Create user from trsuted recon fails in oim 11g

Similar Messages

• Reassign the task one of the user from part of Role in OIM 11g

  I was looking for any possibility here for one of the requirement.
  One Task is assigned to one user and while reassigning the task, I would like to see only those users are belong to one Particular Role.
  Currently I am able to see all the users present in OIM.
  Any idea/suggestion ?

  OIM allows searching of user on Organization Level only not at role level. We'll have to wait for next release.

• Error has come while creating USER from SU01

  Dear Expert,
  I have got typical error while creating user from T-Code SU01.
  Problem is like that : I suppose to  use SU01 and "User Maintanace: Initial Screen
  has come. Now I put the new user name like ABAP2008 or FI2008 (what ever the name thats hardly matter) and click on CREAT button then next screen Maintain User has been appeared.In this screen Address TAB is on and asking for fillup all the required user information.So I have been made all information like :First name /Last name /Tele ph/Fax / email etc etc. After complete this tab when I clicked on next tab is called "LOGON DATA, it has been given a error "Specify a valid country indicator
  Message no. T5027" . Even thogh I didn't able to go to next screen LOGON DATA.Because of these problem I doesn't able to creat a user.
  SAP : IDES version ECC 6
  DB:SQL2005
  OS: Windows 2003 server
  Please do the needfull
  Thanks & Regards
  Pavel

  Hey Pavel,
  Are you using ECC with ISU.. ? I am not sure but I feel your issue can be solved with information provided in SAPnote,
  Note 1046566 - EC70: address-independent telephone number no country.
  The system does not transfer any country from the master data template with the address-independent telephone number.  The system issues the warning message T5027 "Specify a valid country indicator".
  All the best !

• Password Violation error while creating users from Admin interface

  Guys,
  The Sun Identity Manager system throws policy violation error while creating users from Sun Identity Manager Admin interface.
  Current System:
  1. I have configured TAM Pass-Thru authentication for End User Login Application.
  2. I have an admin user 'testsjimadmin1' who has admin capabilities. testsjimadmin1 user has default SJIM password policy.
  3. I have custom password policies configured for different orgainizatoions
  Problem:
  1. The Sun Identity Manager throws a password policy violation error when 'testsjimadmin1' tries to create an user with valid or invalid password from Sun Identity Manager Admin interface.
  2. If TAM Pass-thru authentication is removed for 'End User Login Application' and Sun Identity Manager default authentication is configured for 'End User Login Application' then testsjimadmin1 was able to create user successfully without any errors.
  Please let me know if any configurations are required to be made on Sun Identity Manager for TAM Pass-Thru authentication so that admin users can create users successfully from admin interface.
  Appreciate your help!!!
  Thanks
  Vijay

  Guys,
  The Sun Identity Manager system throws policy violation error while creating users from Sun Identity Manager Admin interface.
  Current System:
  1. I have configured TAM Pass-Thru authentication for End User Login Application.
  2. I have an admin user 'testsjimadmin1' who has admin capabilities. testsjimadmin1 user has default SJIM password policy.
  3. I have custom password policies configured for different orgainizatoions
  Problem:
  1. The Sun Identity Manager throws a password policy violation error when 'testsjimadmin1' tries to create an user with valid or invalid password from Sun Identity Manager Admin interface.
  2. If TAM Pass-thru authentication is removed for 'End User Login Application' and Sun Identity Manager default authentication is configured for 'End User Login Application' then testsjimadmin1 was able to create user successfully without any errors.
  Please let me know if any configurations are required to be made on Sun Identity Manager for TAM Pass-Thru authentication so that admin users can create users successfully from admin interface.
  Appreciate your help!!!
  Thanks
  Vijay

• Bulk Create Users from CSV: Error: "Put": "There is no such object on the server."?

  Hi,
  I'm using the below PowerShell script, by @hicannl which I found on the MS site, for bulk creating users from a CSV file.
  I've had to edit it a bit, adding some additional user fields, and removing others, and changing the sAMAccount name from first initial + lastname, to firstname.lastname. However now when I run it, I get an error saying:
  "[ERROR]     Oops, something went wrong: The following exception occurred while retrieving member "Put": "There is no such object on the server."
  The account is created in the default OU, with the correct firstname.lastname format, but then it seems to error at setting the "Set an ExtensionAttribute" section. However I can't see why!
  Any help would be appreciated!
  # ERROR REPORTING ALL
  Set-StrictMode -Version latest
  # LOAD ASSEMBLIES AND MODULES
  Try
  Import-Module ActiveDirectory -ErrorAction Stop
  Catch
  Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!"
  Exit 1
  #STATIC VARIABLES
  $path = Split-Path -parent $MyInvocation.MyCommand.Definition
  $newpath = $path + "\import_create_ad_users_test.csv"
  $log = $path + "\create_ad_users.log"
  $date = Get-Date
  $addn = (Get-ADDomain).DistinguishedName
  $dnsroot = (Get-ADDomain).DNSRoot
  $i = 1
  $server = "localserver.ourdomain.net"
  #START FUNCTIONS
  Function Start-Commands
  Create-Users
  Function Create-Users
  "Processing started (on " + $date + "): " | Out-File $log -append
  "--------------------------------------------" | Out-File $log -append
  Import-CSV $newpath | ForEach-Object {
  If (($_.Implement.ToLower()) -eq "yes")
  If (($_.GivenName -eq "") -Or ($_.LastName -eq ""))
  Write-Host "[ERROR]`t Please provide valid GivenName, LastName. Processing skipped for line $($i)`r`n"
  "[ERROR]`t Please provide valid GivenName, LastName. Processing skipped for line $($i)`r`n" | Out-File $log -append
  Else
  # Set the target OU
  $location = $_.TargetOU + ",$($addn)"
  # Set the Enabled and PasswordNeverExpires properties
  If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False }
  If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False }
  If (($_.ChangePasswordAtLogon.ToLower()) -eq "true") { $changepassword = $True } Else { $changepassword = $False }
  # A check for the country, because those were full names and need
  # to be land codes in order for AD to accept them. I used Netherlands
  # as example
  If($_.Country -eq "Netherlands")
  $_.Country = "NL"
  ElseIf ($_.Country -eq "Austria")
  $_.Country = "AT"
  ElseIf ($_.Country -eq "Australia")
  $_.Country = "AU"
  ElseIf ($_.Country -eq "United States")
  $_.Country = "US"
  ElseIf ($_.Country -eq "Germany")
  $_.Country = "DE"
  ElseIf ($_.Country -eq "Italy")
  $_.Country = "IT"
  Else
  $_.Country = ""
  # Replace dots / points (.) in names, because AD will error when a
  # name ends with a dot (and it looks cleaner as well)
  $replace = $_.Lastname.Replace(".","")
  $lastname = $replace
  # Create sAMAccountName according to this 'naming convention':
  # <FirstName>"."<LastName> for example
  # joe.bloggs
  $sam = $_.GivenName.ToLower() + "." + $lastname.ToLower()
  Try { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" -Server $server }
  Catch { }
  If(!$exists)
  # Set all variables according to the table names in the Excel
  # sheet / import CSV. The names can differ in every project, but
  # if the names change, make sure to change it below as well.
  $setpass = ConvertTo-SecureString -AsPlainText $_.Password -force
  Try
  Write-Host "[INFO]`t Creating user : $($sam)"
  "[INFO]`t Creating user : $($sam)" | Out-File $log -append
  New-ADUser $sam -GivenName $_.GivenName `
  -Surname $_.LastName -DisplayName ($_.LastName + ", " + $_.GivenName) `
  -StreetAddress $_.StreetAddress -City $_.City `
  -Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) `
  -Company $_.Company -Department $_.Department `
  -Title $_.Title -AccountPassword $setpass `
  -PasswordNeverExpires $expires -Enabled $enabled `
  -ChangePasswordAtLogon $changepassword -server $server
  Write-Host "[INFO]`t Created new user : $($sam)"
  "[INFO]`t Created new user : $($sam)" | Out-File $log -append
  $dn = (Get-ADUser $sam).DistinguishedName
  # Set an ExtensionAttribute
  If ($_.ExtensionAttribute1 -ne "" -And $_.ExtensionAttribute1 -ne $Null)
  $ext = [ADSI]"LDAP://$dn"
  $ext.Put("extensionAttribute1", $_.ExtensionAttribute1)
  Try { $ext.SetInfo() }
  Catch { Write-Host "[ERROR]`t Couldn't set the Extension Attribute : $($_.Exception.Message)" }
  # Move the user to the OU ($location) you set above. If you don't
  # want to move the user(s) and just create them in the global Users
  # OU, comment the string below
  If ([adsi]::Exists("LDAP://$($location)"))
  Move-ADObject -Identity $dn -TargetPath $location
  Write-Host "[INFO]`t User $sam moved to target OU : $($location)"
  "[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append
  Else
  Write-Host "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!"
  "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" | Out-File $log -append
  # Rename the object to a good looking name (otherwise you see
  # the 'ugly' shortened sAMAccountNames as a name in AD. This
  # can't be set right away (as sAMAccountName) due to the 20
  # character restriction
  $newdn = (Get-ADUser $sam).DistinguishedName
  Rename-ADObject -Identity $newdn -NewName ($_.LastName + ", " + $_.GivenName)
  Write-Host "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n"
  "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" | Out-File $log -append
  Catch
  Write-Host "[ERROR]`t Oops, something went wrong: $($_.Exception.Message)`r`n"
  Else
  Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!`r`n"
  "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!" | Out-File $log -append
  Else
  Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) will be skipped for processing!`r`n"
  "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) will be skipped for processing!" | Out-File $log -append
  $i++
  "--------------------------------------------" + "`r`n" | Out-File $log -append
  Write-Host "STARTED SCRIPT`r`n"
  Start-Commands
  Write-Host "STOPPED SCRIPT"

  Here is one I have used.  It can be easily updated to accommodate many needs.
  function New-RandomPassword{
  $pwdlength = 10
  $bytes = [byte[]][byte]1
  $pwd=[string]""
  $rng=New-Object System.Security.Cryptography.RNGCryptoServiceProvider
  while (!(($PWD -cmatch "[a-z]") -and ($PWD -cmatch "[A-Z]") -and ($PWD -match "[0-9]"))){
  $pwd=""
  for($i=1;$i -le $pwdlength;$i++){
  $rng.getbytes($bytes)
  $rnd = $bytes[0] -as [int]
  $int = ($rnd % 74) + 48
  $chr = $int -as [char]
  $pwd = $pwd + $chr
  $pwd
  function AddUser{
  Param(
  [Parameter(Mandatory=$true)]
  [object]$user
  $pwd=New-RandomPassword
  $random=Get-Random -minimum 100 -maximum 999
  $surname="$($user.Lastname)$random"
  $samaccountname="$($_.Firstname.Substring(0,1))$surname"
  $userprops=@{
  Name=$samaccountname
  SamAccountName=$samaccountname
  UserPrincipalName=“$[email protected]”)
  GivenName=$user.Firstname
  Surname=$surname
  SamAccountName=$samaccountname
  AccountPassword=ConvertTo-SecureString $pwd -AsPlainText -force
  Path='OU=Test,DC=nagara,DC=ca'
  New-AdUser @userprops -Enabled:$true -PassThru | |
  Add-Member -MemberType NoteProperty -Name Password -Value $pwd -PassThru
  Import-CSV -Path c:\users\administrator\desktop\users.csv |
  ForEach-Object{
  AddUser $_
  } |
  Select SamAccountName, Firstname, Lastname, Password |
  Export-Csv \accountinformation.csv -NoTypeInformation
  ¯\_(ツ)_/¯

• Integration pack to create user from template

  Does anybody know if the Orchestrator 2012 Sp1  active directory integration pack has a way to create user from a template?
  I believe there is a create user but not from a template.
  Thanks
  Lance
  Thanks Lance

  Hi Lance,
  you are right. There's no "Create User from template" or "Copy User" Activity in the Integration pack for Active Directory in System Center SP1 or R2.
  Perhaps, you can use "Get User" to get some settings from the template and subscribe the results to "Create User" Activity.
  Regards,
  Stefan
  www.sc-orchestrator.eu ,
  Blog sc-orchestrator.eu

• Reconciliation of "change password on next logon" from AD fails in OIM 11g

  Hello,
  We have a use case on our OIM 11g project where we create a user in Active Directory and check *"User must change password at next logon"* box in AD.
  We have setup AD as Trusted and Target resource (using connector 9.1.1.7), where users coming from AD will be created in OIM and password changes in OIM will be sent to AD. Also we use the password synchronization module (9.1.1.5) to synchronize the passwords from AD to OIM when they are changed in AD.
  What we noticed is the "User must change password at next logon" is synchronized to the "AD Resource", but unlike the regular attributes it is not accessible normally because it's a system attribute.
  What we expect is the user logging in to OIM will be prompted to change the password, but nothing happens when the newly reconciled user logs in (i.e. normal self-service page is shown). Same thing applies when we set the flag on an existing user also.
  Did anyone get this working properly?
  P.S. In a previous version it used to be the opposite where the user was constantly prompted for the password, even though it was changed in AD already, after changing the password using Alt+Crtl+Delete the user was still prompted to change when logging in to OIM. Oracle suggested we upgrade to 11.1.1.5.1 (most recent patch set) but now the reverse happens - we never get change password prompt now.
  Thanks,
  -JP
  Edited by: JacekP on Oct 17, 2011 8:10 AM

  Yeah, you're right, unfortunately we have dual authorative password model, where a user can change the password from OIM when he is accessing a OIM through a web interface or from his Windows machine through the domain controller. We need the use case to work fully both ways ideally.
  A plan-B solution is to use a directory synchronization mechanism outside of OIM that would connect OID and AD, but we would prefer not to.

• Creating user from template in powershell - Server 2012 R2

  I've been research online how to create a user from a template in powershell and so far can't get it to work. Here is what I'm using:
  $instance = Get-ADUser –identity template_user
  New-ADUser –SamAccountName Test_Scripts –Instance $instance –Name “Test Scripts” –Enabled:$false
  I'm getting an error saying the operation failed because UPN value is not unique.  This is a very strange error to me, because it is saying that about the "-Instance" account.  But of course that one isn't unique.  That's the template.
    If I remove "-Instance $instance" from the code, it works just fine and creates the account, just not from a template, obviously.
  Any ideas?  Below is the entire pasted error.
  New-ADUser : The operation failed because UPN value provided for addition/modification is not unique forest-wide
  At line:1 char:1
  + New-ADUser –SamAccountName Test_Scripts –Instance $instance –Name “Test Scripts” ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : NotSpecified: (CN=Test Scripts...domain,DC=com:String) [New-ADUser], ADException
      + FullyQualifiedErrorId : ActiveDirectoryServer:8648,Microsoft.ActiveDirectory.Management.Commands.NewADUser

  Hi,
  You'll need to supply a unique UPN for the new user by adding in the -UserPrincipalName parameter.
  http://ss64.com/ps/new-aduser.html
  Don't retire TechNet! -
  (Don't give up yet - 13,225+ strong and growing)

• Create user from oracle form builder 10g

  dear all,
  anyone to help me? I want to try, to create a new user from form builder oracle 10g in windows, I use a default script like 'create user user_name identified 123' in toad 9.0 for oracle and the result is success but when I try to combine with form builder oracle 10g this script doesn't work...I hope somebody can help me to solve my problem..
  thank you,,,
  Dedy Prasetyo T.

  Dear Francois,,
  I've tried the way you suggested and success. but how if I take the value of user_name and password from the data block to insert table dba_users ? would you like to help me?
  regard,
  Dedy P.T

• "create user" not same as creating user from Administration?

  I have created users both from scripts and from the Administration pages and am getting different results.
  I created a user from a command line script (e.g., "create user <name> identified by <password>"), and then later granted the user all the privileges from the Administration -> Database users -> Manage Users page.
  I created a second user from within the Admin pages - this user has all the privileges and works fine.
  The user I created from the command line and then granted all privileges (including "DBA" and all explicit privileges) is NOT working correctly.
  Specifically:
  1. "select ... from ALL_OBJECTS" returns no records. (ALL_TABLES, ALL_INDEXES, and everything else that I try seem to work ok, but in order to see "ALL_OBJECTS", I have to explicitly qualify it with "SYS.ALL_OBJECTS".)
  2. When compiling PL/SQL procedures, etc. in that user schema, the built-in packages are not visible unless I explicitly GRANT EXECUTE on each package to the user (from a system account). At that point, they are accessible.
  I tried searching the forums for similar topics and didn't find any. I apologize if this is a redundant post, but it is driving me crazy.
  Can someone tell me how to make sure the script-created users get all the appropriate rights, and why when they are granted rights from the Admin screens, they still don't appear to have all the rights?
  I would strongly prefer not to drop the user account and rebuild it, as there are already 2200 existing objects (tables, procedures, indexes, etc.) in the user account.

  Please disregard this post. While investigating another issue, I discovered that the user account from which I had migrated 600+ tables had (for some unknown reason) empty copies of ALL_OBJECTS, USER_INDEXES, and USER_IND_COLUMNS in the user tablespace, so these got copied over with the other valid tables. Having "local" (and empty) copies was causing most of the issues.

• How to create user from one domain to remote domain

  Hi All,
  I want to create user in Security Realm from my own domain to a remote domain programatically. Can you suggest the entire process.
  Thanks in Advance.

  Not sure why but for me all the errors were resolved .
  import java.util.Hashtable;
  import javax.management.AttributeNotFoundException;
  import javax.management.InstanceNotFoundException;
  import javax.management.IntrospectionException;
  import javax.management.MBeanException;
  import javax.management.MBeanServer;
  import javax.management.MalformedObjectNameException;
  import javax.management.ObjectName;
  import javax.management.ReflectionException;
  import javax.management.modelmbean.ModelMBeanInfo;
  import javax.naming.Context;
  import javax.naming.InitialContext;
  import javax.naming.NamingException;
  public class Test {
       * @param args
       * @throws NamingException
       * @throws NullPointerException
       * @throws MalformedObjectNameException
       * @throws ReflectionException
       * @throws MBeanException
       * @throws InstanceNotFoundException
       * @throws AttributeNotFoundException
       * @throws IntrospectionException
       public static void main(String[] args) throws NamingException, MalformedObjectNameException, NullPointerException, AttributeNotFoundException, InstanceNotFoundException, MBeanException, ReflectionException, IntrospectionException {
            // TODO Auto-generated method stub
            Hashtable env = new Hashtable();
            env.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.jndi.WLInitialContextFactory");
            env.put(Context.SECURITY_PRINCIPAL, "weblogic");
            env.put(Context.SECURITY_CREDENTIALS, "weblogic1");
            env.put(Context.PROVIDER_URL, "t3://localhost:7001");
            InitialContext ctx = new InitialContext(env);
            MBeanServer wls = (MBeanServer) ctx.lookup("java:comp/env/jmx/runtime");
            ObjectName userEditor = null;
            ObjectName MBTservice = new ObjectName("com.bea:Name=MBeanTypeService," + "Type=weblogic.management.mbeanservers.MBeanTypeService");
            ObjectName rs = new ObjectName("com.bea:Name=RuntimeService,"+"Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean");
            ObjectName domainMBean = (ObjectName) wls.getAttribute(rs,"DomainConfiguration");
            ObjectName securityConfig = (ObjectName) wls.getAttribute(domainMBean,"SecurityConfiguration");
            ObjectName defaultRealm = (ObjectName) wls.getAttribute(securityConfig,"DefaultRealm");
            ObjectName[] atnProviders = (ObjectName[]) wls.getAttribute(defaultRealm,"AuthenticationProviders");
            for (ObjectName providerName : atnProviders) {
            if (userEditor == null) {
            ModelMBeanInfo info = (ModelMBeanInfo) wls.getMBeanInfo(providerName);
            String className = (String) info.getMBeanDescriptor().getFieldValue("interfaceClassName");
            if (className != null) {
            String[] mba = (String[]) wls.invoke( MBTservice, "getSubtypes", new Object[] {"weblogic.management.security.authentication.UserEditorMBean" }, new String[] { "java.lang.String" });
            for (String mb : mba)
            if (className.equals(mb)) userEditor = providerName;
            if (userEditor == null) throw new RuntimeException("Could not retrieve user editor");
            try{
            System.out.println("Creating User : testuser");
            wls.invoke(userEditor,"createUser",new Object[] {"testuser","password","test user"},new String[] {"java.lang.String", "java.lang.String","java.lang.String"});
            System.out.println("Created User : testuser");
            catch(Exception e){
            e.printStackTrace();
            ctx.close();
  }

• Create User from the end user pages

  I tried to create a user from a end user page and I get this error:
  com.waveset.util.WavesetException: WorkflowServices.provision: no view
  Anybody knows where the error is?
  Thanks!
  My workflow:
  <!-- MemberObjectGroups="#ID#Top" createDate="Wed May 30 10:36:29 CEST 2007" extensionClass="WFProcess" id="#ID#48FDDE54A046A13F:-14C2A04D:112DBE4AB3D:-7FDA" name="PRUEBA" visibility="runschedule"-->
  <TaskDefinition id='#ID#48FDDE54A046A13F:-14C2A04D:112DBE4AB3D:-7FDA' name='PRUEBA' lock='Configurator#1181667176671' creator='Configurator' createDate='1180514189312' lastModifier='Configurator' lastModDate='1181666876671' lastMod='129' taskType='Workflow' executor='com.waveset.workflow.WorkflowExecutor' suspendable='true' syncControlAllowed='true' execMode='sync' execLimit='0' resultLimit='0' resultOption='delete' visibility='runschedule' progressInterval='0'>
  <Extension>
  <WFProcess name='PRUEBA' maxSteps='0'>
  <Activity id='0' name='start'>
  <Transition to='activity1'/>
  <WorkflowEditor x='88' y='120'/>
  </Activity>
  <Activity id='1' name='end'>
  <WorkflowEditor x='457' y='89'/>
  </Activity>
  <Activity id='2' name='activity1'>
  <ManualAction id='0' name='prueba' syncExec='true' itemType='wizard'>
  <WorkItemName>
  <ref>probando voy</ref>
  </WorkItemName>
  <FormRef>
  <ObjectRef type='UserForm' id='#ID#48FDDE54A046A13F:-14C2A04D:112DBE4AB3D:-7FC5' name='PRUEBAForm'/>
  </FormRef>
  </ManualAction>
  <Transition to='Create View'/>
  <WorkflowEditor x='177' y='266'/>
  </Activity>
  <Activity id='3' name='Provision'>
  <Action id='0' process='Provision'>
  <Variable name='op' value='provision'/>
  </Action>
  <Transition to='end'/>
  <WorkflowEditor x='380' y='305'/>
  </Activity>
  <Activity id='4' name='Create View'>
  <Comments>Initialize a new view.</Comments>
  <Action id='0' application='com.waveset.session.WorkflowServices'>
  <Argument name='op' value='createView'/>
  <Argument name='type' value='User'/>
  <Argument name='viewId' value='User'/>
  </Action>
  <Transition to='Provision'/>
  <WorkflowEditor x='247' y='416'/>
  </Activity>
  </WFProcess>
  </Extension>
  <MemberObjectGroups>
  <ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
  </MemberObjectGroups>
  <Properties>
  <Property name='editorOriginalName' value='PRUEBA'/>
  </Properties>
  </TaskDefinition>

  Hi gvivek99,
  I have put a link in the �Anonymous User Menu�
  <Field name='Test'>
    <Display class='Link'>
      <Property name='URL' value='user/anonProcessLaunch.jsp?newView=true'/>
      <Property name='id' value='PRUEBA'/>
    </Display>
  </Field>This link start "PRUEBA" Workflow (see my first post).
  This workflow call a ManualAction and open PRUEBAForm. In this form I request the accountID, firstname and lastname. But when I submit it, I get the next error:
  com.waveset.util.WavesetException: WorkflowServices.provision: no view
  <!--  MemberObjectGroups="#ID#Top" extensionClass="Form" id="#ID#48FDDE54A046A13F:-14C2A04D:112DBE4AB3D:-7FC5" lastMod="247" lastModifier="Configurator" name="PRUEBAForm"-->
  <Configuration id='#ID#48FDDE54A046A13F:-14C2A04D:112DBE4AB3D:-7FC5' name='PRUEBAForm' lock='Configurator#1182147751359' creator='Configurator' createDate='1180518677968' lastModifier='Configurator' lastModDate='1182147451343' lastMod='247' wstype='UserForm'>
    <Extension>
      <Form name='PRUEBAForm' noDefaultButtons='true' objectLocationID='objectName=PRUEBAForm&isBegin=true&objectPath=0&objectType=UserForm'>
        <Display class='EditForm'/>
        <Field name='waveset.accountId'>
          <Display class='Text'>
            <Property name='title' value='_FM_ACCOUNT_ID'/>
            <Property name='size' value='32'/>
            <Property name='maxLength' value='128'/>
            <Property name='required'>
              <Boolean>true</Boolean>
            </Property>
          </Display>
        </Field>
        <Field name='global.firstname'>
          <Display class='Text'>
            <Property name='title' value='_FM_FIRSTNAME'/>
            <Property name='size' value='32'/>
            <Property name='maxLength' value='128'/>
          </Display>
        </Field>
        <Field name='global.lastname'>
          <Display class='Text'>
            <Property name='title' value='_FM_LASTNAME'/>
            <Property name='size' value='32'/>
            <Property name='maxLength' value='128'/>
            <Property name='noNewRow' value='true'/>
          </Display>
        </Field>
        <Field name='global.fullname'>
          <Expansion>
            <cond>
              <and>
                <ref>global.firstname</ref>
                <ref>global.lastname</ref>
              </and>
              <concat>
                <ref>global.firstname</ref>
                <s> </s>
                <ref>global.lastname</ref>
              </concat>
            </cond>
          </Expansion>
        </Field>
        <Field name='nextCancelButtons'>
          <Field name=':variables.formButton' button='true'>
            <Display class='Button'>
              <Property name='label' value='Next'/>
              <Property name='value' value='Submit'/>
              <Property name='command' value='Save'/>
            </Display>
          </Field>
          <Field name=':variables.formButton' button='true'>
            <Display class='Button'>
              <Property name='label' value='Cancel'/>
              <Property name='value' value='Cancel'/>
              <Property name='command' value='SaveNoValidate'/>
            </Display>
          </Field>
          <Field name=':complete'>
            <Default>
              <s>true</s>
            </Default>
          </Field>
        </Field>
      </Form>
    </Extension>
    <MemberObjectGroups>
      <ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
    </MemberObjectGroups>
    <Properties>
      <Property name='editorOriginalName' value='PRUEBAForm'/>
    </Properties>
  </Configuration>Thanks

• IPlanet Target Recon issue in OIM 11g

  Hi,
  I have a user in OIM and iPlanet. Normally we used to link the user from iPlanet to OIM while running iPlanet Target Recon scheduler. It was working before, suddenly we are getting the below error.
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: EnterpriseDirectory from cache>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <Failed to load profile from MDS /db/EnterpriseDirectory. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/EnterpriseDirectory".>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <*Failed to load profile from MDS /db/EnterpriseDirectory_backup. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object* "/db/EnterpriseDirectory_backup".>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012122> <Reading configurations from the database for object name EnterpriseDirectory>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: tos not null>
  <Error> <oracle.iam.reconciliation.impl> <IAM-5010000> <Generic Information: {0}
  oracle.iam.reconciliation.exception.ConfigException: java.lang.NullPointerException
  at oracle.iam.reconciliation.impl.config.ProfileManager.lookupProfile(ProfileManager.java:174)
  at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.getProfile(ReconOperationsServiceImpl.java:2013)
  at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:367)
  at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:355)
  at Thor.API.Operations.tcReconciliationOperationsIntfEJB.ignoreEventx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
  at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
  at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy572.ignoreEventx(Unknown Source)
  at Thor.API.Operations.tcReconciliationOperationsIntfEJB_troehf_tcReconciliationOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
  at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
  We haven't deploy any patches recently and no major changes in that environment.
  Please help me to fix this issue.

  Kevin,
  I have deleted those three files from MDS and tried to recreate reconciliation profile. It throws below same error
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Unable to delete backup profile : /db/EnterpriseDirectory_backup, moving forward ...>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Unable to delete, as profile does not exist : /db/EnterpriseDirectory moving forward ...>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <Failed to load profile from MDS /db/EnterpriseDirectory. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/EnterpriseDirectory".>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <Failed to load profile from MDS /db/EnterpriseDirectory_backup. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/EnterpriseDirectory_backup".>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012122> <Reading configurations from the database for object name EnterpriseDirectory>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: tos not null>
  <Error> <XELLERATE.SERVER> <BEA-000000> <Error encountered during recon profile creation
  oracle.iam.reconciliation.exception.ConfigException: java.lang.NullPointerException
  at oracle.iam.reconciliation.impl.config.ReconPostImportConfigHandler.reconUpdate(ReconPostImportConfigHandler.java:153)
  at oracle.iam.reconciliation.impl.config.ReconPostImportConfigHandler.configure(ReconPostImportConfigHandler.java:110)
  at com.thortech.xl.dataobj.tcOBJ.configureReconProfile(tcOBJ.java:115)
  at com.thortech.xl.ejb.databeansimpl.tcOBJBean.configureReconProfile(tcOBJBean.java:80)
  It is trying to delete those files from MDS first before start creating new one. though it was not there it throws those exceptions. This is what I'm guessing.
  I have added filename like EnterpriseDirectory and EnterpriseDirectory_backup under /db/..... location and tried to recreate recon profile. I got the following information in logs
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Operation DELETE on MetadataObject /db/EnterpriseDirectory_backup>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Operation DELETE on MetadataObject /db/EnterpriseDirectory>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Operation CREATE on MetadataObject /db/EnterpriseDirectory_backup>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <*Failed to load profile from MDS /db/EnterpriseDirectory*. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/EnterpriseDirectory".>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012131> <Performing XML schema validation on EnterpriseDirectory>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012122> <Reading configurations from the database for object name EnterpriseDirectory>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: tos not null>
  <Error> <XELLERATE.SERVER> <BEA-000000> <Error encountered during recon profile creation
  oracle.iam.reconciliation.exception.ConfigException: java.lang.NullPointerException
  It is deleting the existing file and creating EnterpriseDirectory_backup file only and tried to load EnterpriseDirectory file inside /db/ location before creating the file.
  Correct me if I'm wrong.
  MDS repository holds the path of file name and where it needs to store but in backend in which format it is storing all xml files, any idea?
  Edited by: S.K.N on Jun 4, 2012 7:02 PM

• Sending email to user using the notification template in OIM 11g

  Hi all
  I have created a Notification Template using web console in OIM 11g.
  Iam able to access the contents from notification template in my java code.
  But iam not able to find the correct api's to send email to user using the notification template
  (like tcEmailNotificationUtil using this class we can connect to email template created in design console and creating IT resourse we can send email to user using the method sendEmail).
  Waiting for your help and pointers
  Thanks and Regards
  Bipin patil

  Thanks GP!.
  But i have the same doubt here.
  "The Notification Event is defined through a XML file that must be loaded into MDS database." - in which path and in what name it should be.
  Because under /metadata/iam-features-notification, i couldnt see any event Xml present. I thought atleast we could see the existing OOB notification template's event xml files.
  Please let me know if you are aware.
  Thanks,
  Amudha

• SJSDS recon issue with oim 11g

  I got the following logging message while reconciling SJSDS (sun directory server) with oim 11g. All the recon statuses were success (group, role, user, trusted user), but no data was from SJSDS.
  Did anyone has any idea about it?
  Thanks
  John
  [2011-06-19T10:01:47.352-05:00] [oim_server1] [NOTIFICATION] [IAM-0080013] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 0000J2cQzfw5qYWFLzfP8A1DzNVx0000A0,0] [APP: oim#11.1.1.3.0] [arg: 194] [arg: 0] [arg: JobDetails] [arg: UPDATE] Kernel executing default validation with process id, event id, entity and operation 194.0.JobDetails.UPDATE
  [2011-06-19T10:01:47.376-05:00] [oim_server1] [NOTIFICATION] [IAM-1020024] [oracle.iam.scheduler.impl.quartz] [tid: [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 0000J2cQzfw5qYWFLzfP8A1DzNVx0000A0,0] [APP: oim#11.1.1.3.0] [arg: 194.242.JobDetails.UPDATE.entityId=null] Execute default action handler with 194.242.JobDetails.UPDATE.entityId=null
  [2011-06-19T10:01:47.447-05:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.platform.kernel.dao] [tid: [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 0000J2cQzfw5qYWFLzfP8A1DzNVx0000A0,0] [APP: oim#11.1.1.3.0] Inserting records for orchestration cleanup
  [2011-06-19T10:01:47.475-05:00] [oim_server1] [NOTIFICATION] [IAM-0080046] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 0000J2cQzfw5qYWFLzfP8A1DzNVx0000A0,0] [APP: oim#11.1.1.3.0] [arg: Done] Completed orchestration with action result - Done
  [2011-06-19T10:01:47.705-05:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.platform.authz.impl] [tid: [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 0000J2cQzfw5qYWFLzfP8A1DzNVx0000A0,0] [APP: oim#11.1.1.3.0] [[
  *---Stack Trace Begins[[This is not an exception. For debugging purposes]]---*
  oracle.iam.platform.authz.impl.OESAuthzServiceImpl.doCheckAccess(OESAuthzServiceImpl.java:212) oracle.iam.platform.authz.impl.OESAuthzServiceImpl.hasAccess(OESAuthzServiceImpl.java:190)
  oracle.iam.platform.authz.impl.OESAuthzServiceImpl.hasAccess(OESAuthzServiceImpl.java:182)
  oracle.iam.platform.authz.impl.AuthorizationServiceImpl.hasAccess(AuthorizationServiceImpl.java:173)
  oracle.iam.scheduler.impl.util.SchedulerAccessUtils.checkOperationAccess(SchedulerAccessUtils.java:22)
  oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1555)
  oracle.iam.features.scheduler.agentry.operations.LookupActor.refresh(LookupActor.java:2969)
  oracle.iam.features.scheduler.agentry.operations.LookupActor.receiveEvent(LookupActor.java:2807)
  oracle.iam.consoles.faces.mvc.canonic.Model.handleIntent(Model.java:922)
  oracle.iam.consoles.faces.mvc.canonic.Controller.doHandleIntent(Controller.java:528)
  oracle.iam.consoles.faces.mvc.canonic.Controller.doSelectAction(Controller.java:203)
  oracle.iam.consoles.faces.event.NavigationListener.processAction(NavigationListener.java:97)
  ... 34 lines skipped..
  oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:115)
  ... weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:100)
  ... 15 lines skipped..
  weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  ---Stack Tracefor this call Ends---
  ]]

  As the log says thats not an exception. Anyway why dont you enable the connector logs and see what does the connector complaint about. Refer the Enable Logging section in the connector PDF
  Thanks
  SRS