Create User in OID
I am doing exactly same thing for Create User in OID. Following is my code.
String adminDN = "cn=orcladmin";
String adminPWD = "oracle10g";
boolean isSSL = false;
InitialLdapContext ctx = null;
System.out.println(adminDN);
System.out.println(adminPWD);
try {
String url = "";
if (isSSL){
url = "ldaps://";
else{
url = "ldap://";
url += hostname+":"+port;
Hashtable env = new Hashtable();
// env.put("java.naming.ldap.attributes.binary","objectGUID");
//Specify which class to use for our JNDI provider
env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
// Specify host and port to use for directory service
env.put(Context.PROVIDER_URL, url);
env.put(Context.SECURITY_PRINCIPAL,adminDN);
env.put(Context.SECURITY_CREDENTIALS,adminPWD);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
ctx = new InitialLdapContext(env,null);
System.out.println("It is in the create employee method ca;ll "+ctx);
catch (NamingException e) {
System.out.println("createEmployee method in Create class throw exception "+e.getMessage());
Map attrs = new HashMap();
// Replace address and mail with the new values
attrs.put("cn",inputText1.getValue().toString());
//attrs.put("uid","cn="+inputText1.getValue().toString()+",cn=users,dc=fjcs,dc=net");
attrs.put("uid", inputText1.getValue().toString());
attrs.put("userpassword","welcome1");
attrs.put("givenname",inputText3.getValue().toString());
attrs.put("displayName","mydisplayname");
attrs.put("sn",inputText4.getValue().toString());
attrs.put("mail",inputText5.getValue().toString());
attrs.put("telephonenumber",inputText6.getValue().toString());
public oracle.ldap.util.User createLdapUser(Map userLdapProperties, InitialLdapContext ctx) throws NamingException,
UtilException {
System.out.println("Inside createLdapUser ");
Subscriber mysub = null;
Iterator oidUserProperties = userLdapProperties.keySet().iterator();
Iterator oidUserPropertyValues =
userLdapProperties.values().iterator();
System.out.println("The oidUserProperties "+oidUserProperties);
System.out.println("The oidUserProperties "+oidUserPropertyValues);
//ldapSubscriberPath = this.getLdapSubscriberPath();
//RootOracleContext roc = new RootOracleContext(ctx);
//mysub = roc.getSubscriber(ctx, Util.IDTYPE_DN, "o=dec", mystr);
Subscriber subscriber = new Subscriber(ctx, Util.IDTYPE_DN,
null , false);
ModPropertySet userProperties = new ModPropertySet();
while (oidUserProperties.hasNext() &&
oidUserPropertyValues.hasNext()) {
System.out.println("Inside the while loop ");
String propertyName = (String)oidUserProperties.next();
System.out.println( propertyName);
String propertyValue = (String)oidUserPropertyValues.next();
System.out.println( propertyValue);
userProperties.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_REPLACE,
propertyName, propertyValue);
System.out.println( userProperties);
System.out.println("Outside the while loop");
oracle.ldap.util.User usr = subscriber.createUser(ctx, userProperties, false);
System.out.println("Heelo "+ usr);
System.out.println("The guid isn "+usr.getGUID(ctx));
return usr;
It does print the System.out "Outside the while loop" but not creating the User in OID. It does not even print the last two System.outs.........
System.out.println("Heelo "+ usr);
System.out.println("The guid isn "+usr.getGUID(ctx));
What is wrong ?
thanks,
pp
I did put try catch around the User object. Yet same thing.
System.out.println("Outside the while loop");
ModPropertySet mps = new ModPropertySet();
mps.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"cn", "John");
mps.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"sn", "John");
mps.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"uid", "John");
// Create the user
User newUser = subscriber.createUser( ctx, mps, false );
System.out.println("New User DN: " + newUser.getDN( ctx ) );
oracle.ldap.util.User usr = null;
try{
usr = subscriber.createUser(ctx, userProperties, false);
System.out.println("New User DN: " + usr.getDN( ctx ));
System.out.println("The guid isn "+usr.getGUID(ctx));
catch (Exception e) {
System.out.println("The message is "+e.getMessage());
Outside the while loop is the last System.out that gets printed on the console. I am using embedded oc4j. Why is the User not getting created ?
thanks,
pp
Similar Messages
-
Provision Users (create users) in OID at a specific DIT location
I have the current schema in place right now - (from top to bottom)
dc=***
dc=**
cn=Users
cn=**********
I have installed the OID connector and I am able to provision the users successfully in cn=*********,cn=Users,dc=**,dc=***
Now I want to provision (create users) in cn=*********,ou=people,dc=**,dc=***.
dc=***
dc=**
ou=people
cn=123456789
How can I do that?
These are the Resource Object details:
Admin Password *********
Recon Attribute Lookup Code AttrName.Recon.Map.OID
SSL false
Port 389
Root DN dc=**,dc=***
CustomizedReconQuery
Admin Id cn=orcladmin,cn=Users,dc=**,dc=***
Last Target Delete Recon TimeStamp -
Last Target Recon TimeStamp -
Last Trusted Delete Recon TimeStamp -
Server Address 123.456.78.9
Last Trusted Recon TimeStamp -
Prov Attribute Lookup Code AttrName.Prov.Map.OID
Use XL Org Structure false
I have tried changes in this but was still not able to provision.
Any clues/ideas? Didn't find anything in documentation.
Thanks in advance!
- oidm.Thanks for the reply!
Nopes I have just used normal OID connector provided by Oracle.
I figured it out.
You just need to add a lookup value in Organization DN in Resource Object form like Code as "ou=people" and Decode as "people". And you need to pull these values into process form by prepopulate adapter or just put it manually.
- oidm. -
Creating users in oid from forms
Hello,
how can i create or update an user and its corresponding rad in oid directly from forms 10.1.2. ?
thanks
Jean-YvesHi François,
in the past I used Forms9i OID integration demo
like i asked in this post
and i wonder if it still can be used inn 10.1.2.
But I wil take a deeper look to your blog (always useful ;-) ) and I think I will use it instead of the 9i version with java importer.
We have to migrate à 6i version to 10g and sso and so we have to move "n" oracle users into oid. it will be useful to use this package.
ps : I was not a lot active in this forum since i changed my job and also my login and lost my previous post count, but congratulations for your 5000 and more post and your a Ace !
Thanks
Jean-Yves
Message was edited by:
JeanYves -
Not able to create users in OID through OIM
HI,
I am creating users in OIM and provisioning them to OID. The create user is working fine but provisioning is not working.
The create user task is getting rejected with error message as :
Response: Target Unavailable Error
Response Description: Target server not available
In the weblogic console its showing error as:
INFO,24 Feb 2010 18:42:13,140,[XL_INTG.OID], Parameter Variables passed into co
m.thortech.xl.integration.OID.tcUtilOIDUserOperations:createUser(S,S,S,S,S): are
sContainerDN = ou=AGI(ENI UK Ltd),o=Shippers,dc=xoserve-apps,dc=com, sFirstName
= testuser17, sLastName = testuser17, sUserDNParam = TESTUSER17,
INFO,24 Feb 2010 18:42:13,156,[XL_INTG.OID],com.thortech.xl.integration.OID.uti
l.tcUtilLDAPOperations : connectToAvailableOID() : SSL option is not selected in
ITResource
ERROR,24 Feb 2010 18:42:16,156,[XL_INTG.OID],===================================
=================
ERROR,24 Feb 2010 18:42:16,156,[XL_INTG.OID], ERROR in OID:connectToAvailableOID
() CommunicationExceptionUnable to create Initial LDAP Context
ERROR,24 Feb 2010 18:42:16,156,[XL_INTG.OID],===================================
=================
ERROR,24 Feb 2010 18:42:16,156,[XL_INTG.OID],===================================
=================
ERROR,24 Feb 2010 18:42:16,156,[XL_INTG.OID],10.224.29.51:389
ERROR,24 Feb 2010 18:42:16,156,[XL_INTG.OID],===================================
ERROR,24 Feb 2010 18:42:16,171,[XL_INTG.OID],com.thortech.xl.integration.OID.uti
l.tcUtilLDAPOperations : disconnectFromLDAP() : : Unable to close LDAP Context.
The context was probably not created, since it is null
ERROR,24 Feb 2010 18:42:16,171,[XL_INTG.OID],===================================
=================
ERROR,24 Feb 2010 18:42:16,171,[XL_INTG.OID],===================================
=================
ERROR,24 Feb 2010 18:42:16,171,[XL_INTG.OID], ERROR in com.thortech.xl.integrati
on.OID.tcUtilOIDUserOperations:createUser(S,S,S,S,S) NoInitialContextExceptionEr
ror while connecting to target
ERROR,24 Feb 2010 18:42:16,171,[XL_INTG.OID],===================================
=================
ERROR,24 Feb 2010 18:42:16,171,[XL_INTG.OID],===================================
=================
ERROR,24 Feb 2010 18:42:16,171,[XL_INTG.OID],com.thortech.xl.integration.OID.uti
l.tcUtilLDAPOperations: Unable to close LDAP Context. The context was probably n
ot created, since it is null
ERROR,24 Feb 2010 18:42:16,171,[XL_INTG.OID],===================================
=================
Please help.
Thanks in advance.Thank a zillion to both of you...
It was connection problem. Somebody changed my OID's IP address.
Now my users are getting provisioned.
One more doubt how to give points to both of you. I dont know how to give points in this forum. -
EBS is creating users in OID, when it shouldn't. Wrong profiles?
I'm integrating EBS 12.1.6 with OAM 11g and OID11g. I've got Single Sign On working fine, but I noticed that when a user is created in EBS, it automatically gets created in OID too.
My users will be manually created in both OID and EBS through other processes so I really just need them to be linked. I registered the instance and oid with provisionType=4 (bidirectional sync no create).
I have these profile options set:
Applications SSO Auto Link User: Enabled
Applications SSO Login Types: Both
Application SSO LDAP Synchronization: Enabled
Applications SSO Enable OID Identity Add Event: Disabled
Link Applications user with OID user with same username: has no value
But I can't find documentation on what these various options do.
Anyone have any experience with this?
Thanks very much
AlexI'm integrating EBS 12.1.6 with OAM 11g and OID11g. I've got Single Sign On working fine, but I noticed that when a user is created in EBS, it automatically gets created in OID too.12.1.6?
But I can't find documentation on what these various options do.Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On [ID 376811.1]
Using the Latest Oracle Internet Directory 11gR1 Patchset with Single Sign-on and Oracle E-Business Suite [ID 876539.1]
Troubleshooting Oracle Access Manager and Oracle E-Business Suite AccessGate [ID 1077460.1]
Which Attributes Get Propagated From EBS to OID When One Is Implementing SSO With Applications [ID 1267512.1]
Oracle Application Server 10g with Oracle E-Business Suite Release 12 Troubleshooting [ID 380487.1]
"Applications SSO Auto Link User" (APPS_SSO_AUTO_LINK_USER) Profile option doesn't work and still ask to manually link the user [ID 399117.1]
Thanks,
Hussein -
Create User in OID using Java API
I read the documentation, read javadoc for Java API for OID, but still am not clear "how can I create a user in OID using Java API for OID."
It tells us how to create a java object User, but then how do we write this object to OID ?
I searched every where, metalink, forums, google...and am still looking for answere...
Thanks in Advance
Cheers
PuneetI did it using the Novell LDAP java api:
import com.novell.ldap.*;
public class LdapAdmin {
public static final String ldap_base = "dc=your,dc=company,dc=com";
public static final String ldap_user_base = "cn=Users," + ldap_base;
public static final String ldap_portal_base = "cn=PORTAL_GROUPS,cn=Groups," + ldap_base;
public static final String ldap_extended_base = "cn=Extended Properties,cn=OracleContext," + ldap_base;
public static final String ldap_dbdomain_base = "cn=OracleDefaultDomain,cn=OracleDBSecurity,cn=Products,cn=OracleContext," + ldap_base;
public static final String ldap_context_base = "cn=COMMON,cn=OracleDBAppContext," + ldap_dbdomain_base;
private static final String default_ldap_host = "infrastructure.your.company.com";
private static final int default_ldap_port = 4032;
private static final String default_ldap_login = "cn=orcladmin," + ldap_user_base;
private static final String default_ldap_pwd = "welcome1";
private static final String default_user_pwd = "secret";
private static final String[] personclass_values = { "top", "person", "organizationalPerson", "inetOrgPerson", "orcluser", "orcluserv2" };
public static LDAPConnection getConnection (String host, int port, String user, String pwd) {
LDAPConnection lc = new LDAPConnection();
try {
lc.connect(host,port);
lc.bind(user,pwd);
} catch (LDAPException lex) {
System.out.println("LDAP Error in getConnection: "+lex.getResultCode()+"-"+lex.getLDAPErrorMessage());
return lc;
public static LDAPConnection getConnection (String host, int port) {
LDAPConnection lc = new LDAPConnection();
try {
lc.connect(host,port);
} catch (LDAPException lex) {
System.out.println("LDAP Error in getConnection: "+lex.getResultCode()+"-"+lex.getLDAPErrorMessage());
return lc;
public static LDAPConnection getConnection (String user, String pwd) {
LDAPConnection lc = new LDAPConnection();
try {
lc.connect(default_ldap_host,default_ldap_port);
lc.bind(user,pwd);
} catch (LDAPException lex) {
System.out.println("LDAP Error in getConnection: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
lex.printStackTrace();
return lc;
public static LDAPConnection getConnection () {
return getConnection(default_ldap_host,default_ldap_port);
public static void bind (LDAPConnection conn, String user, String pwd) {
try {
conn.bind(user,pwd);
} catch (LDAPException lex) {
System.out.println("LDAP Error in bind: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
lex.printStackTrace();
private static void bind (LDAPConnection conn) {
bind(conn,default_ldap_login,default_user_pwd);
public static void modifyAttribute (LDAPConnection conn, String dn, String attr, String val, int mod) {
LDAPAttribute attribute = new LDAPAttribute(attr,val);
LDAPModification[] modification = new LDAPModification[] { new LDAPModification(mod,attribute) };
try {
conn.modify(dn,modification);
} catch (LDAPException lex) {
System.out.println("LDAP Error in modifyAttribute: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
public static void modifyAttribute (LDAPConnection conn, String dn, String attr, String val) {
modifyAttribute(conn,dn,attr,val,LDAPModification.REPLACE);
public static void addAttribute (LDAPConnection conn, String dn, String attr, String val) {
modifyAttribute(conn,dn,attr,val,LDAPModification.ADD);
public static void deleteAttribute (LDAPConnection conn, String dn, String attr, String val) {
modifyAttribute(conn,dn,attr,val,LDAPModification.DELETE);
public static void deleteEntry (LDAPConnection conn, String dn) {
try {
conn.delete(dn);
} catch (LDAPException lex) {
System.out.println("LDAP Error in deleteEntry: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
public static boolean isValidDn(LDAPConnection conn, String dn) {
try {
LDAPSearchResults res = conn.search(dn);
} catch (LDAPException lex) {
System.out.println("LDAP Error in deleteEntry: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
return false;
public static void createPerson (LDAPConnection conn, String net_id, String lname, String fname, String office, String email, String id, String fullname) {
LDAPAttributeSet attributeSet = new LDAPAttributeSet();
attributeSet.add(new LDAPAttribute("cn", net_id));
attributeSet.add(new LDAPAttribute("sn", lname));
attributeSet.add(new LDAPAttribute("objectclass", personclass_values));
attributeSet.add(new LDAPAttribute("l", office));
attributeSet.add(new LDAPAttribute("mail", email));
attributeSet.add(new LDAPAttribute("employeeNumber", id));
attributeSet.add(new LDAPAttribute("givenName", fname));
attributeSet.add(new LDAPAttribute("uid", net_id));
// attributeSet.add(new LDAPAttribute("fullName", fullname));
attributeSet.add(new LDAPAttribute("orclpkcs12hint", default_user_pwd));
attributeSet.add(new LDAPAttribute("orclpassword", VerifyPassword.getHash(net_id,default_user_pwd)));
attributeSet.add(new LDAPAttribute("userpassword", default_user_pwd));
attributeSet.add(new LDAPAttribute("orcldefaultprofilegroup", "cn=DEFAULT,"+ldap_portal_base));
LDAPEntry entry = new LDAPEntry("cn="+net_id+","+ldap_user_base,attributeSet);
try {
conn.add(entry);
} catch (LDAPException lex) {
System.out.println("LDAP Error in createPerson: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
public static void updatePerson (LDAPConnection conn, String net_id, String lname, String fname, String office, String email, String id, String fullname) {
LDAPModification[] mod = new LDAPModification[8];
mod[0] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("cn", net_id));
mod[1] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("sn", lname));
mod[2] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("l", office));
mod[3] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("mail", email));
mod[4] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("employeeNumber", id));
mod[5] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("givenname", fname));
mod[6] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("fullName", fullname));
mod[7] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("uid", net_id));
try {
conn.modify("cn="+net_id+","+ldap_user_base,mod);
} catch (LDAPException lex) {
System.out.println("LDAP Error in updatePerson: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
public static void main (String[] args) {
try {
LDAPConnection conn = getConnection(default_ldap_login,default_ldap_pwd);
// updatePerson(conn,"ID1","Somebody","Joe","CLE","[email protected]","1","Joe Somebody 2");
// modifyAttribute(conn,"cn=ID1,"+ldap_user_base,"fullName","Joe Somebody",LDAPModification.REPLACE);
// modifyAttribute(conn,"cn=ID1,"+ldap_user_base,"displayName","Joe Somebody");
createPerson(conn,"ID1","Somebody","Joe","CLE","[email protected]","1","Joe Somebody");
// deleteEntry(conn,"cn=ID1,"+ldap_user_base);
conn.disconnect();
} catch (LDAPException lex) {
System.out.println("LDAP Error in main: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
} -
Hi,
We have changed the OID sever for an 11i instance
Hence I think some users who were in the old OID server are not present in the new one
And the FND users of 11i are not able to get authenticated
Shall I
- Create the user in new OID server - Configuration tab of http://server/oiddas doesnt allow me to do that
How ?
Any API ?
- Export / import from the old OID server to new one ?
If yes, which tables
- Can I update FND_USER to do the local authentication and not go thru OID/ SSO ?
Thanks
- PoojaLogged in as orcladmin and was able to create the user
Any other steps for mapping it with FND_USER ?
Still authentication is not working
fnd_web_sec.validate_login function returns 'N' in the Apps database -
Create users in OID or update FND_USER to do the local authentication
Hi,
We have changed the OID sever for an 11i instance
Hence I think some users who were in the old OID server are not present in the new one
And the FND users of 11i are not able to get authenticated
Shall I
- Create the user in new OID server - Configuration tab of http://server/oiddas doesnt allow me to do that
How ?
Any API ?
- Export / import from the old OID server to new one ?
If yes, which tables
- Can I update FND_USER to do the local authentication and not go thru OID/ SSO ?
Thanks
- Pooja
I have posted the question in Application Server - General forum alsoMetalink note 233436.1 and 186981.1 should be of some help.
You can change to local authentication by setting two profile options
Applications SSO Login Types set to Local
and Applications SSO Type to SSWA
You may have to reset the users password if it has been set to EXTERNAL -
How to create User Portal in OID programmatically in JSP
Hi.
I want to create User Portal programmatically in JSP (if posible) or have to use procedure.
I check with package wwsec_api, it just have 'function
add_portal_user', but it say we must have "the user must already exist in OID before this function is called."
So, i checked for 'how to create User in OID'. What i got (in metalink)just methods that 'Create manually Portal Users in to OID' by LDAP or PL/SQL coding (with list of user in flat files).
What i want to do is, How to create User POrtal in OID by JSP? What are the procedure/table/method involved?
Do anybody have any samples?..
Thanks.I had to write my own because I could not find one anywhere. Here is an addUser() method that seems to work pretty well.
import oracle.ldap.util.jndi.ConnectionUtil;
import javax.naming.directory.*;
import javax.naming.*;
public class LdapUser
public LdapUser(){}
public void addUser(String pUsername, String pPassword, String pFirstName, String pLastName, String pEmail)
try
InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx("host", "port", "orcladmin", "pwd");
BasicAttributes attrs = new BasicAttributes();
BasicAttribute oc = new BasicAttribute("objectclass");
oc.add("top");
oc.add("person");
oc.add("inetOrgPerson");
oc.add("organizationalPerson");
oc.add("orclUser");
oc.add("orclUserV2");
attrs.put(oc);
BasicAttribute gn = new BasicAttribute("givenName", pFirstName);
attrs.put(gn);
BasicAttribute sn = new BasicAttribute("sn", pLastName);
attrs.put(sn);
BasicAttribute cn = new BasicAttribute("mail", pEmail);
attrs.put(cn);
BasicAttribute pwd = new BasicAttribute("userpassword", pPassword);
attrs.put(pwd);
// Etcetera, etcetera...
ctx.createSubcontext("cn="+pUsername+",cn=users,dc=whatever,dc=com", attrs);
ctx.close();
System.out.println("Success!!");
catch (NameAlreadyBoundException nabe)
System.out.println("Username is already in use. Please choose another.");
catch (NamingException ne)
System.out.println("NamingException: " + ne);
catch (Exception e)
System.out.println("User account was not created.");
} -
Invalid Naming Error while creating user in OIM and provisioning to OID
Hi,
I am trying to create users in OIM. As per the access policy, the users will directly provisioned to OID. When I am creating users in OIM, its showing provisioning for OID user resource. The create user task is rejected with error as
"Response: Invalid Naming Error
Response Description: Naming exception encountered"
If anybody is getting these error, then please suggest a solution.
Thanks.logs ???
Are you provisioning any custom attributes of different object classes . Make sure you include those object classes as well , go to connector documentation for adding the object classes .., may be some configuration look up ....i guess
Thanks
Suren
Edited by: Suren on Jul 6, 2010 7:41 PM -
OIM Provisioning - Error during OID Create User Task
Hi,
I am getting the following error during OIM Provisioning to OID (Create User Task).
I added few more attributes to the OID_USR form and then to the "OID User" Process Definition.
Also, I added the Code/Decode Key Values in AttrName.Prov.Map.OID.
DEBUG,08 Dec 2010 21:19:04,547,[XELLERATE.SERVER],Class/Method: tcDataBase/readPartialStatement entered.
ERROR,08 Dec 2010 21:19:04,555,[XELLERATE.ADAPTERS],Class/Method: tcAdapterMappingUtility/getRunTimeVariable Mappings encounter some problems: No data available for variable having key = 350
ERROR,08 Dec 2010 21:19:04,555,[XELLERATE.ADAPTERS],Class/Method: tcAdapterMappingUtility/getRunTimeVariable Mappings encounter some problems: No data available for variable having key = 350
java.lang.Exception: No data available for variable having key = 350
Earlier, before adding these attributes, the OID Create User Task was working. So I belive this is from the newly added attributes.
Questions:
- How to identity the attribute with this key? It looks like some of the attribute values that it gets during Run Time is not populated correctly. Any suggestions?
- "key = 350"- Is there a database table that this gets stored? SPD? or anything else?
Regards
Vijay Chinnasamy@Keviin,
I added 13 new attributes and corresponding "* Updated" Tasks.
For all these, ProcessInstanceKey is mapped to Process Data -> Process Instance.
I am going to validate the mappings again. Also, I noticed, some of the fields that I am prepopulating is not populated.
Regards
Vijay Chinnasamy -
Hi Experts,
I installed oim 11.1.1.5.0 and enabled ldap sync OID 11.1.1.6.0 and after completion of deployments i tried to create user from OIM admin console resulted in error.if i create roles it is working fine.I can see the same roles in OID.
Error message:
[2013-09-26T15:46:02.706+05:30] [oim_server1] [NOTIFICATION] [IAM-0080006] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] Orchestration process moved to failed stage, and the corresponding error is - {0}[[
oracle.iam.platform.kernel.EventFailedException: Failed to find obpasswordexpirydate in mandatory or optional attribute list.
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPHandler.execute(UserCreateLDAPHandler.java:98)
at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:898)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:634)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:664)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:435)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:381)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:334)
at oracle.iam.identity.usermgmt.impl.UserManagerImpl.create(UserManagerImpl.java:653)
at oracle.iam.identity.usermgmt.api.UserManagerEJB.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy329.createx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy184.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy323.createx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManagerDelegate.create(Unknown Source)
at oracle.iam.identitytaskflow.backing.taskflows.createuser.CreateUserView.saveUserOperation(CreateUserView.java:528)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.sun.el.parser.AstValue.invoke(Unknown Source)
at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:46)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: oracle.iam.platform.entitymgr.ProviderException: Failed to find obpasswordexpirydate in mandatory or optional attribute list.
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:303)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPPreProcessHandler.createUser(UserCreateLDAPPreProcessHandler.java:193)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPHandler.execute(UserCreateLDAPHandler.java:84)
... 111 more
Caused by: javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - LDAP Error 65 : [LDAP: error code 65 - Failed to find obpasswordexpirydate in mandatory or optional attribute list.]]; remaining name 'uid=400011,ou=identity,ou=ubank,ou=users,ou=external,dc=national,dc=com,dc=au'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3063)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:801)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:337)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:266)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:200)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.createSubcontext(LDAPUtil.java:1045)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.create(LDAPDataProvider.java:487)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:291)
... 113 more
[2013-09-26T15:46:02.842+05:30] [oim_server1] [NOTIFICATION] [IAM-3050144] [oracle.iam.identity.usermgmt.impl.handlers.create] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] Compensate method called in pre-process handler of user operation CREATE with process Id 87 and event Id 494
[2013-09-26T15:46:02.862+05:30] [oim_server1] [NOTIFICATION] [IAM-3010089] [oracle.iam.ldapsync.impl.eventhandlers.user] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] Compensate method called in pre-process handler of user operation CREATE with process Id 87 and event Id 485
[2013-09-26T15:46:02.902+05:30] [oim_server1] [NOTIFICATION] [IAM-0080046] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] Completed orchestration with action result - null
[2013-09-26T15:46:02.911+05:30] [oim_server1] [NOTIFICATION] [IAM-3050031] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] The result of the CREATE operation is null.
[2013-09-26T15:46:02.915+05:30] [oim_server1] [ERROR] [IAM-3050030] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] An exception occurred while performing the operation.[[
oracle.iam.platform.kernel.EventFailedException: Failed to find obpasswordexpirydate in mandatory or optional attribute list.
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:817)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:664)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:435)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:381)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:334)
at oracle.iam.identity.usermgmt.impl.UserManagerImpl.create(UserManagerImpl.java:653)
at oracle.iam.identity.usermgmt.api.UserManagerEJB.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy329.createx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy184.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy323.createx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManagerDelegate.create(Unknown Source)
at oracle.iam.identitytaskflow.backing.taskflows.createuser.CreateUserView.saveUserOperation(CreateUserView.java:528)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.sun.el.parser.AstValue.invoke(Unknown Source)
at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:46)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
[2013-09-26T15:46:02.916+05:30] [oim_server1] [ERROR] [] [oracle.iam.identitytaskflow.logging] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] IAM-3060023
[2013-09-26T15:46:04.026+05:30] [oim_server1] [NOTIFICATION] [IAM-0060016] [oracle.iam.platform.auth.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005988,0] [APP: oim#11.1.1.3.0] The IP address from which browser is triggered is 148.87.19.45
Please suggest me on this.
Best regards,
Srikanth Vadlamudi.check this link:
Updating Existing LDAP Users with Required Object Classes
http://docs.oracle.com/cd/E29597_01/fusionapps.1111/e21032/oim.htm -
How to get All Users from OID LDAP
Hi all,
I have Oracle Internet Directory(OID) and have created the users in it manually.
Now I want to extract all the users from OID. How can I get Users from OID??
Any response will be appritiated. If some one could show me demo code for that I shall be greatful to you.
Thanks and reagards
Pravyhi,
the notes from metalink:
bgards
elvis
Doc ID: Note:276688.1
Subject: How to copy (export/import) the Portal database schemas of IAS 9.0.4 to another database
Type: BULLETIN
Status: PUBLISHED
Content Type: TEXT/X-HTML
Creation Date: 18-JUN-2004
Last Revision Date: 05-AUG-2005
How to copy (export/import) Portal database schemas of IAS 9.0.4 to another database
Note 276688.1
Download scripts Unix: Attachment 276688.1:1
Download Perl scripts (Unix/NT) :Attachment 276688.1:2
This article is being delivered in Draft form and may contain errors. Please use the MetaLink "Feedback" button to advise Oracle of any issues related to this article.
HISTORY
Version 1.0 : 24-JUN-2004: creation
Version 1.1 : 25-JUN-2004: added a link to download the scripts from Metalink
Version 1.2 : 29-JUN-2004: Import script: Intermedia indexes are recreated. Imported jobs are reassigned to Portal. ptlconfig replaces ptlasst.
Version 1.3 : 09-JUL-2004: Additional updates. Usage of iasconfig.xml. Need only 3 environment variables to import.
Version 1.4 : 18-AUG-2004: Remark about 9.2.0.5 and 10.1.0.2 database
Version 1.5 : 26-AUG-2004: Duplicate job id
Version 1.6 : 29-NOV-2004: Remark about WWC-44131 and WWSBR_DOC_CTX_54
Version 1.7 : 07-JAN-2005: Attached perl scripts (for NT/Unix) at the end of the note
Version 1.8 : 12-MAY-2005: added a work-around for the WWSTO_SESS_FK1 issue
Version 1.9 : 07-JUL-2005: logoff trigger and 9.0.1 database export, import in 10g database
Version 1.10: 05-AUG-2005: reference to the 10.1.2 note
PURPOSE
This document explains how to copy a Portal database schema from a database to another database.
It allows restoring the Portal repository and the OID security associated with Portal.
It can be used to go in production by copying physically a database from a development portal to a production environment and avoid to use the export/import utilities of Portal.
This note:
uses the export/import on the database level
allows the export/import to be done between different platforms
The script are Unix based and for the BASH shell. They can be adapted for other platforms.
For the persons familiar with this technics in Portal 9.0.2, there is a list of the main differences with Portal 9.0.2 at the end of the note.
These scripts are based on the experience of a lot of persons in Portal 902.
The scripts are attached to the note. Download them here: Attachment 276688.1:1 : exp_schema_904.zip
A new version of the script was written in Perl. You can also download them, here: Attachment 276688.1:2 : exp_schema_904_v2.zip. They do exactly the same than the bash ones. But they have the advantage of working on all platforms.
SCOPE & APPLICATION
This document is intented for Portal administrators. For using this note, you need basic DBA skills.
This notes is for Portal 9.0.4.x only. The notes for Portal 9.0.2 are :
Note 228516.1 : How to copy (export/import) Portal database schemas of IAS 9.0.2 to another database
Note 217187.1 : How to restore a cold backup of a Portal IAS 9.0.2 on another machine
The note for Portal 10.1.2 is:
Note 330391.1 : How to copy (export/import) Portal database schemas of IAS 10.1.2 to another databaseMethod
The method that we will follow in the document is the following one:
Export:
- export of the 4 portal schemas of a database (DEV / development)
- export the LDAP OID users and groups (optional)
Install a new machine with fresh IAS installation (PROD / production)
Import:
- delete the new and empty portal schema on PROD
- import the schemas in the production database in place of the deleted schemas
- import the LDAP OID users and groups (optional)
- modify the configuration such that the infrastructure uses the portal repository of the backup
- modify the configuration such that the portal repository uses the OID, webcache and SSO of the new infrastructure
The export and the import are divided in several steps. All of these steps are included in 2 sample scripts:
export : exp_portal_schema.sh
import : imp_portal_schema.sh
In the 2 scripts, all the steps are runned in one shot. It is just an example. Depending of the configuration and circonstance, all the steps can be runned independently.
Convention
Development (DEV) is the name of the machine where resides the copied database
Production (PROD) is the name of the machine where the database is copied
Prerequisite
Some prerequisite first.
A. Environment variables
To run the import/export, you will need 3 environment variables. In the given scripts, they are defined in 'portal_env.sh'
SYS_PASSWORD - the password of user sys in the Portal database
IAS_PASSWORD - the password of IAS
ORACLE_HOME - the ORACLE_HOME of the midtier
The rest of the settings are found automatically by reading the iasconfig.xml file and querying the OID. It is done in 'portal_automatic_env.sh'. I wish to write a note on iasconfig.xml and the way to transform it in usefull environment variables. But it is not done yet. In the meanwhile, you can read the old 902 doc, that explains the meaning of most variables :
< Note 223438.1 : Shell script to find your portal passwords, settings and place them in environment variables on Unix >
B. Definition: Cutter database
A 'Cutter Database' is the term used to designate a Database created by RepCA or OUI and that contains all the schemas used by a IAS 9.0.4 infrastructure. Even if in most cases, several schemas are not used.
In Portal 9.0.4, the option to install only the portal repository in an empty database has been removed. It has been replaced by RepCA, a tool that creates an infrastructure database. Inside all the infrastucture database schemas, there are the portal schemas.
This does not stop people to use 2 databases for running portal. One for OID and one for Portal. But in comparison with Portal 9.0.2, all schemas exist in both databases even if some are not used.
The main idea of Cutter database is to have only 1 database type. And in the future, simplify the upgrades of customer installation
For an installation where Portal and OID/SSO are in 2 separate databases, it looks like this
Portal 9.0.2 Portal 9.0.4
Infrastructure database
(INFRA_SID)
The infrastructure contains:
- OID (used)
- OEM (used)
- Single Sign-on / orasso (used)
- Portal (not used)
The infrastructure contains:
- OID (used)
- OEM (used)
- Single Sign-on / orasso (used)
- Portal (not used)
Portal database
(PORTAL_SID)
The custom Portal database contains:
- Portal (used)
The custom Portal database (is also an infrastructure):
- OID (not used)
- OEM (not used)
- Single Sign-on / orasso (not used)
- Portal (used)
Whatever, the note will suppose there is only one single database. But it works also for 2 databases installation like the one explained above.
C. Directory structure.
The sample scripts given inside this note will be explained in the next paragraphs. But first, the scripts are done to use a directory structure that helps to classify the files.
Here is a list of important files used during the process of export/import:
File Name
Description
exp_portal_schema.sh
Sample script that exports all the data needed from a development machine
imp_portal_schema.sh
Sample script that import all the data into a production machine
portal_env.sh
Script that defines the env variable specific to your system (to configure)
portal_automatic_env.sh
Helper script to get all the rest of the Portal settings automatically
xsl
Directory containing all the XSL files (helper scripts)
del_authpassword.xsl
Helper script to remove the authpassword tags in the DSML files
portal_env_unix.sql
Helper script to get Portal settings from the iasconfig.xml file
exp_data
Directory containing all the exported data
portal_exp.dmp
export on the database level of the portal, portal_app, ... database schemas
iasconfig.xml
copy the name of iasconfig.xml of the midtier of DEV. Used to get the hostname and port of Webcache
portal_users.xml
export from LDAP of the OID users used by Portal (optional)
portal_groups.xml export from LDAP of the OID groups used by Portal (optional)
imp_log
Directory containing several spool and logs files generated during the import
import.log Log file generated when running the imp command
ptlconfig.log
Log generated by ptlconfig when rewiring portal to the infrastructure.
Some other spool files.
D. Known limitations
The scripts given in this note have the following known limitations:
It does not copy the data stored in the SSO schema: external applications definitions and the passwords stored for them.
See in the post steps: SSO migration to know how to do.
The ssomig command resides in the Infrastructure Oracle home. And all commands of Portal in the Midtier home. And practically, these 2 Oracle homes are most of the time not on the same machine. This is the reason.
The export of the users in OID exports from the default user location:
ldapsearch .... -b "cn=users,dc=domain,dc=com"
This is not 100% correct. The users are by default stored in something like "cn=users,dc=domain,dc=com". So, if the users are stored in the default location, it works. But if this location (user install base) is customized, it does not work.
The reason is that such settings means that the LDAP most of the time highly customized. And I prefer that the administrator to copy the real LDAP himself. The right command will probably depend of the customer case. So, I prefered not to take the risk..
orclCommonNicknameAttribute must match in the Target and Source OID .
The orclCommonNicknameAttribute must match on both the source and target OID. By default this attribute is set to "uid", so if this has been changed, it must be changed in both systems.
Reference Note 282698.1
Migration of custom Java portlets.
The script migrates all the data of Portal stored in the database. If you have custom java portlet deployed in your development machine, you will need to copy them in the production system.
Step 1 - Export in Development (DEV)
To export a full Portal installation to another machine, you need to follow 3 steps:
Export at the database level the portal schemas + related schemas
Get the midtier hostname and port of DEV
Export of the users and groups with LDAPSEARCH in 2 XML files
A script combining all the steps is available here.
A. Export the 4 portals schemas (DEV)
You need to export 3 types of database schemas:
The 4 portal schemas created by default by the portal installation :
portal,
portal_app,
portal_demo,
portal_public
The schemas where your custom database portlets / providers resides (if any)
- The custom schemas you have created for storing your portlet / provider code
The schemas where your custom tables resides. (if any)
- Your custom schemas accessed by portal and containing only data (tables, views ...)
You can get an approximate list of the schemas: default portal schemas (1) and database portlets schemas (2) with this query.
SELECT USERNAME, DEFAULT_TABLESPACE, TEMPORARY_TABLESPACE
FROM DBA_USERS
WHERE USERNAME IN (user, user||'_PUBLIC', user||'_DEMO', user||'_APP')
OR USERNAME IN (SELECT DISTINCT OWNER FROM WWAPP_APPLICATION$ WHERE NAME != 'WWV_SYSTEM');
It still misses your custom schemas containing data only (3).
We will export the 4 schemas and your custom ones in an export file with the user sys.
Please, use a command like this one
exp userid="'sys/change_on_install@dev as sysdba'" file=portal_exp.dmp grants=y log=portal_exp.log owner=(portal,portal_app,portal_demo,portal_public)The result is a dump file: 'portal_exp.dmp'. If you are using a database 9.2.0.5 or 10.1.0.2, the database of the exp/imp dump file has changed. Please read this.
B. Hostname and port
For the URL to access the portal, you need the 2 following infos to run the script 'imp_portal_schema.sh below :
Webcache hostname
Webcache listen port
These values are contained in the iasconfig.xml file of the midtier.
iasconfig.xml
<IASConfig XSDVersion="1.0">
<IASInstance Name="ias904.dev.dev_domain.com" Host="dev.dev_domain.com" Version="9.0.4">
<OIDComponent AdminPassword="@BfgIaXrX1jYsifcgEhwxciglM+pXod0dNw==" AdminDN="cn=orcladmin" SSLEnabled="false" LDAPPort="3060"/>
<WebCacheComponent AdminPort="4037" ListenPort="7782" InvalidationPort="4038" InvalidationUsername="invalidator" InvalidationPassword="@BR9LXXoXbvW1iH/IEFb2rqBrxSu11LuSdg==" SSLEnabled="false"/>
<EMComponent ConsoleHTTPPort="1813" SSLEnabled="false"/>
</IASInstance>
<PortalInstance DADLocation="/pls/portal" SchemaUsername="portal" SchemaPassword="@BR9LXXoXbvW1c5ZkK8t3KJJivRb0Uus9og==" ConnectString="cn=asdb,cn=oraclecontext">
<WebCacheDependency ContainerType="IASInstance" Name="ias904.dev.dev_domain.com"/>
<OIDDependency ContainerType="IASInstance" Name="ias904.dev.dev_domain.com"/>
<EMDependency ContainerType="IASInstance" Name="ias904.dev.dev_domain.com"/>
</PortalInstance>
</IASConfig>
It corresponds to a portal URL like this:
http://dev.dev_domain.com:7782/pls/portalThe script exp_portal_schema.sh copy the iasconfig.xml file in the exp_data directory.
C. Export the security: users and groups (optional)
If you use other Single Sing-On uses than the portal user, you probably need to restore the full security, the users and groups stored in OID on the production machine. 5 steps need to be executed for this operation:
Export the OID entries with LDAPSEARCH
Before to import, change the domain in the generated file (optional)
Before to import, remove the 'authpassword' attributes from the generated files
Import them with LDAPADD
Update the GUID/DN of the groups in portal tables
Part 1 - LDAPSEARCH
The typical commands to do this operation look like this:
ldapsearch -h $OID_HOSTNAME -p $OID_PORT -X -b "cn=portal.040127.1384,cn=groups,dc=dev_domain,dc=com" -s sub "objectclass=*" > portal_group.xml
ldapsearch -h $OID_HOSTNAME -p $OID_PORT -X -D "cn=orcladmin" -w $IAS_PASSWORD -b "cn=users,dc=dev_domain,dc=com" -s sub "objectclass=inetorgperson" > portal_users.xmlTake care about the following points
The groups are stored in a LDAP directory containing the date of installation
( in this example: portal.040127.1384,cn=groups,dc=dev_domain,dc=com )
If the domain of dev and prod is different, the exported files contains the name of the development domain in the form of 'dc=dev_domain,dc=com' in a lot of place. The domain name needs to be replaced by the production domain name everywhere in the files.
Ldapsearch uses the option '- X '. It it to export to DSML files (XML). It avoids a problem related with common LDAP files, LDIF files. LDIF files are wrapped at 78 characters. The wrapping to 78 characters make difficult to change the domain name contained in the LDIF files. XML files are not wrapped and do not have this problem.
A sample script to export the 2 XML files is given here in : step 3 - export the users and groups (optional) of the export script.
Part 2 : change the domain in the DSML files
If the domain of dev and prod is different, the exported files contains the name of the development domain in the form of 'dc=dev_domain,dc=com' in a lot of place. The domain name need to be replaced by the production domain name everywhere in the files.
To do this, we can use these commands:
cat exp_data/portal_groups.xml | sed -e "s/$DEV_DN/$PROD_DN/" > imp_log/portal_groups.xml
cat exp_data/portal_users.xml | sed -e "s/$DEV_DN/$PROD_DN/" > imp_log/temp_users.xml
Part 3 : Remove the authpassword attribute
The export of all attributes from the all users has also exported an automatically generated attribute in OID called 'authpassword'.
'authpassword' is a list automatically generated passwords for several types of application. But mostly, it can not be imported. Also, there is no option in ldapsearch (that I know) that allows removing an attribute. In place of giving to the ldapsearch command the list of all the attributes that is very long, without 'authpassword', we will remove the attribute after the export.
For that we will use the fact that the DSML files are XML files. There is a XSLT in the Oracle IAS, in the executable '$ORACLE_HOME/bin/xml'. XSLT is a standard specification of the internet consortium W3C to transform a XML file with the help of a XSL file.
Here is the XSL file to remove the authpassword tag.
del_autpassword.xsl
<!--
File : del_authpassword.xsl
Version : 1.0
Author : mgueury
Description:
Remove the authpassword from the DSML files
-->
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xml:output method="xml"/>
<xsl:template match="*|@*|node()">
<xsl:copy>
<xsl:apply-templates select="*|@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="attr">
<xsl:choose>
<xsl:when test="@name='authpassword;oid'">
</xsl:when>
<xsl:when test="@name='authpassword;orclcommonpwd'">
</xsl:when>
<xsl:otherwise>
<xsl:copy>
<xsl:apply-templates select="*|@*|node()"/>
</xsl:copy>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
</xsl:stylesheet>
And the command to make the transfomation:
xml -f -s del_authpassword.xsl -o imp_log/portal_users.xml imp_log/temp_users.xmlWhere :
imp_log/portal_users.xml is the final file without authpassword tags
imp_log/temp_users.xml is the input file with the authpassword tags that can not be imported.
Part 4 : LDAPADD
The typical commands to do this operation look like this:
ldapadd -h $OID_HOSTNAME -p $OID_PORT -D "cn=orcladmin" -w $IAS_PASSWORD -c -X portal_group.xml
ldapadd -h $OID_HOSTNAME -p $OID_PORT -D "cn=orcladmin" -w $IAS_PASSWORD -c -X portal_users.xmlTake care about the following points
Ldapadd uses the option ' -c '. Existing users/groups are generating an error. The option -c allows continuing and ignoring these errors. Whatever, the errors should be checked to see if it is just existing entries.
A sample script to import the 2 XML files given in the step 5 - import the users and groups (optional) of the import script.
Part 5 : Update the GUID/DN
In Portal 9.0.4, the update of the GUID is taken care by PTLCONFIG during the import. (Import step 7)
D. Example script for export
Here is a example script that combines the 3 steps.
Depending of you need, you will :
or execute all the steps
or just execute the 1rst one (export of the database users). It will be enough you just want to login with the portal user on the production instance.
if your portal repository resides in a database 9.2.0.5 or 10.1.0.2, please read this
you can download all the scripts here, Attachment 276688.1:1
Do not forget to modify the script to your need and mostly add the list of users like explained in point A above.
exp_portal_schema.sh
# BASH Script : exp_portal_schema.sh
# Version : 1.3
# Portal : 9.0.4.0
# History :
# mgueury - creation
# Description:
# This script export a portal dump file from a dev instance
# -------------------------- Environment variables --------------------------
. portal_env.sh
# In case you do not use portal_env.sh you have to define all the variables
# For exporting the dump file only.
# export SYS_PASSWORD=change_on_install
# export PORTAL_TNS=asdb
# For the security (optional)
# export IAS_PASSWORD=welcome1
# export PORTAL_USER=portal
# export PORTAL_PASSWORD=A1b2c3de
# export OID_HOSTNAME=development.domain.com
# export OID_PORT=3060
# export OID_DOMAIN_DN=dc=`echo $OID_HOSTNAME | cut -d '.' -f2,3,4,5,6 --output-delimiter=',dc='`
# ------------------------------ Help function -----------------------------------
function press_any_key() {
if [ $PRESS_ANY_KEY_AFTER_EACH_STEP = "Y" ]; then
echo
echo Press enter to continue
read $ANY_KEY
else
echo
fi
echo "------------------------------- Export ------------------------------------"
# create a directory for the export
mkdir exp_data
# copy the env variables in the log just in case
export > exp_data/exp_env_variable.txt
echo "--------------------- step 1 - export"
# export the portal users, but take care to add:
# - your users containing DB providers
# - your users containing data (tables)
exp userid="'sys/$SYS_PASSWORD@$PORTAL_TNS as sysdba'" file=exp_data/portal_exp.dmp grants=y log=exp_data/portal_exp.log owner=(portal,portal_app,portal_demo,portal_public)
press_any_key
echo "--------------------- step 2 - store iasconfig.xml file of the MIDTIER"
cp $MIDTIER_ORACLE_HOME/portal/conf/iasconfig.xml exp_data
press_any_key
echo "--------------------- step 3 - export the users and groups (optional)"
# Export the groups and users from OID in 2 XML files (not LDIF)
# The OID groups of portal are stored in GROUP_INSTALL_BASE that depends
# of the installation date.
# For the user, I use the default place. If it does not work,
# you can find the user place with:
# > exec dbms_output.put_line(wwsec_oid.get_user_search_base);
# Get the GROUP_INSTALL_BASE used in security export
sqlplus $PORTAL_USER/$PORTAL_PASSWORD@$PORTAL_TNS <<IASDB
set serveroutput on
spool exp_data/group_base.log
begin
dbms_output.put_line(wwsec_oid.get_group_install_base);
end;
IASDB
export GROUP_INSTALL_BASE=`grep cn= exp_data/group_base.log`
echo '--- Exporting Groups'
echo 'creating portal_groups.xml'
ldapsearch -h $OID_HOSTNAME -p $OID_PORT -X -s sub -b "$GROUP_INSTALL_BASE" -s sub "objectclass=*" > exp_data/portal_groups.xml
echo '--- Exporting Users'
echo 'creating portal_users.xml'
ldapsearch -h $OID_HOSTNAME -p $OID_PORT -D "cn=orcladmin" -w $IAS_PASSWORD -X -s sub -b "cn=users,$OID_DOMAIN_DN" -s sub "objectclass=inetorgperson" > exp_data/portal_users.xml
The script is done to run from the midtier.
Step 2 - Install IAS in a new machine (PROD)
A. Installation
This note does not distinguish if Portal is sharing the same database than Single-Sign On and OID. For simplicity, I will speak only about 1 database. But I could also create a second infrastructure database just for the portal repository. This way is better for production system, because the Portal repository is only product used in the 2nd database. Having 2 separate databases allows taking easily backup of the portal repository.
On the production machine, you need to install a fresh install of IAS 9.0.4. Take care to use :
the same IAS patchset 9.0.4.1, 9.0.4.2, ...on the middle-tier and infrastruture than in development
and same characterset than in development (or UTF8)
The result will be 2 ORACLE_HOMES and 1 infrastructure database:
the ORACLE_HOME of the infrastructure (SID:infra904)
the ORACLE_HOME of the midtier (SID:ias904)
an infrastructure database (SID:asdb)
The empty new Portal install should work fine before to go to the next step.
B. About tablespaces (optional)
The size of the tablespace of the production should match the one of the Developement machine. If not, the tablespace will autoextend. It is not really a concern, but it is slow. You should modify the tablespaces for to have as much space on prod and dev.
Also, it is safer to check that there is enough free space on the hard disk to import in the database.
To modify the tablespace size, you can use Oracle Entreprise Manager console,
On Unix, . oraenv
infra904oemapp dbastudio
On NT Start/ Programs/ Oracle Application server - infra904 / Enterprise Manager Console
Launch standalone
Choose the portal database (typically asdb.domain.com)
Connect with a DBA user, sys or system
Click Storage/Tablespaces
Change the size of the PORTAL, PORTAL_DOC, PORTAL_LOGS, PORTAL_IDX tablespaces
C. Backup
It could be a good idea to take a backup of the MIDTIER and INFRASTRUCTURE Oracle Homes at that point to allow retesting the import process if it fails for any reason as much as you want without needing to reinstall everything.
Step 3 - Import in production (on PROD)
The following script is a sample of an Unix script that combines all the steps to import a portal repository to the production machine.
To import a portal reporistory and his users and group in OID, you need to do 8 things:
Stop the midtier to avoid errors while dropping the portal schema
SQL*Plus with Portal
Drop the 4 default portal schemas
Create the portal users with the same passwords than the just deleted users and give them grants (you need to create your own custom shemas too if you have some).
Import the dump file
Import the users and groups into OID (optional)
SQL*Plus with SYS : Post import changes
Recompile everything in the database
Reassign the imported jobs to portal
SQL*Plus with Portal : Post import changes
Recreate the Portal intermedia indexes
Correct an import errror on wwsrc_preference$
Make additional post import changes, by updating some portal tables, and replacing the development hostname, port or domain by the production ones.
Rewire the portal repository with ptlconfig -dad portal
Restart the midtier
Here is a sample script to do this on Unix. You will need to adapt the script to your needs.
imp_portal_schema.sh
# BASH Script : imp_portal_schema.sh
# Version : 1.3
# Portal : 9.0.4.0
# History :
# mgueury - creation
# Description:
# This script import a portal dump file and relink it with an
# infrastructure.
# Script to be started from the MIDTIER
# -------------------------- Environment variables --------------------------
. portal_env.sh
# Development and Production machine hostname and port
# Example
# .._HOSTNAME machine.domain.com (name of the MIDTIER)
# .._PORT 7782 (http port of the MIDTIER)
# .._DN dc=domain,dc=com (domain name in a LDAP way)
# These values can be determined automatically with the iasconfig.xml file of dev
# and prod. But if you do not know or remember the dev hostname and port, this
# query should find it.
# > select name, http_url from wwpro_providers$ where http_url like 'http%'
# These variables are used in the
# > step 4 - security / import OID users and groups
# > step 6 - post import changes (PORTAL)
# Set the env variables of the DEV instance
rm /tmp/iasconfig_env.sh
xml -f -s xsl/portal_env_unix.xsl -o /tmp/iasconfig_env.sh exp_data/iasconfig.xml
. /tmp/iasconfig_env.sh
export DEV_HOSTNAME=$WEBCACHE_HOSTNAME
export DEV_PORT=$WEBCACHE_LISTEN_PORT
export DEV_DN=dc=`echo $OID_HOSTNAME | cut -d '.' -f2,3,4,5,6 --output-delimiter=',dc='`
# Set the env variables of the PROD instance
. portal_env.sh
export PROD_HOSTNAME=$WEBCACHE_HOSTNAME
export PROD_PORT=$WEBCACHE_LISTEN_PORT
export PROD_DN=dc=`echo $OID_HOSTNAME | cut -d '.' -f2,3,4,5,6 --output-delimiter=',dc='`
# ------------------------------ Help function -----------------------------------
function press_any_key() {
if [ $PRESS_ANY_KEY_AFTER_EACH_STEP = "Y" ]; then
echo
echo Press enter to continue
read $ANY_KEY
else
echo
fi
echo "------------------------------- Import ------------------------------------"
# create a directory for the logs
mkdir imp_log
# copy the env variables in the log just in case
export > imp_log/imp_env_variable.txt
echo "--------------------- step 1 - stop the midtier"
# This step is needed to avoid most case of ORA-01940: user connected
# when dropping the portal user
$MIDTIER_ORACLE_HOME/opmn/bin/opmnctl stopall
press_any_key
echo "--------------------- step 2 - drop and create empty users"
sqlplus "sys/$SYS_PASSWORD@$PORTAL_TNS as sysdba" <<IASDB
spool imp_log/drop_create_user.log
---- Drop users
-- Warning: You need to stop all SQL*Plus connection to the
-- portal schema before that else the drop will give an
-- ORA-01940: cannot drop a user that is currently connected
drop user portal_public cascade;
drop user portal_app cascade;
drop user portal_demo cascade;
drop user portal cascade;
---- Recreate the users and give them grants"
-- The new users will have the same passwords as the users we just dropped
-- above. Do not forget to add your exported custom users
create user portal identified by $PORTAL_PASSWORD default tablespace portal;
grant connect,resource,dba to portal;
create user portal_app identified by $PORTAL_APP_PASSWORD default tablespace portal;
grant connect,resource to portal_app;
create user portal_demo identified by $PORTAL_DEMO_PASSWORD default tablespace portal;
grant connect,resource to portal_demo;
create user portal_public identified by $PORTAL_PUBLIC_PASSWORD default tablespace portal;
grant connect,resource to portal_public;
alter user portal_public grant connect through portal;
start $MIDTIER_ORACLE_HOME/portal/admin/plsql/wwv/wdbigra.sql portal
exit
IASDB
press_any_key
echo "--------------------- step 3 - import"
imp userid="'sys/$SYS_PASSWORD@$PORTAL_TNS as sysdba'" file=exp_data/portal_exp.dmp grants=y log=imp_log/import.log full=y
press_any_key
echo "--------------------- step 4 - import the OID users and groups (optional)"
# Some errors will be raised when running the ldapadd because at least the
# default entries will not be able to be inserted. Remove them from the
# ldif file if you want to avoid them. Due to the flag '-c', ldapadd ignores
# duplicate entries. Another more radical solution is to erase all the entries
# of the users and groups in OID before to run the import.
# Replace the domain name in the XML files.
cat exp_data/portal_groups.xml | sed -e "s/$DEV_DN/$PROD_DN/" > imp_log/portal_groups.xml
cat exp_data/portal_users.xml | sed -e "s/$DEV_DN/$PROD_DN/" > imp_log/temp_users.xml
# Remove the authpassword attributes with a XSL stylesheet
xml -f -s xsl/del_authpassword.xsl -o imp_log/portal_users.xml imp_log/temp_users.xml
echo '--- Importing Groups'
ldapadd -h $OID_HOSTNAME -p $OID_PORT -D "cn=orcladmin" -w $IAS_PASSWORD -c -X imp_log/portal_groups.xml -v
echo '--- Importing Users'
ldapadd -h $OID_HOSTNAME -p $OID_PORT -D "cn=orcladmin" -w $IAS_PASSWORD -c -X imp_log/portal_users.xml -v
press_any_key
echo "--------------------- step 5 - post import changes (SYS)"
sqlplus "sys/$SYS_PASSWORD@$PORTAL_TNS as sysdba" <<IASDB
spool imp_log/sys_post_changes.log
---- Recompile the invalid packages"
-- On the midtier, the script utlrp is not present. This step
-- uses a copy of it stored in patch/utlrp.sql
select count(*) INVALID_OBJECT_BEFORE from all_objects where status='INVALID';
start patch/utlrp.sql
set lines 999
select count(*) INVALID_OBJECT_AFTER from all_objects where status='INVALID';
---- Jobs
-- Reassign the JOBS imported to PORTAL. After the import, they belong
-- incorrectly to the user SYS.
update dba_jobs set LOG_USER='PORTAL', PRIV_USER='PORTAL' where schema_user='PORTAL';
commit;
exit
IASDB
press_any_key
echo "--------------------- step 6 - post import changes (PORTAL)"
sqlplus $PORTAL_USER/$PORTAL_PASSWORD@$PORTAL_TNS <<IASDB
set serveroutput on
spool imp_log/portal_post_changes.log
---- Intermedia
-- Recreate the portal indexes.
-- inctxgrn.sql is missing from the 9040 CD-ROMS. This is the bug 3536937.
-- Fixed in 9041. The missing script is contained in the downloadable zip file.
start patch/inctxgrn.sql
start $MIDTIER_ORACLE_HOME/portal/admin/plsql/wws/ctxcrind.sql
---- Import error
alter table "WWSRC_PREFERENCE$" add constraint wwsrc_preference_pk
primary key (subscriber_id, id)
using index wwsrc_preference_idx1
begin
DBMS_RLS.ADD_POLICY ('', 'WWSRC_PREFERENCE$', 'WEBDB_VPD_POLICY',
'', 'webdb_vpd_sec', 'select, insert, update, delete', TRUE,
static_policy=>true);
end ;
---- Modify tables with full URLs
-- If the domain name of prod and dev are different, this step is really important.
-- It modifies the portal tables that contains reference to the hostname or port
-- of the development machine. (For more explanation: see Addional steps in the note)
-- groups (dn)
update wwsec_group$
set dn=replace( dn, '$DEV_DN', '$PROD_DN' )
update wwsec_group$
set dn_hash = wwsec_api_private.get_dn_hash( dn )
-- users (dn)
update wwsec_person$
set dn=replace( dn, '$DEV_DN', '$PROD_DN' )
update wwsec_person$
set dn_hash = wwsec_api_private.get_dn_hash( dn)
-- subscriber
update wwsub_model$
set dn=replace( dn, '$DEV_DN', '$PROD_DN' ), GUID=':1'
where dn like '%$DEV_DN%'
-- preferences
update wwpre_value$
set varchar2_value=replace( varchar2_value, '$DEV_DN', '$PROD_DN' )
where varchar2_value like '%$DEV_DN%'
update wwpre_value$
set varchar2_value=replace( varchar2_value, '$DEV_HOSTNAME:$DEV_PORT', '$PROD_HOSTNAME:$PROD_PORT' )
where varchar2_value like '%$DEV_HOSTNAME:$DEV_PORT%'
-- page url items
update wwv_things
set title_link=replace( title_link, '$DEV_HOSTNAME:$DEV_PORT', '$PROD_HOSTNAME:$PROD_PORT' )
where title_link like '%$DEV_HOSTNAME:$DEV_PORT%'
-- web providers
update wwpro_providers$
set http_url=replace( http_url, '$DEV_HOSTNAME:$DEV_PORT', '$PROD_HOSTNAME:$PROD_PORT' )
where http_url like '%$DEV_HOSTNAME:$DEV_PORT%'
-- html links created by the RTF editor inside text items
update wwv_text
set text=replace( text, '$DEV_HOSTNAME:$DEV_PORT', '$PROD_HOSTNAME:$PROD_PORT' )
where text like '%$DEV_HOSTNAME:$DEV_PORT%'
-- Portlet metadata nls: help URL
update wwpro_portlet_metadata_nls$
set help_url=replace( help_url, '$DEV_HOSTNAME:$DEV_PORT', '$PROD_HOSTNAME:$PROD_PORT' )
where help_url like '%$DEV_HOSTNAME:$DEV_PORT%'
-- URL items (There is a trigger on this table building absolute_url automatically)
update wwsbr_url$
set absolute_url=replace( absolute_url, '$DEV_HOSTNAME:$DEV_PORT', '$PROD_HOSTNAME:$PROD_PORT' )
where absolute_url like '%$DEV_HOSTNAME:$DEV_PORT%'
-- Things attributes
update wwv_thingattributes
set value=replace( value, '$DEV_HOSTNAME:$DEV_PORT', '$PROD_HOSTNAME:$PROD_PORT' )
where value like '%$DEV_HOSTNAME:$DEV_PORT%'
commit;
exit
IASDB
press_any_key
echo "--------------------- step 7 - ptlconfig"
# Configure portal such that portal uses the infrastructure database
cd $MIDTIER_ORACLE_HOME/portal/conf/
./ptlconfig -dad portal
cd -
mv $MIDTIER_ORACLE_HOME/portal/logs/ptlconfig.log imp_log
press_any_key
echo "--------------------- step 8 - restart the midtier"
$MIDTIER_ORACLE_HOME/opmn/bin/opmnctl startall
date
Each step can generate his own errors due to a lot of factors. It is better to run the import step by step the first time.
Do not forget to check the output of log files created during the various steps of the import:
imp_log/drop_create_user.log
Spool when dropping and recreating the portal users
imp_log/import.log Import log file when importing the portal_exp.dmp file
imp_log/sys_post_changes.log
Spool when making post changes with SYS
imp_log/portal_post_changes.log
Spool when making post changes with PORTAL
imp_log/ptlconfig.log
Log file of ptconfig when rewiring the midtier
Step 4 - Test
A. Check the log files
B. Test the website and see if it works fine.
Step 5 - take a backup
Take a backup of all ORACLE_HOME and DATABASES to prevent all hardware problems. You need to copy:
All the files of the 2 ORACLE_HOME
And all the database files.
Step 6 - Additional steps
Here are some additional steps.
SSO external application ( that are part of the orasso schema and not imported yet )
Page URL items ( they seems to store the full URL ) - included in imp_portal_schema.sh
Web Providers ( the URL needs to be changed ) - included in imp_portal_schema.sh
Text items edited with the RTF editor in IE and containing links - included in imp_portal_schema.sh
Most of them are taken care by the "step 8 - post import changes". Except the first one.
1. SSO import
This script imports only Portal and the users/groups of OID. Not the list of the external application contained in the orasso user.
In Portal 9.0.4, there is a script called SSOMIG that resides in $INFRA_ORACLE_HOME/sso/bin and allows to move :
Definitions and user data for external applications
Registration URLs and tokens for partner applications
Connection information used by OracleAS Discoverer to access various data sources
See:
Oracle® Application Server Single Sign-On Administrator's Guide 10g (9.0.4) Part Number B10851-01
14. Exporting and Importing Data
2. Page items: the page URL items store the full URL.
This is Bug 2661805 fixed in Portal 9.0.2.6.
This following work-around is implemented in post import step of imp_portal_schema.sh
-- page url items
update wwv_things
set title_link=replace( title_link, 'dev.dev_domain.com:7778', 'prod.prod_domain.com:7778' )
where title_link like '%$DEV_HOSTNAME:$DEV_PORT%'
2. Web Providers
The URL to the Web providers needs also change. Like for the Page items, they contain the full path of the webserver.
Or you can get the list of the URLs to change with this query
select name, http_url from PORTAL.WWPRO_PROVIDERS$ where http_url like '%';
This following work-around is implemented in post import step of imp_portal_schema.sh
-- web providers
update wwpro_providers$
set http_url=replace( http_url, 'dev.dev_domain.com:7778', 'prod.prod_domain.com:7778' )
where http_url like '%$DEV_HOSTNAME:$DEV_PORT%'
4. The production and development machine do not share the same domain
If the domain of the production and the development are not the same, the DN (name in LDAP) of all users needs to change.
Let's say from
dc=dev_domain,dc=com -> dc=prod_domain,dc=com
1. before to upload the ldif files. All the strings in the 2 ldifs files that contain 'dc=dev_domain,dc=com', have to be replaced by 'dc=prod_domain,dc=com'
2. in the wwsec_group$ and wwsec_person$ tables in portal, the DN need to change too.
This following work-around is implemented in post import step of imp_portal_schema.sh
-- groups (dn)
update wwsec_group$
set dn=replace( dn, 'dc=dev_domain,dc=com', 'dc=prod_domain,dc=com' )
update wwsec_group$
set dn_hash = wwsec_api_private.get_dn_hash( dn )
-- users (dn)
update wwsec_person$
set dn=replace( dn, 'dc=dev_domain,dc=com', 'dc=prod_domain,dc=com' )
update wwsec_person$
set dn_hash = wwsec_api_private.get_dn_hash( dn)
5. Text items with HTML links
Sometimes people stores full URL inside their text items, it happens mostly when they use link with the RichText Editor in IE .
This following work-around is implemented in post import step in imp_portal_schema.sh
-- html links created by the RTF editor inside text items
update wwv_text
set text=replace( text, 'dev.dev_domain.com:7778', 'prod.prod_domain.com:7778' )
where text like '%$DEV_HOSTNAME:$DEV_PORT%'
6. OID Custom password policy
It happens quite often that the people change the password policy of the OID server. The reason is that with the default policy, the password expires after 60 days. If so, do not forget to make the same changes in the new installation.
PROBLEMS
1. Import log has some errors
A. EXP-00091 -Exporting questionable statistics
You can ignore this error.
B. IMP-00017 - WWSRC_PREFERENCE$
When importing, there is one import error:
IMP-00017: following statement failed with ORACLE error 921:
"ALTER TABLE "WWSRC_PREFERENCE$" ADD "
IMP-00003: ORACLE error 921 encountered
ORA-00921: unexpected end of SQL commandThe primary key is not created. You can create it with this commmand
in SQL*Plus with the user portal.. Then readd the missing VPD policy.
alter table "WWSRC_PREFERENCE$" add constraint wwsrc_preference_pk
primary key (subscriber_id, id)
using index wwsrc_preference_idx1
begin
DBMS_RLS.ADD_POLICY ('', 'WWSRC_PREFERENCE$', 'WEBDB_VPD_POLICY',
'', 'webdb_vpd_sec', 'select, insert, update, delete', TRUE,
static_policy=>true);
end ;
Step 8 in the script "imp_portal_schema.sh" take care of this. This can also possibly be solved by the
C. IMP-00017 - WWDAV$ASL
. importing table "WWDAV$ASL"
Note: table contains ROWID column, values may be obsolete 113 rows importedThis error is normal, the table really contains a ROWID column.
D. IMP-00041 - Warning: object created with compilation warnings
This error is normal too. The packages giving these error have
dependencies on package not yet imported. A recompilation is done
after the import.
E. ldapadd error 'cannot add add entries containing authpasswords'
# ldap_add: DSA is unwilling to perform
# ldap_add: additional info: You cannot add entries containing authpasswords.
"authpasswords" are automatically generated values from the real password of the user stored in userpassword. These values do not have to be exported from ldap.
In the import script, I remove the additional tag with a XSL stylesheet 'del_authpassword.xsl'. See above.
F. IMP-00017: WWSTO_SESSION$
IMP-00017: following statement failed with ORACLE error 2298:
"ALTER TABLE "WWSTO_SESSION$" ENABLE CONSTRAINT "WWSTO_SESS_FK1""
IMP-00003: ORACLE error 2298 encountered
ORA-02298: cannot validate (PORTAL.WWSTO_SESS_FK1) - parent keys not found
Here is a work-around for the problem. I will normally integrate it in a next version of the scripts.
SQL> delete from WWSTO_SESSION_DATA$;
7690 rows deleted.
SQL> delete from WWSTO_SESSION$;
1073 rows deleted.
SQL> commit;
Commit complete.
SQL> ALTER TABLE "WWSTO_SESSION$" ENABLE CONSTRAINT "WWSTO_SESS_FK1";
Table altered.
G. IMP-00017 - ORACLE error 1 - DBMS_JOB.ISUBMIT
This error can appear during the import when the import database is not empty and is already customized for some reasons. For example, you export from an infrastructure and you import in a database with a lot of other programs that uses jobs. And unhappily the same job id.
Due to the way the export/import of jobs is done, the jobs keeps their id after the import. And they may conflict.
IMP-00017: following statement failed with ORACLE error 1: "BEGIN DBMS_JOB.ISUBMIT(JOB=>42,WHAT=>'begin execute immediate " "''begin wwutl_cache_sys.process_background_inval; end;'' ; exc" "eption when others then wwlog_api.log(p_domain=> ''utl'', " " p_subdomain=>''cache'', p_name=>''background'', " " p_action=>''process_background_inval'', p_information => ''E" "rror in process_background_inval ''|| sqlerrm);end;', NEXT_DATE=" ">TO_DATE('2004-08-19:17:32:16','YYYY-MM-DD:HH24:MI:SS'),INTERVAL=>'SYSDATE " "+ 60/(24*60)',NO_PARSE=>TRUE); END;"
IMP-00003: ORACLE error 1 encountered ORA-00001: unique constraint (SYS.I_JOB_JOB) violated
ORA-06512: at "SYS.DBMS_JOB", line 97 ORA-06512: at line 1
Solutions:
1. use a fresh installed database,
2. Due that the jobs conflicting are different because it happens only in custom installation, there is no clear rule. But you can
recreate the jobs lost after the import with other_ids
and/or change the job id of the other program before to import. This type of commands can help you (you need to do it with SYS)
select * from dba_jobs;
update dba_jobs set job=99 where job=52;
commit
2. Import in a RAC environment
Be aware of the Bug 2479882 when the portal database is in a RAC database.
Bug 2479882 : NEEDED TO BOUNCE DB NODES AFTER INSTALLING PORTAL 9.0.2 IN RAC NODE3. Intermedia
After importing a environment, the intermedia indexes are invalid. To correct the error you need to run in SQL*Plus with Portal
start $MIDTIER_ORACLE_HOME/portal/admin/plsql/wws/inctxgrn.sql
start $MIDTIER_ORACLE_HOME/portal/admin/plsql/wws/ctxcrind.sql
But $MIDTIER_ORACLE_HOME/portal/admin/plsql/wws/inctxgrn.sql is missing in IAS 9.0.4.0. This is Bug 3536937. Fixed in 9041. The missing scripts are contained in the downloadable zip file (exp_schema904.zip : Attachment 276688.1:1 ), directory sql. This means that practically in 9040, you have to run
start sql/inctxgrn.sql
start $MIDTIER_ORACLE_HOME/portal/admin/plsql/wws/ctxcrind.sql
In the import script, it is done in the step 6 - recreate Portal Intermedia indexes.
You can not WA the problem without the scripts. Running ctxcrind.sql alone does not work. You will have this error:
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "PORTAL.WWERR_API_EXCEPTION", line 164
ORA-06512: at "PORTAL.WWV_CONTEXT", line 1035
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "PORTAL.WWERR_API_EXCEPTION", line 164
ORA-06512: at "PORTAL.WWV_CONTEXT", line 476
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-20000: Oracle Text error:
DRG-12603: CTXSYS does not own user datastore procedure: WWSBR_THING_CTX_69
ORA-06512: at line 13
4. ptlconfig
If you try to run ptlconfig simply after an import you will get an error:
Problem processing Portal instance: Configuring HTTP server settings : Installing cache data : SQL exception: ERROR: ORA-23421: job number 32 is not a job in the job queue
This is because the import done by user SYS has imported the PORTAL jobs to the SYS schema in place of portal. The solution is to run
update dba_jobs set LOG_USER='PORTAL', PRIV_USER='PORTAL' where schema_user='PORTAL';
In the import script, it is done in the step 8 - post import changes.
5. WWC-41417 - invalid credentials.
When you try to login you get:
Unexpected error encountered in wwsec_app_priv.process_signon (User-Defined Exception) (WWC-41417)
An exception was raised when accessing the Oracle Internet Directory: 49: Invalid credentials
Details
Error:Operation: dbms_ldap.simple_bind_s
OID host: machine.domain.com
OID port number: 4032
Entry DN: orclApplicationCommonName=PORTAL,cn=Portal,cn=Products,cn=OracleContext. (WWC-41743)Solution:
- run secupoid.sql
- rerun ptlconfig
This problem has been seen after using ptlasst in place of ptlconfig.
6. EXP-003 with a database 9.2.0.5 or 10.1.0.2
In fact, the DB format of imp/exp has changed in 9.2.0.5 or 10.1.0.2. The EXP-3 error only occurs when the export from the 9.2.0.5.0 or 10.1.0.2.0 database is done with a lower release export utility, e.g. 9.2.0.4.0.
Due to the way this note is written, the imp/exp utility used is the one of the midtier (9014), if your portal resides in a 9.2.0.5 database, it will not work. To work-around the problem, there are 2 solutions:
Change the script so that it uses the exp and imp command of database.
Make a change to the 9.2.0.5 or 10.1.0.2 database to make them compatible with previous version. The change is to modify a database internal view before to export/import the data.
A work-around is given in Bug 3784697
1. Make a note of the export definition of exu9tne from
$OH/rdbms/admin/catexp.sql
2. Copy this to a new file and add "UNION ALL select * from sys.exu9tneb" to the end of the definition
3. Run this as sys against the DB to be exported.
4. Export as required
5. Put back the original definition of exu9tne
eg: For 9204 the workaround view would be:
CREATE OR REPLACE VIEW exu9tne (
tsno, fileno, blockno, length) AS
SELECT ts#, segfile#, segblock#, length
FROM sys.uet$
WHERE ext# = 1
UNION ALL
select * from sys.exu9tneb
7. EXP-00006: INTERNAL INCONSISTENCY ERROR
This is Bug 2906613.
The work-around given in this bug is the following:
- create the following view, connected as sys, before running export:
CREATE OR REPLACE VIEW exu8con (
objid, owner, ownerid, tname, type, cname,
cno, condition, condlength, enabled, defer,
sqlver, iname) AS
SELECT o.obj#, u.name, c.owner#, o.name,
decode(cd.type#, 11, 7, cd.type#),
c.name, c.con#, cd.condition, cd.condlength,
NVL(cd.enabled, 0), NVL(cd.defer, 0),
sv.sql_version, NVL(oi.name, '')
FROM sys.obj$ o, sys.user$ u, sys.con$ c,
sys.cdef$ cd, sys.exu816sqv sv, sys.obj$ oi
WHERE u.user# = c.owner# AND
o.obj# = cd.obj# AND
cd.con# = c.con# AND
cd.spare1 = sv.version# (+) AND
cd.enabled = oi.obj# (+) AND
NOT EXISTS (
SELECT owner, name
FROM sys.noexp$ ne
WHERE ne.owner = u.name AND
ne.name = o.name AND
ne.obj_type = 2)
The modification of exu8con simply adds support for a constraint type that had not previously been supported by this view. There is no negative impact.
8. WWSBR_DOC_CTX_54 is invalid
After the recompilation of the package, one package remains invalid (in sys_post_changes.log):
INVALID_OBJECT_AFTER
1
select owner, object_name from all_objects where status='INVALID'
CTXSYS WWSBR_DOC_CTX_54
CREATE OR REPLACE procedure WWSBR_DOC_CTX_54
(rid in rowid, bilob in out NOCOPY blob)
is begin PORTAL.WWSBR_CTX_PROCS.DOC_CTX(rid,bilob);end;
This object is not used anymore by portal. The error can be ignored. The procedure can be removed too. This is Bug 3559731.
9. You do not have permission to perform this operation. (WWC-44131)
It seems that there are problems if
- groups on the production machine are not residing in the default place in OID,
- and that the group creation base and group search base where changed.
After this, the cloning of the repository work without problem. But it seems that the command 'ptlconfig -dad portal' does not reset the GUID and DN of the groups correctly. I have not checked this yet.
The solution seems to use the script given in the 9.0.2 Note 228516.1. And run group_sec.sql to reset all the DN and GUID in the copied instance.
10. Invalid Java objects when exporting from a 9.x database and importing in a 10g database
If you export from a 9.x database and import in a 10g database, after running utlrp.sql, 18 Java objects will be invalid.
select object_name, object_type from user_objects where status='INVALID'
SQL> /
OBJECT_NAME OBJECT_TYPE
/556ab159_Handler JAVA CLASS
/41bf3951_HttpsURLConnection JAVA CLASS
/ce2fa28e_ProviderManagerClien JAVA CLASS
/c5b98d35_ServiceManagerClient JAVA CLASS
/d77cf2ab_SOAPServlet JAVA CLASS
/649bf254_JavaProvider JAVA CLASS
/a9164b8b_SpProvider JAVA CLASS
/2ee43ac9_StatefulEJBProvider JAVA CLASS
/ad45acec_StatelessEJBProvider JAVA CLASS
/da1c4a59_EntityEJBProvider JAVA CLASS
/66fdac3e_OracleSOAPHTTPConnec JAVA CLASS
/939c36f5_OracleSOAPHTTPConnec JAVA CLASS
org/apache/soap/rpc/Call JAVA CLASS
org/apache/soap/rpc/RPCMessage JAVA CLASS
org/apache/soap/rpc/Response JAVA CLASS
/198a7089_Message JAVA CLASS
/2cffd799_ProviderGroupUtils JAVA CLASS
/32ebb779_ProviderGroupMgrProx JAVA CLASS
18 rows selected.
This is a known issue. This can be solved by applying patch one of the following patch depending of your IAS version.
Bug 3405173 - PORTAL 9.0.4.0.0 PATCH FOR 10G DB UPGRADE (FROM 9.0.X AND 9.2.X)
Bug 4100409 - PORTAL 9.0.4.1.0 PATCH FOR 10G DB UPGRADE (FROM 9.0.X AND 9.2.X)
Bug 4100417 - PORTAL 9.0.4.2.0 PATCH FOR 10G DB UPGRADE (FROM 9.0.X AND 9.2.X)
11. Import : IMP-00003: ORACLE error 30510 encountered
When importing Portal 9.0.4.x, it could be that the import of the database side produces an error ORA-30510.The new perl script work-around the issue in the portal_post_import.sql script. But not the BASH scripts. If you use the BASH scripts, after the import, please run this command manually in SQL*Plus logged as portal.
---- Import error 2 - ORA-30510 when importing
CREATE OR REPLACE TRIGGER logoff_trigger
before logoff on schema
begin
-- Call wwsec_oid.unbind to close open OID connections if any.
wwsec_oid.unbind;
exception
when others then
-- Ignore all the errors encountered while unbinding.
null;
end logoff_trigger;
This is logged as <Bug;4458413>.
12. Exporting from a 9.0.1 database and import in a 9.2.0.5+ or 10g DB
It could be that when exporting from a 9.0.1 database to a 10g database that the java classes do not get compiled correctly. The following errors are seen
ORA-29534: referenced object PORTAL.oracle/net/www/proto/https/HttpsURLConnection could not be resolved
errors:: class oracle/net/www/proto/https/HttpsURLConnection
ORA-29521: referenced name oracle/security/ssl/OracleSSLSocketFactoryImpl could not be found
ORA-29521: referenced name oracle/security/ssl/OracleSSLSocketFactory could not be found
In such a case, please apply the following patches after the import in the 10g database.
Bug 3405173 PORTAL REPOS DB UPGRADE TO 10G: for Portal 9.0.4.0
Bug 4100409 PORTAL REPOS DB UPGRADE TO 10G: for Portal 9.0.4.1
Main Differences with Portal 9.0.2
For the persons used to this technics in Portal 9.0.2, you could be interested to read the main differences with the same note for Portal 9.0.2
Portal 9.0.2
Portal 9.0.4
Cutter database
Portal 9.0.2 can be part of an infrastructure database or in a custom external database.
In Portal 9.0.2, the portal schema is imported in an empty database.
Portal 9.0.4 can only be installed in a 'Cutter database', a database created with RepCA or OUI containing always OID, DCM and so on...
In Portal 9.0.4, the portal schema is imported in an 'Cutter database' (new)
group_sec.sql
group_sec.sql is used to correct the GUIDs of OID stored in Portal
ptlconfig -dad portal -oid is used to correct the GUIDs of OID stored in Portal (new)
1 script
The import / export are divided by several steps with several scripts
The import script is done in one step
Additional steps are included in the script
This requires to know the hostname and port of the original development machine. (new)
Import
The steps are:
creation of an empty database
creation of the users with password=username
import
The steps are:
creation of an IAS 10g infrastructure DB (repca or OUI)
deletion of new portal schemas (new)
creation of the users with the same password than the schemas just dropped.
import
DAD
The dad needed to be changed
The passwords are not changed, the dad does not need to be changed.
Bugs
In portal 9.0.2, 2 bugs were workarounded by change_host.sh
In Portal 9.0.4, some tables additional tables needs to be updated manually before to run ptlasst. This is #Bug:3762961#.
export of LDAP
The export is done in LDIF files. If the prod and the dev have different domain, it is quite difficult to change the domain name in these file due to the line wrapping at 78 characters.
The export is done in XML files, in the DSML format (new). It is a lot easier to change the XML files if the domain name is different from PROD to DEV.
Download
You have to cut and paste the scripts
The scripts are attached to the note. Just donwload them.
Rewiring
9.0.2 uses ptlasst.
ptlasst.csh -mode MIDTIER -i custom -s $PORTAL_USER -sp $PORTAL_PASSWORD -c $PORTAL_HOSTNAME:$PORTAL_DB_PORT:$PORTAL_SERVICE_NAME -sdad $PORTAL_DAD -o orasso -op $ORASSO_PASSWORD -odad orasso -host $MIDTIER_HOSTNAME -port $MIDTIER_HTTP_PORT -ldap_h $INFRA_HOSTNAME -ldap_p $OID_PORT -ldap_w $IAS_PASSWORD -pwd $IAS_PASSWORD -sso_c $INFRA_HOSTNAME:$INFRA_DB_PORT:$INFRA_SERVICE_NAME -sso_h $INFRA_HOSTNAME -sso_p $INFRA_HTTP_PORT -ultrasearch -oh $MIDTIER_ORACLE_HOME -mc false -mi true -chost $MIDTIER_HOSTNAME -cport_i $WEBCACHE_INV_PORT -cport_a $WEBCACHE_ADM_PORT -wc_i_pwd $IAS_PASSWORD -emhost $INFRA_HOSTNAME -emport $EM_PORT -pa orasso_pa -pap $ORASSO_PA_PASSWORD -ps orasso_ps -pp $ORASSO_PS_PASSWORD -iasname $IAS_NAME -verbose -portal_only
9.0.4 uses ptlconfig (new)
ptlconfig -dad portal
Environment variables
A lot of environment variables are needed
Just 3 environment variables are needed:
- password of SYS
- password of IAS,
- ORACLE_HOME of the Midtier
All the rest is found in iasconfig.xml and LDAP (new)
TO DO
- Check if the orclcommonapplication name fits SID.hostname
- Check what gives the import of a portal30 upgraded schema inside a schema named portal
- Explain how to copy the portal*.dbf files in place of export/import and the limitation of tra -
Creating users using custom made class/UI in portal
This is what i have to achieve,
I need to create an interface in portal which will,
1. Create users in the OID where the users extend a class which i have created in OID with my custom attributes.
2. Then create them in portal and then assign them to default groups which will depend on a parameter in the user creation form.
From reading various documents in Metalink and OTN i have understood that the wwsec_api package allows us to do all this except that it is all for a user which will extend a predefined set of classes.
So i decided to do this
1.Make entries into the OID using the DBMS_LDAP package using commands like
emp_vals(1) := p_first_name;
DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_ADD,'firstName',emp_vals);
retval := DBMS_LDAP.add_s(emp_session,emp_dn,emp_array);
2.Fire the wwsec_api.add_portal_user to create the portal user and then activate and assign him to the default group after running the provsyns.sql file
The problem i face is that i get errors when i execute the said procedure from any other schema other than portal.
When the procedure is recreated in the portal schema and executed it works fine.
So i decided to create the entire package in the portal schema itself.
Now the problem i face is that the proc would execute fine on the sql prompt but fail when called from the form created in portal based on this procedure.
I found out that the execution fails when the wwsec_api.xxx calls are made.
The exceptions are not specific and have the error code 1 => user defined exception
To have a workaround for this i directly inserted into the wwsec_person$ table with no values for the GUID column( I know this is not recommended but i gave it a try)
The insert worked fine but i still had to set his default group.I tried updating the rows for the user to set the default_group column but there seems to be a trigger on it which causes the update to fail.
Also when i check up the wwsec_person$ table there two rows for each user that i created ,one without the GUID/default_group and the other with the GUID/default_group.I guess this is because of the trigger.
If i try using the wwsec_api.set_defaultgroup api, the proc fails.
It is quite interesting to note that all the steps mentioned above, grant access to the user to portal.
But the place it fails is while setting the default group for the same which is of prime importance to me.
Also because I am inserting directly into the tables i have also to delete them when the user is deleted, this is because i again cannot execute the delete_portal_user in the wwsec_api package from the browser.
Surprisingly the wwsec_api.create_list function works fine.
Once i have created the users all the manipulations like changing group memberships etc become easy as i just modify the required details in the OID itself.
What i need is a proper/safe way to do what i have just mentioned above.
Please help out ASAP as this is urgent.
Regards,
KKBased on your requirements, you should go about things a little differently...
You have written your custom DBMS_LDAP code to create and populate the user entry including your custom objectclasses - good.
You don't need to create the user profile in the Portal schema at all.
To set the default group, just set the orcldefaultprofilegroup attribute in the user entry in OID. This should be set to the DN of the default group.
When the user logs on, his profile will automatically be created, and the default group will also sync up with the user entry in OID (patch required - 2830252).
Also, you should have DIP provisioning running so that updates to the orcldefaultprofilegroup attribute in OID are subsequently conveyed to the portal schema. It will also take care of automatically deleting the user profile from the portal if the user is removed from OID.
Please see the Portal Configuration Guide on how to enable and activate the Directory Integration Platform (DIP) provisioning integration between OID and Portal -
Creating a user with "create user" privilege using PL/SQL?
I have managed to use the PL/SQL DBMS_LDAP package to create and modify OID users (DBMS_LDAP.add_s and DBMS_LDAP.modify_s).
The question is: How can I use DBMS_LDAP to assign privileges to OID users? By "privileges" I mean options like the following (i.e. the options you can enable/disable for any OID user if you login to OIDDAS and click the "privileges" button for a particular user):
Allow user creation
Allow user editing
Allow user deletion
Allow group creation
Allow group editing
Allow group deletion
Allow privilege assignment to users
Allow privilege assignment to groups
AndySolution found.
In case anyone comes back to this thread in the future looking to achieve a similar thing: Metalink 205315.1 contains details.
Maybe you are looking for
-
I got error "The workflow could not update the item, possibly because one or more columns for the item require a different type of information "I found out the cause is Update Item action I need to update item in another List call Custom
-
How do I set a path in an executable for a DLL?
I wrote a VI that is using a DLL in the Call Function Library Node. I set the parameters to Specify Path In Program in the node. I did this because I am distributing the VI as an executable and the path is obviously not the same as my VI. When runnin
-
Evening all, I just wanted to vent a little about my experience so far with BT. On the 3rd October I made the decision to go with BT for the new property I was going to be moving into. A good internet connection is essential for me as I often work re
-
OID and BPA Suite (publisher module) Compatibility?
I'd like to know if BPA Suite Publisher can use the OID/SSO as user repository and provide security. Our idea is to publish this module through Oracle Portal. Best regards. Edited by: [email protected] on Oct 10, 2008 10:11 AM
-
Hello, I am trying to access a USB capture card with labview so that I can watch the video on my computer screen. Eventually I would like to be able to record the video. The idea is to build a digital video recorded that detects motion an