Deleting users using GTC - CSV connector
Hi All,
I am using GTC connector for trusted recon , create and update user functionality are working , but I am not able to delete the user using a GTC .
Any Help would be highly appreciated .
Thanks
Regards
Easwaran
Lets assume we have a HR system and the user has got deleted in the system, the HR system drop a CSV file to a specified location with the details of the user to be deleted from the IDM system . Now the CSV GTC connector would need to read the record and delete the user .
This can be done , I have done this using API calls , but i assume that there would be someway of doing this using the OOB GTC .I think we need to set the correct value for the status field to do this ..
I am not sure what status to set.
Similar Messages
-
How to reconcile deleted users with GTC
Hi all,
I'm wandering wich is the best approach to perform reconciliation of deleted users using GTC connector. (It doesn't concile it by default, does it?).
I don't know if it's a bad idea to mark the deletion in the target table row (setting a value in a column) and revoke the user through an Entity Adapter. Should it be better to develop a custom Scheduled Task for this?
Any tip will be considered!
Thanks in advance,Hi,
Yes I run both Schedule task as "time-programmed" . I usually run creation task first and then it is followed by delete recon task.
I am not fully understanding what do you mean by starting GTC generated task automatically? Please give me more insight before I comment on this.
For delete recon you need to do following
HashMap userValues[];
userValues = null;
userValues=createDeleteHashMap(results);
Set deletedAcc = reconUtil.provideDeletionDetectionData(resourceObject, userValues);
missingUser = reconUtil.getMissingAccounts(resourceObject, deletedAcc);
long reconEvent[] = reconUtil.deleteDetectedAccounts(missingUser);
Here userValues is array of Hashmap which have all the non revoked user.
So your steps should be.
1.Query the table wich store all active users and store them in an array of hashmap
2.Pass it to provideDeletionDetectionData method.
3.pass step 2 result set to getMissingAccounts method.
4.Pass step 3 result set to deleteDetectedAccounts.
Alternatively you do following.If in your query you can find out which user is deleted and if you are oim9.1 then follow these steps.
1.Query the table and get revoked/deleted user and store then in a hashmap.
2.Use createDeleteReconciliationEvent(java.lang.String psObjName, java.util.Map poAttributeList) to create the delete reconciliation event.
First approach is bit risky because if somehow in your table or view all the record are delete or revoked or by any error GTC connector did not find any record then it will revoked all the user from OIM which can lead to disaster as you are doing trusted recon.
Please let me know if you have any more questions.
Regards
Nitesh -
How can I o create, modify or delete users using OIM 11g web services?
Hi,
I have a requirement to create, modify or delete users using OIM 11g web services.
The end users will be signing on to the online application, a user interface to request ids online. The user interface is the home grown application to request ids.
I want to integrate this user interface with OIM 11g. I generated the java classes using the out of the box wsdl file as mentioned in the Developer’s Guide for Oracle Identity Manager 11g. But I need to know how to create users using web server client from a given wsdl file? Is there a sample web service client program to create a user in OIM?
If you know of any document which I can follow or if you can give any details I really appreciate.
Thanks and Regards,
VirafHi Chong,
Were you able to figure out the approach? I am facing the same issue like this. I have created a web service where the input values are no. of days to extend user's end date and user's employee ID. Output will be true or false. But I am getting error while searching user in OIM DB. I think my web service is not to query OIM DB
Please let me know if you have worked on this senario.
Thanks,
Kalpana. -
Creating and deleting users using AM Client SDK
Hi,
I was wondering if anyone could tell me how to create and/or delete users from Access Manager from a standalone application using the AM Client SDK? From what I have read this can be done using the AMStoreConnection class but I can't find any examples on how to use this class to add and delete users. The only examples I have found is how to retrieve data from AM. I need to keep AM and the underlying directory server in sync with another identity datastore so I need to build a process in Java to do this. Any help is appreciated.
Thanks
-JeffLets assume we have a HR system and the user has got deleted in the system, the HR system drop a CSV file to a specified location with the details of the user to be deleted from the IDM system . Now the CSV GTC connector would need to read the record and delete the user .
This can be done , I have done this using API calls , but i assume that there would be someway of doing this using the OOB GTC .I think we need to set the correct value for the status field to do this ..
I am not sure what status to set. -
Steps for re-using the same user id of a deleted user in OIM 11g ?
Hello experts,
By Default, in OIM 11.1.1.5.0 it is not allowing to re-use the same user id of a deleted user.
Consider a user with user id as "ABCD1234". The user is deleted from OIM and it is not getting displayed in the user search. But in DB we could see that user details with "Deleted" status. Say accidently this hard delete has happened .
How do we create that user again with same user id ?
What is recommended for such scenario ?
Thanks,
DKI suggest disable the unique index instead of dropping it using ALTER INDEX <INDEX_NAME> DISABLE command.
Better way to handle this do below
1. disable index
2. update usr_login for deleted user using sql query eg. xx|usr_login and commit it ( update usr set usr_login='xx'|| usr_login where upper(usr_status)='DELETED')
3. enable your index
4. now login to OIM and easily you can create user with the previous user login
In this case your Index is still enbaled so it won't hamper the performancem, because this index is being used in various places for user search.
NOTE: disable any other constraints if required. But, I don't think so. Just disabling unique index will allow you to update"
--nayan -
Reconciliation of User's Manager Field using GTC
Hi,
Could anyone suggest how to manage the reconciliation of Manager field of users using GTC.
As for the first trusted reconciliation of users , the manager value coming from the source would not exist in OIM, so if we map the manager field of source with manager field in OIM, it would fail, as the manager user doesn't yet exist in OIM. How can we implement this.
RegardsHi Rajiv,
Thanks for your response.
We have configured our GTC with the manager attribute mapped as well, in the sense, there are race conditions, manager user might not exist while OIM is reconciling and trying to create a user.
So, the recon event comes as Data Validation Failed. But eventually the users will be created and this Retry Failed Recon Events ST, which is OOTB will slowly resolve all the users as and when the users are created in OIM.
What happening is :- when i am running this Retry Failed Recon Events ST (as there are lots of failed recon events), OIM is crashing after every half n hour.
What i could see in logs is below:- Is this somehow related to CPU usage and Memory???
at oracle.iam.reconciliation.scheduledtasks.ReconRetrySchedulerTask.process(ReconRetrySchedulerTask.java:43)
at oracle.iam.reconciliation.scheduledtasks.ReconRetrySchedulerTask.process(ReconRetrySchedulerTask.java:43)
at oracle.iam.reconciliation.scheduledtasks.ReconRetrySchedulerTask.process(ReconRetrySchedulerTask.java:43)
>
/u01/oracle/admin/OIMDomain/mserver/OIMDomain/bin/startWebLogic.sh: line 180: 19488 Segmentation fault (core dumped) ${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} -Dweblogic.Name=${SERVER_NAME} -Djava.se
curity.policy=${WL_HOME}/server/lib/weblogic.policy ${JAVA_OPTIONS} ${PROXY_SETTINGS} ${SERVER_CLASS}
<FINEST> <NodeManager> <Waiting for the process to die: 19417>
<INFO> <NodeManager> <Server failed so attempting to restart (restart count = 1)>
<INFO> <NodeManager> <Starting WebLogic server with command line: /u01/oracle/admin/OIMDomain/mserver/OIMDomain/bin/startWebLogic.sh >
<FINEST> <NodeManager> <Environment: TERM=xterm>
<FINEST> <NodeManager> <Environment: JAVA_HOME=/u01/oracle/product/fmw/11.1.2/jdk1.6.0_30>
Any Suggestions???
Thanks -
Deleted users are not really "deleted" !
Hello all !
I'm writing an java application to create/read/update/delete users using the GRAPH API. All is going well except one particular use case : If I delete a user, and then later try to create again the same user, I get the following error : "A conflicting
object with one or more of the specified property values is present in the directory"
The detailled use case for one user is :
- Create user with (userPrincipalName, displayName, accountEnabled, mailNickname, password, forceChangePasswordNextLogin properties) : OK
- Query this user to read his properties: OK
- Delete this user : OK
- Query this user to read his properties : the user does not exist : OK
- Create the user with same properties than first step : Not OK ("A conflicting object with one or more of the specified property values is present in the directory")
It should be noted that this error is returned more and more as I repeat these steps.
What is the problem and what can I do ?
Thanks in advance.I am able to successfully add and remove the same user using the Azure Portal and via code.
Are you sure the user is actually being deleted?
Have you verified if you are able to see the deleted user in the Azure Portal after you delete it?
I used the code within the Graph API Console Application ( AzureADSamples/ConsoleApp-GraphAPI-DotNet
- https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet- "create a new user" region and "Delete User" region). I was able to create the same user and
delete the user multiple times without any errors.
Here is another thing you could verify. Is you application a member of the "User Account Administrator" role? You can utilize the MSOL cmdlets ( Manage Azure AD using Windows PowerShell -https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx )
to add your application to this role (add-msolrolemember -RoleName "User Account Administrator" -RoleMemberType ServicePrincipal -Rolememberobjectid <object GUID for application> )
If your application is under the correct "User Account Administrator" role, it should not have any problems doing this task. I would verify.
If you are still having a problem. You might need to open a support case via the Azure Portal. I hope this resolves your issue.
~ Michael -
PowerShell Active Directory: Get last logon date of a deleted user
So, my first post in this noble community. I've been lurking here and I've been getting some good information. Hopefully, you guys can help me in this concern which may be simple to some but I couldn't seem to get around it.
Is it possible to get the last logon date of a DELETED user in Active Directory?
I can get the available properties of deleted users using the following:
Get-ADObject -Filter {samaccountname -eq <account_name> -and ObjectClass -eq "user"} -IncludeDeletedObjects -Properties *
But the last logon date is not one of the properties available from Get-ADObject. Get-ADUser has the last logon property, but it does not have data on deleted users. Is there anyway this can be achieved? Perhaps convert an ADObject to an ADUser?
Any information would be much appreciated. Thank you.Thanks everyone for your response. It looks like jrv is leading me to the right path, but I'm still having issues. I'm trying to get the lastlogon time by querying all the DCs in our domain, but every query returns a null lastlogon time for all the deleted
users I tried:
$DomainControllers = ((Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ }).Name
foreach ($DC in $DomainControllers)
$dn=(Get-ADObject -Filter {samaccountname -eq <user_account>} -includedeletedobjects -server $DC).DistinguishedName
$user=[adsi]"LDAP://$dn"
$user.LastLogon
It always returns null. Morever, simply executing [adsi]"LDAP://$dn" from each DC gives the following error:
format-default : The following exception occurred while retrieving member
"distinguishedName": "There is no such object on the server.
+ CategoryInfo : NotSpecified: (:) [format-default], ExtendedType
SystemException
+ FullyQualifiedErrorId : CatchFromBaseGetMember,Microsoft.PowerShell.Comm
ands.FormatDefaultCommand
It's a bit surprising to me though, since $user=[adsi]"LDAP://$dn" does return a value for $user (instead of null whenever an error is encountered) of type System.DirectoryServices.DirectoryEntry but it has no members.
Anyone know what I'm missing? -
Hi,
I could get past histroy of deleted user using SUIM using user SAP_ID.
But I need FULL Name ( First, Middle and Last ) of the user id I am looking for.
Is there anyway to the full name as it was in User master record after deletion?
Thanks,
SamHi Sam,
Try this thing out. Recreate the user id in SU01. You will get the message that Address Data for the user id already exisits. Do you want to continue. Go for this option and user id address data will be automatically filled. Here you can find his full name.
Please award points for useful answers.
Regards.
Ruchit. -
Hello.
Hi,
I like to delete users using cli commands. My firmware is 1.4.0.88.
My thinking was something like: <username admin delete> should work but doesnt. What am I doing wrong?
-fuzHi Fuz,
Try "no" form of this such as "no username fuz" and enjoy CLI :-)
http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/CLI_300.pdf
Aleksandra -
Problem with using GTC connector
Hi All,
we are using data base table connector for the trusted recon from oracle database to oim. I have an entity adapter which i attached to the pre-insert updates the Organization depends on the attribute. This is working fine when i do the first time recon , the organization is updating properly. But if i updates any field in the database and reconcile, the Organization is updating as Xellerate Users.The old value is wiped out.
How can i solve this problem.
Is this solved by using attaching the adapter to the post-update also.
Thanks,
KKAre you using GTC connector for this ?
I think you connector is brining Organization as Xellerate Users but at pre insert you are updating it with your org name.
But on updating you haven't put your entity adapter i.e. on Pre Update that's why it is updating org as Xellerate Users. Put your adapter on pre update too. -
OIM11gR2 - iPlanet Connector - iPlanet Trusted Delete User Recon Task
Hello All,
What is the standard OOTB action performed on OIM User when I run the iPlanet Trusted Delete User Recon Task?
I couldn't tell from the connector documentation below:
http://docs.oracle.com/cd/E11223_01/doc.904/e10446/using.htm#BABIJCFF
Does it disable the OIM user?
Does it delete the OIM user? (soft delete? hard delete?)
I'm interested in soft delete.
Thanks
AdrApologies, My previous post was intended for end date reaching.
It just deletes the user from OIM. It does not care about end date or disable schedule jobs.
However, the user status will be set as "deleted".
http://docs.oracle.com/cd/E11223_01/doc.910/e11197/using_conn.htm#CACGJGGA
P.S I gave this document for AD (However, it applies to any connector document as it is basic definition of trusted source).
The basic behaviour and definition of trusted reconciliation is to delete the user identity in OIM if itis deleted in the source system.
Cheers,
Tejo. -
Delete oimGroup membership of the oim user using Script (oim 9.1).
Hi All,
I want to remove oim users' particular oim group membership, Is there any problem, if I use the following script to delete user group information from USg table?
delete from usg where usr_key in (select usr_key from usr where usr_login in ('xxx','yyy')) and ugp_key=31
Note: In our case, No policies,membershiprules are assigned to this oim group (we defined gruops only) and env is oim 9.1.
Can any one confirm this. Or if there is nay problem, please let us know.
Thanks.
Edited by: user13285646 on Jul 28, 2011 11:01 PMThanks Rajiv.
-
Importing new users with plain text password using a csv file does not work
Hello everyone,
I am using csvde -i -f filename to import a number of users and their plain text passwords but it seems
that the "Password" parameter in my csv file is not recognized.
PS D:\csvfiles> csvde -i -f .\testimport.csv
Connecting to "(null)"
Logging in as current user using SSPI
Importing directory from file ".\testimport.csv"
Loading entries.
Add error on line 2: No Such Attribute
The server side error is "The parameter is incorrect."
0 entries modified successfully.
An error has occurred in the program
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.
I'm probably doing something wrong but I can not see it. If you know what that is please let me know.
Many thanksI suggested LDIFDE.exe or you can use the following PowerShell script to import your CSV file, if you have the Active Directory PowerShell Module installed:
http://gallery.technet.microsoft.com/scriptcenter/ed20b349-9758-4c70-adc0-19c5acfcae45
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog -
Deleting portal users using APIs
Hi
We are deleting users from portal through a java class using
JBDC( using prepareCall and executeUpdate) . We can successfully
delete the user from the login server using the procedure
PORTAL30_SSO.WWSSO_API_USER_ADMIN.DELETE_USER(). However, when
we try to delete the user from portal30 using
PORTAL30.WWSEC_API.DELETE_PORTAL_USER()
we get the following errors
ERROR at line 1:
ORA-01086: savepoint 'DELETEUSER_SAVEPOINT' never established
ORA-06512: at "PORTAL30.WWSEC_API", line 1471
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "PORTAL30.WWCTX_SSO", line 849
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "PORTAL30.WWCTX_SSO", line 669
ORA-06502: PL/SQL: numeric or value error
ORA-06512: at line 1
We can run the delete_portal_user procedure successfully as
portal30(the owner of the portal30 schema). But when we try to
delete a user as another dba user, we get the error shown above.
This user has full sysdba priveleges on the portal30 schema. The
workaround is to create another database connection in the Java
class for the portal30 user. However they prefer to run it
as the dba who have created the user but not as portal30.
I checked in the JPDK documentation but there is no API to delete
users.
Any help is greatly appreciated.
Many Thanks
RajaI get the same thing would any answer this question please ?
Maybe you are looking for
-
How to Reactivate Java in Safari 5.1.7
I invoke the Java applet within Safari daily. This made no apparent difference as the Inactive Plugin alert shows. Clicking on it does a non-productive search for software updates. I downloaded the latest Apple update for Java, downloaded a new cop
-
USB devices disappear after using Apple TV
When I Option-Click on the Sound icon in my menubar, all of the USB microphone/headset devices show up. It's how I switch from headset to headset. However, if I use my Mac to play itunes through my Apple TV, all of those USB devices disappear from th
-
Alt attribute on background image in an include
I have background images defined in a stylesheet being called by an SSI. Research seems to say I cannot. Client wants it. Is my only option overlib? Jo
-
Hi All, Merry Christmas I'm new to java and would really appreciate your help and advices I'm an IT student in the Arab Open Univ. with a very limited knowledge about Java My final project is a simple call cost callculator. I'm seeking your advice on
-
Mac Pro with X1900XT and video corruption
Hi gentle people My Mac Pro arrived a few days ago. It's a CTO with a X1900XT and Aperture and some other options (wireless, RAM, HDD). I'm really excited about the package and the out-of-the-box experience but yesterday I noticed video corruption in