Delay in the change user password OIM 11g

Hi guys,
I have a problem with OIM 11g. The user accesses the OIM to do change your password, when the message that password is changed show, the user executed log-off and try access with new password, but the new password isn't accepted.
The new password is posted to AD immediately.
Only after of some time, the new password is accepted in OIM.
I need the new password is applied as in AD. When changing the password.
Someone know resolve this issue??
Thanks

I don’t think this is possible. You can add some delay while changing target system password. But not guarantee.

Similar Messages

Problem with Notifications on Create User/ Change User Password

Hello,
I'm having a problem sending emails to users when an account is created in OIM.
I added a notification to the user and user's manager on the Create User task in the Xellerate User process definition but the emails are not being sent.
I know that if I create another task with the purpose of sending emails and invoke it through the response in the Create User task, it will work.
My aim is to avoid adding tasks for something OIM should be able to do OOTB.
I'm also unable to send an email when a password is updated.. I did the same thing as for the Create User and I know the task (Change User Password) is being invoked by looking at the logs but the emails aren't being sent.
Has anyone ran into such problems?
I'm having these problems in the Xellerate User process task.. i've added notifications in other process tasks (mainly approval tasks) and they are working fine.
Thanks in advance

Hi,
I am just confuse with your response.Have you added the "Password Updated" task in xellerate user provisioning process?
Now if you changing password in OIM profile it will trigger "Change User Password" task not the "Password Updated" task and even if you add "Password Updated" task on Xellerate User provisioning task you can't see this task in Resource Details.
Now assume if you added your notification on "Password Updated" task of any resource which user is provisioned to even then when you change oim password it only trigger "Change User Password" task.So try to have your notification on "Change User Password" task.
Please clarify so that I can response correctly.
Regards
Nitesh

Change User password not working in SAP ME 6.0

Hi,
In SAP ME 6.0 SP01 6.0.1.0 Counter 40, the activity "Change User Password" does not work for me or any other user.
The activity window (Netweaver) shows, but in the top it says "An error occurred - contact system administrator".
This is the output from the default trace file. Seems my user is not authorized, but where do I set this authorization?
Br,
Johan
#2.0 #2011 09 06 11:15:11:064#+0200#Error#com.sap.security.core.wd.jmxmodel.JmxModelComp#
#BC-JAS-SEC-UME#sap.com/tcsecumewduimodel#C0000AD3034800820000000100000450#9934850000000004#sap.com/tcsecumewdkit#com.sap.security.core.wd.jmxmodel.JmxModelComp#JONORD#16##380199ECD86811E088C3000000979802#ae0e9d52d86811e08e7a000000979802#ae0e9d52d86811e08e7a000000979802#0#Thread[HTTP Worker [@312363456],5,Dedicated_Application_Thread]#Plain##
public void supplyCompany(IPrivateJmxModelCompInterface.ICompanyNode node, IPrivateJmxModelCompInterface.IContextElement parentElement)
[EXCEPTION]
com.sap.engine.services.jmx.exception.JmxSecurityException: Caller JONORD not authorized, required permission missing (javax.management.MBeanPermission -\#getCompanyConceptEnabled[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)
     at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:100)
     at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:101)
     at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.checkMBeanPermission(MBeanServerSecurityWrapper.java:438)
     at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:288)
     at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:813)
     at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:367)
     at com.sap.security.core.jmx._gen.IJmxServer$Impl.getCompanyConceptEnabled(IJmxServer.java:1415)
     at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.supplyCompany(JmxModelCompInterface.java:1498)
     at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.supplyCompany(InternalJmxModelCompInterface.java:710)
     at com.sap.security.core.wd.jmxmodel.wdp.IPublicJmxModelCompInterface$ICompanyNode.doSupplyElements(IPublicJmxModelCompInterface.java:4301)
     at com.sap.tc.webdynpro.progmodel.context.DataNode.supplyElements(DataNode.java:110)
     at com.sap.tc.webdynpro.progmodel.context.Node.getElementListAsObject(Node.java:263)
     at com.sap.tc.webdynpro.progmodel.context.MappedNode.createMappedElementList(MappedNode.java:78)
     at com.sap.tc.webdynpro.progmodel.context.MappedNode.supplyElements(MappedNode.java:71)
     at com.sap.tc.webdynpro.progmodel.context.Node.getElementListAsObject(Node.java:263)
     at com.sap.tc.webdynpro.progmodel.context.MappedNode.createMappedElementList(MappedNode.java:78)
     at com.sap.tc.webdynpro.progmodel.context.MappedNode.supplyElements(MappedNode.java:71)
     at com.sap.tc.webdynpro.progmodel.context.Node.getElementListAsObject(Node.java:263)
     at com.sap.tc.webdynpro.progmodel.context.Node.getElements(Node.java:270)

Hi,
Change User Password screen is in fact user self services screen of NW UME and to access it, user must have Manage_My_Password action. Installation and Security Guide ask to assign this action to all roles.

How can i add a new user and change user'password with javamail?

how can i add a new user and change user'password from a mailserver with javamail?
email:[email protected]

Well user creation and updation is a system property..U need to go through that part...as it depends on the system you are hosting pout your application...
if it is linux...u have to use some shell programming\
bye for now let me know if this guides you or if you need some more stuff.
bye

Provisioning of User from OIM 11g to GooggleApps

hi all
I m trying to Provision of user from OIM 11g to google apps with Googgle App 11.1.1.5 (icf) connector.
But while provisioning User I am getting the exception like
javax.xml.parsers.FactoryConfigurationError: WebLogicSAXParser cannot be created.SAX feature 'http://xml.org/sax/features/external-general-entities' not supported.
at weblogic.xml.jaxp.RegistrySAXParser.<init>(RegistrySAXParser.java:73)
at weblogic.xml.jaxp.RegistrySAXParser.<init>(RegistrySAXParser.java:46)
at weblogic.xml.jaxp.RegistrySAXParserFactory.newSAXParser(RegistrySAXParserFactory.java:91)
at com.google.gdata.util.common.xml.parsing.SecureGenericXMLFactory$SecureSAXParserFactory.newSAXParser(SecureGenericXMLFactory.java:147)
at com.google.gdata.util.XmlParser.getSAXParserFactory(XmlParser.java:92)
at com.google.gdata.util.XmlParser.parse(XmlParser.java:679)
at com.google.gdata.util.XmlParser.parse(XmlParser.java:576)
at com.google.gdata.data.BaseEntry.parseAtom(BaseEntry.java:1015)
at com.google.gdata.wireformats.input.AtomDataParser.parse(AtomDataParser.java:59)
at com.google.gdata.wireformats.input.AtomDataParser.parse(AtomDataParser.java:39)
at com.google.gdata.wireformats.input.CharacterParser.parse(CharacterParser.java:100)
at com.google.gdata.wireformats.input.XmlInputParser.parse(XmlInputParser.java:52)
at com.google.gdata.wireformats.input.AtomDualParser.parse(AtomDualParser.java:66)
at com.google.gdata.wireformats.input.AtomDualParser.parse(AtomDualParser.java:34)
at com.google.gdata.client.Service.parseResponseData(Service.java:2165)
at com.google.gdata.client.Service.parseResponseData(Service.java:2098)
at com.google.gdata.client.Service.getEntry(Service.java:1353)
at com.google.gdata.client.GoogleService.getEntry(GoogleService.java:567)
at com.google.gdata.client.Service.getEntry(Service.java:1278)
at com.google.gdata.client.appsforyourdomain.AppsForYourDomainService.getEntry(AppsForYourDomainService.java:118)
at org.identityconnectors.googleapps.GoogleAppsClient.getUserEntry(GoogleAppsClient.java:148)
at org.identityconnectors.googleapps.GoogleAppsClient.testConnection(GoogleAppsClient.java:171)
at org.identityconnectors.googleapps.GoogleAppsConnector.test(GoogleAppsConnector.java:407)
at org.identityconnectors.googleapps.GoogleAppsConnector.checkAlive(GoogleAppsConnector.java:415)
at org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.testObject(ConnectorPoolManager.java:105)
at org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.testObject(ConnectorPoolManager.java:74)
at org.identityconnectors.framework.impl.api.local.ObjectPool.borrowObject(ObjectPool.java:229)
at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:83)
at $Proxy357.schema(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:107)
at $Proxy357.schema(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:107)
at $Proxy357.schema(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:76)
at $Proxy357.schema(Unknown Source)
at org.identityconnectors.framework.impl.api.AbstractConnectorFacade.schema(AbstractConnectorFacade.java:112)
at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.getConnectorSchema(ICProvisioningManager.java:337)
at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.createObject(ICProvisioningManager.java:116)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpGOOGLEAPPSCREATEOBJECT.CREATEOBJECT(adpGOOGLEAPPSCREATEOBJECT.java:109)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpGOOGLEAPPSCREATEOBJECT.implementation(adpGOOGLEAPPSCREATEOBJECT.java:54)
at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2917)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:547)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.ejb.beansimpl.tcProvisioningOperationsBean.retryTasks(tcProvisioningOperationsBean.java:4042)
at Thor.API.Operations.tcProvisioningOperationsIntfEJB.retryTasksx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy359.retryTasksx(Unknown Source)
at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.retryTasksx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy174.retryTasksx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy345.retryTasksx(Unknown Source)
at Thor.API.Operations.tcProvisioningOperationsIntfDelegate.retryTasks(Unknown Source)
at com.thortech.xl.webclient.actions.ResourceProfileProvisioningTasksAction.retryTasks(ResourceProfileProvisioningTasksAction.java:702)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecur)ityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStub
I am not sure why this exception is happening while provisioning the user
I already Uploaded the 4jars recommended by Four jars into the Classpath
any help regarding this issue is highly appreciated

this might help you
Re: OIM and Google Apps
--nayan

How can I o create, modify or delete users using OIM 11g web services?

Hi,
I have a requirement to create, modify or delete users using OIM 11g web services.
The end users will be signing on to the online application, a user interface to request ids online. The user interface is the home grown application to request ids.
I want to integrate this user interface with OIM 11g. I generated the java classes using the out of the box wsdl file as mentioned in the Developer’s Guide for Oracle Identity Manager 11g. But I need to know how to create users using web server client from a given wsdl file? Is there a sample web service client program to create a user in OIM?
If you know of any document which I can follow or if you can give any details I really appreciate.
Thanks and Regards,
Viraf

Hi Chong,
Were you able to figure out the approach? I am facing the same issue like this. I have created a web service where the input values are no. of days to extend user's end date and user's employee ID. Output will be true or false. But I am getting error while searching user in OIM DB. I think my web service is not to query OIM DB
Please let me know if you have worked on this senario.
Thanks,
Kalpana.

Procedure/package to change user password through plsql gateway

I'm not sure is this the right place to ask, but I don't know anywhere better.
I'm using Oracle 817 with the apache that bundled. I use the plsql gateway (mod_plsql). I want to create a page for user to change their password, however, I don't know how to verify the existing password of the user before changing to a new password. Also, how can I change the password, is there a standard procedure to do that?
One more question, when I key in the following:
http://myhost/pls/my_dad/my_schema.my_procedure
the web server return a page with lots of cgi environment (assuming the my_procedure doesn't exist), how can I customise this page?
thx.

To ensure security of the Oracle database system and prevent unauthorized access to the Oracle database, it’s important for Oracle users to not only using strong and long Oracle passwords to avoid brute force or dictionary attacks, but also to change the Oracle user password regularly. Oracle users also have to change the password when the password has or going to expire, if database system administrator implements and enforces strict password control with PASSWORD_LIFE_TIME option for user profiles which limits the number of days the password can be used for authentication to login to the system.
To change the Oracle password, users can use SQL*Plus or Oracle SQL and PL/SQL language interface administration tool such as Toad for Oracle. No matter what SQL apps you use, the commands and SQL query languages used to change the password are similar.
There are two SQL command syntaxes that can be used to change Oracle database user password:
ALTER USER user_name IDENTIFIED BY new_password;or (from Oracle8 and above):
PASSWORD
For above SQL query, if you need to change another user’s password, use the following command:
PASSWORD user_name
For PASSWORD command, after you press Enter, you will be prompted to input the old password and new password interactively. For example:
SQL> password
Changing password for DAVID
Old password:
New password:
Retype new password: Note: You need to have enough privileges to change other Oracle user’s password.
As the variable in italic implied by name, user_name is the user whose password wishes to be changed, and new_password is the new password to assign.
As ALTER USER SQL syntax will send the new password to the Oracle database server unencrypted if use without Advanced Security Option, and thus expose to security risk, Oracle users should always use the PASSWORD command to change the Oracle user password.

Change user password with CUA

When I attempt to change a password on a CUA child, I enter tocde SU01 and enter the account. The I was to reset password via the icon. When I select the change password icon (shift+ F8) and then the popup window appear to prompting you to enter and reenter password.
After I enter new pwd twice the screen stays nothing happen pop screen stay up and no status is reported back on the status bar at the bottom.
If I open up the account and change it via logon data table the change.reset password works fine.
Any ideas?
Mikie B.

There was a similar (unconclusive) discussion recently ( Screen not getting refreshed after reseting password ), for which I found the following thread:
Password generation problem
Maybe that can help.

Can we decrypt the peoplesoft user password using peoplecode?

Can we decrypt the peoplesoft user password using peoplecode?
Thank you,
Bye.

If u r talking about the pwd in the psoprdefn then, the answer is NO...is ur talking about the pwds encrypted by PSCipher Utility then the answer is yes...snippet code below...But this works only for prior to tools version 8.48 since PS had DES encryption alone...
/* Encrypt the password */
Local JavaObject &pscipher = CreateJavaObject("com.peoplesoft.pt.integrationgateway.common.EncryptPassword");
rem &pwd = "XXXX";
&pwd = "<>";
MessageBox(0, "", 0, 0, "Password before encryption " | &pwd);
&encPassword = &pscipher.encryptPassword(&pwd);
&yo = &pscipher.isPasswordEncrypted(&encPassword);
&pscipher = Null;
MessageBox(0, "", 0, 0, "Encrypted Password " | &encPassword | " " | &yo);
Local JavaObject &psCYPHER = CreateJavaObject("psft.pt8.pshttp.PSCipher");
&DecPwd = &psCYPHER.decodePassword(&encPassword);
MessageBox(0, "", 0, 0, "&DecPwd " | &DecPwd);
&psnode = Null;

How to recover the system user password ?

I lost the system user password of my Oracle system. Is there any way I can recover the password ?
Thanks in Advance
Jimson

goto Server Manager (svrmgrl) and connect internal, then type
alter user system identified by some_password;

UCM 11g change user password

Hi,
I am not able to find out how users could change their passwords.
It is about UCM 11g.
Pls if anybody knows to tell me
Thanks in advance

This was actually the first custom component I created for 11g.
You should look into the 'self' features that are available in ldap security options. For example, as it seems that we're talking about the embedded ldap here:
for weblogic embedded server, add to acls.prop:
ou=people,ou=myrealm,dc=ecm_domain|subtree#grant:r,w,o,s#userpassword#this:
This will let people use their current password to bind into ldap and change their own password. they won't be able to change other passwords. This works well and you can put together a template that has the standard change pw format:
current password:
new password:
confirm password:
at least that's what I put together.
-ryan

Sending email to user using the notification template in OIM 11g

Hi all
I have created a Notification Template using web console in OIM 11g.
Iam able to access the contents from notification template in my java code.
But iam not able to find the correct api's to send email to user using the notification template
(like tcEmailNotificationUtil using this class we can connect to email template created in design console and creating IT resourse we can send email to user using the method sendEmail).
Waiting for your help and pointers
Thanks and Regards
Bipin patil

Thanks GP!.
But i have the same doubt here.
"The Notification Event is defined through a XML file that must be loaded into MDS database." - in which path and in what name it should be.
Because under /metadata/iam-features-notification, i couldnt see any event Xml present. I thought atleast we could see the existing OOB notification template's event xml files.
Please let me know if you are aware.
Thanks,
Amudha

Changing user password in Active Directory using the JNDI GSS-API/Kerberos5

Hello,
I am trying to the JNDI GSS-API to change a user password on an Active Directory Server 2003. I have seen a variation of this using SSL on the thread [*http://forums.sun.com/thread.jspa?threadID=592611&start=0&tstart=0*|http://forums.sun.com/thread.jspa?threadID=592611&start=0&tstart=0]
but I can't seem to make this work using the GSS-API. I can successfully create a javax.security.auth.login.LoginContext.LoginContext and then call the login method on it to log in as a user. I then call the javax.security.auth.Subject.doAs() method which calls the run method in a class extending the javax.security.PrivilegedActionClass. But when I actually try to change the password using InitialDirContext.modifyAttributes(), I get the exception:
*javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-03190DC9, problem 5003 (WILL_NOT_PERFORM), data 0*
*If anyone can help me figure out why it doesn't work, that would be great!*
P.S: I know the error seems to suggest that there might be some active directory setting that is preventing this from working, but I've checked all relevant settings on the Windows 2003 server Active Directory that I can think of: In the User properties->Account->Account options, I've made sure the user can change password. Also, in the Group Policy->Computer Configuration->Windows Settings->Security Settings->Account Policies->Password Policy, Maximum password age is zero and so is minimum password age.
Here's my java code:
{code}import javax.naming.*;
import javax.security.auth.*;
import java.security.PrivilegedAction;
import java.io.UnsupportedEncodingException;
public void changeSecret((String uid, String oldPassword, String newPassword)
     throws NamingException, ACException{
try {
     K5CallbackHandler cb = new K5CallbackHandler(uid, oldPassword);
     LoginContext lc = new LoginContext("marker", cb);
     lc.login();
     Subject.doAs(lc.getSubject(), new ChangePasswordAction(rz.getName(), oldPassword, newPassword));
     catch(LoginException e) {
     try {
          lc.logout();
     catch(LoginException e) {
}ChangePasswordAction.java is:import javax.naming.*;
import javax.naming.naming.directory.*;
import java.io.UnsupportedEncodingException;
private class ChangePasswordAction implements PrivilegedAction {
     private String uid;
     private String quotedOldPassword;
     private String quotedNewPassword;
     public ChangePasswordAction(String uid, String oldPassword, String newPassword) {
          this.uid = uid;
          quotedOldPassword = "\"" + oldPassword + "\"";
          quotedNewPassword = "\"" + newPassword + "\"";
     public Object run() {
          Hashtable env = new Hashtable(11);
          env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
          env.put(Context.PROVIDER_URL, "ldap://ad2k3:389");
          env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
          try {
               DirContext ctx = new InitialDirContext(env);
               ModificationItem[] mods = new ModificationItem[2];
               byte[] oldPasswordUnicode = quotedOldPassword.getBytes("UTF-16LE");
               byte[] newPasswordUnicode = quotedNewPassword.getBytes("UTF-16LE");
               mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldPasswordUnicode));
               mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newPasswordUnicode));
               ctx.modifyAttributes(uid, mods);
               ctx.close();
          } catch (NamingException e) {
          } catch (UnsupportedEncodingException e) {
          return null;
}K5CallbackHandler is:import javax.security.auth.callback.*;
final class K5CallbackHandler
implements CallbackHandler {
     private final String name;
     private final char[] passwd;
     public K5CallbackHandler(String nm, String pw) {
          name = nm;
          if(pw == null) {
               passwd = new char[0];
          else {
               passwd = pw.toCharArray();
     public void handle(Callback[] callbacks)
     throws java.io.IOException, UnsupportedCallbackException {
          for(int i = 0; i < callbacks.length; i++) {
               if(callbacks[i] instanceof NameCallback) {
                    NameCallback cb = (NameCallback) callbacks;
                    cb.setName(name);
               else {
                    if(callbacks[i] instanceof PasswordCallback) {
                         PasswordCallback cb = (PasswordCallback) callbacks[i];
                         cb.setPassword(passwd);
                    else {
                         throw new UnsupportedCallbackException(callbacks[i]);
}The relevant entry in the JAAS.conf file that is referred to as "marker" in the LoginContext constructor is:
marker {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE;

This is one of the two Active Directory operations I have never solved using Java/JNDI. (FYI the other one is Cross Domain Move).
My gut feel is that the underlying problem (which happens to be common to both Change Password & X-Domain Move) is that Java/JNDI/GSSAPI does not negotiate a sufficiently strong key length that allows Active Directory to change passwords or perform cross domain moves when using Kerberos & GSSAPI.
Active Directory requires at a minimum, 128 bit key lengths for these security related operations.
In more recent Kerberos suites and Java versions, support for RC4-HMAC & AES has been introduced, so it may be possible that you can negotiate a suitably string key length.
Make sure that your Kerberos configuration is using either RC4-HMAC or AES and that Java is requesting a strong level of protection. (You can do this by adding //Specify the quality of protection
//Eg. auth-conf; confidentiality, auth-int; integrity
//confidentiality is required to set a password
env.put("javax.security.sasl.qop","auth-conf");
//require high strength 128 bit crypto
env.put("javax.security.sasl.strength","high"); in your ChangePasswordAction class.
You may also want to enable sasl logging in your app to see what exactly is going on and you may also want to check on the Java Security forum how to configure/enforce/check both RC4-HMAC or AES is used as the Kerbeos cipher suite and that a string key length is being used.
Good luck.

Changing user password in the external LDAP server from weblogic

Hi !
We have been successful in configuring the ldap security realm from weblogic 7.0.
We have also done the user authentication.
Now we want to allow the user himself to change his password from the application.Can
the user password which is stored in an iplanet directory server be changed from
application?If yes , then is there any extra configuration that needs to be done

I am not sure whether u got an answer for this..
But iplanet provides a web-link for end-users to change their LDAP password...u
can just give this link in ur app ..and iplanet will take care of the rest..
Krish Venkataraman
Bank Of America Corp.
Senior Analyst
"Mitali" <[email protected]> wrote:
>
Hi !
We have been successful in configuring the ldap security realm from weblogic
7.0.
We have also done the user authentication.
Now we want to allow the user himself to change his password from the
application.Can
the user password which is stored in an iplanet directory server be changed
from
application?If yes , then is there any extra configuration that needs
to be done

Steps for re-using the same user id of a deleted user in OIM 11g ?

Hello experts,
By Default, in OIM 11.1.1.5.0 it is not allowing to re-use the same user id of a deleted user.
Consider a user with user id as "ABCD1234". The user is deleted from OIM and it is not getting displayed in the user search. But in DB we could see that user details with "Deleted" status. Say accidently this hard delete has happened .
How do we create that user again with same user id ?
What is recommended for such scenario ?
Thanks,
DK

I suggest disable the unique index instead of dropping it using ALTER INDEX <INDEX_NAME> DISABLE command.
Better way to handle this do below
1. disable index
2. update usr_login for deleted user using sql query eg. xx|usr_login and commit it ( update usr set usr_login='xx'|| usr_login where upper(usr_status)='DELETED')
3. enable your index
4. now login to OIM and easily you can create user with the previous user login
In this case your Index is still enbaled so it won't hamper the performancem, because this index is being used in various places for user search.
NOTE: disable any other constraints if required. But, I don't think so. Just disabling unique index will allow you to update"
--nayan

Delay in the change user password OIM 11g

Similar Messages

Maybe you are looking for