogin);
          List<Role> roles = new ArrayList<Role>();
          roles = roleMgr.search(criteria, ret, null);
          String grpKey = "";
          if (roles.size() > 0) {
              adpLogger.debug("Role already exists. Role ID " + roles.get(0).getEntityId());
              grpKey = roles.get(0).getEntityId();
          } else {
              Role role = new Role(new HashMap());
              role.setName(roleName);
              RoleManagerResult result = roleMgr.create(role);
              adpLogger.debug("Role created with ID " + result.getEntityId());
              grpKey = result.getEntityId();
          return grpKey;
  It fails at             RoleManagerResult result = roleMgr.create(role); line in createOrUpdateRole() method.
  Has anyone ever run into this kind of issue?
  Thanks

  Can you please try after making organization for a particular role and user are same ?
  For new role creation publish the particular group to organization.
  Regards
  Shashank k

• How can someone create an account/register on my website?

  Hello!
  I'm somewhat new to Muse so I apologize if this question has already been asked.
  I wanted to create a link where someone can register/create an account on my page so that they will have the ability to have their own personal page when they log in. I would prefer to offer the option where they can either enter their own information, or login with facebook.
  How can I do this in Muse?

  To follow up on the Login behavior; it was done using Authpro.  The client did not want to change hosting just for this element.  I would like to see it added to Muse on a future release.  For most sites I continue to develop in DW, but find Muse quite handy for designing workable comps.  If Muse had a more robust selection of behaviors like non-BC client-side editing, login or non-BC contact forms I would be tempted to keep the Muse sites for more than comp use.  Heck, that would save time and increase revenue.  Of course nothing would be better than a clean roundtrip or export to DWCC. 
  Cheers,
  Jeffery