Enabling Logs for tracking User Creation in OIM

Similar Messages

• Enabling logging for ACF2 OIM 11g

  Hi Experts,
  I want to enable logging for ACF2 connector, I want to implement the logging in OJDL as per provided by 11g.
  But in deployment guide for ACF2 i see under section of enabling logging has:
  log4j.logger.COM.IDENTITYFORGE.ORACLE.INTEGRATION.IDFACF2USEROPERATIONS=INFO
  The connector is the latest one 9.0.4.18 version.
  seems they have still leveraged Log4j.. Does is work in OIM 11g, is there a way to implement OJDL. Please help!!

  Normally we configure OJDL it will be fine for OIM
  http://idmoim.blogspot.in/2011/07/enabling-logging-in-oim-11g.html
  what you are pointing is about Ldap Gateway. and ldap gateway still having log4j. go through the connector doc you will get all the required steps
  yes for capturing ldap gateway operations log you have to enable log4j.it is fine with 11g as well
  below from connector doc:(2.9 Installing and Configuring the LDAP Gateway)
  7. To enable logging for the LDAP Gateway:
  a. Copy the log4j JAR file from the application server directory in which it is
  placed to the LDAP_INSTALL_DIR/lib directory.
  b. Extract the log4j.properties file from the
  LDAP_INSTALL_DIR/dist/idfserver.jar file.
  c. Enter a log level as the value of the log4j.rootLogger variable. For example:
  log4j.rootLogger=ERROR, A1
  d. Save and close the file.
  When you use the connector, the following log files are generated in the
  LDAP_INSTALL_DIR/logs directory:
  ■ idfserver.log.0: This is the main log file.
  ■ acf2-agent-recon.log: This is the real-time, incremental reconciliation log file
  that stores Oracle Identity Manager reconciliation messages.

• Enable logging for SSH

  Hi
  I am trying to enable logging for SSH. Using sun 5.9. The SSH was preinstalled.
  The logging should be able to track who logs in, time and ip address. Is it possible to also track what each user has done?
  Any help would be appreciated.
  Thanks
  Darren

  No, auth.debug would not help.
  As far as I know, theres no facility in ssh to track what happens in an ssh session.
  Just the logins.
  I theory you can change the users shell into something logs the session.
  Possibly something scripted with the "script" command.
  But it would be non trivial.

• Enabling calendaring for a user or group not working

  Am having an issue getting ical server/sharing and webcalandars working. Think it is all related.
  First a description of my server environs. One xserve acting as OD master, fileserver, vpn, DNS and DHCP server as well. Second xserve acting as DNS, mail, web and ical server. Second server is OD replica.
  DNS is working. All OD functions including kerberos are working. Mail and webmail are working as well.
  The hostname in iCal Server Admin settings is the FQDN of my second xserve. icalxserve.domain.com. I can start iCal. Then I get this error in the logs:
  twistedcaldav.directory.appleopendirectory.OpenDirectoryInitError: Open Directory has no /Computers records with a virtual hostname: icalxserve.domain.com
  Remember this server is a OD replica. It is listed in the Computers pane under Workgroup Manager and its name is server.domain.com$. All the computers have $ at the end so I assume this is normal. All services are set for access from all users in Server Admin -> server -> Access. In Server Admin Web -> Sites -> (default site highlighted) Web Services webmail, wiki and blog and web calendaring are all checked as well. I have also tried to enable wiki and blog and web calendar for groups in Workgroup Manager. The only choices in the pop up are none and wiki host for domain.com. Strange.
  I cannot enable calendaring for any user. I check the Enable calendaring box under Advanced in the Accounts pane in Workgroup Manager and no server is listed in the pop up menu. It only reads No calendar host selected without any other choices. It should show me icalxserve.domain.com.
  When I goto http://icalxserve.domain.com site I get the default homepage and webmail works. If I click on the Groups button I see the 2 groups I have enabled services for. But when I click on the groupname I get the following error page:
  Not Found
  404: No group with that name (thomas) hosted on this server
  Not sure what to do next. OD doesn't seem to be working like I would expect. Any advice would be greatly appreciated.
  Thanks in advance.
  Please note I am posting this late on Sunday night and have jury duty tomorrow. I will obviously try to check back as soon as I can but maybe not until Monday night. Thanks again.

  Hi
  +"I don't see this option. Am I doing doing something wrong?"+
  Your Rider seems to indicate 10.6? If you're not seeing this option in WorkGroup Manager I'm guessing you're using 10.6 Server? In which case you've posted in the wrong forum with a question that's not applicable anymore. Apple removed those options in 10.6. Another possibility is you're trying to manage a 10.5 Server using 10.6 Server Admin Tools and it's giving unpredictable results? The Server Administration Applications cab behave oddly if you're trying use a newer version on an older server. You should use the version of the Tools that came with the Server.
  The 10.6 iCal Server Admin Manual is here:
  http://manuals.info.apple.com/enUS/iCalServerv10.6.pdf
  Tony

• Can't enable calendaring for some users in WGM

  10.5.6 server
  OD set up and working fine
  I'm trying to get going with iCal server for the first time
  The 3 accounts that I initially enabled for calendaring seem to work fine, but now I can't add any more. If I enable calendaring for a user in WGM and save the record, if I go to another record and then back to the one I changed, I see that calendaring is disabled for that user.
  It continues to work for the initial 3 users.
  iCal server error log did have some messages about "Record disabled due to conflict: <OpenDirectoryRecord..........."
  I read on another post that this indicates a problem with duplicate UIDs/GIDs
  I found one each UID ad GID that were both duplicated in local and LDAP records, so I changed those in WGM. On top of that I found that groups "Open Director Users" and "Open Directory Administrators" had the same GIDs in both local and LDAP domains, but guessed that I had better leave these alone. There are no other duplicate UIDs or GIDs.
  Stop and start iCal server.
  Problem remains.
  Any ideas please?
  Many thanks......

  Dear All,
  I have the same problem, i can't active the 'web calendaring' for groups and for users, the checkbox 'enable calendaring' don't stay checked if i close and open the workgroup manager...
  Someone has a solution?

• Enable save for all users in rich client document defaultly for all users

  Hi,
  Is there a option to enable save for all users in a rich client document defaultly for all users across the company. As the users who are creating reports are forgetting to check the box before sending the rich client document to others. Kindly let me know if you have any suggestions on this.
  Thanks,
  Karthik

  I'd suggest that is is where your BO folder structure comes in. You can export from Rich Client to any folder that you have permissions to access - some sort of collaboration folder system would potentially be better and more secure than sending unsecured reports via email. If your IT security team found out that you were removing document security, I doubt they'd be impressed!
  You can't do the default save for all users, simple as that (it's bad practice anyway, which is probably why you can't). While it's not the answer that you want to hear, it is the correct one.

• ASA enable authentication for AD user by ACS TACACS fails

  In order to authorize command on ASA8.x for different users, I have to put 'aaa authentication enable console TACACS' into ASA configuration, and in ACS - user setup - TACACS+ enable password - Use separate password, I set an enable password.
  It works fine for ACS local users, they are able to get into priv EXEC mode by entering 'enable' command and use my pre-set password, however, the password doesn't work for AD user.
  So, how to setup enable authorization for AD user?
  Or is there a way to drop a user directly into level 15 on ASA just like it on router?
  below is the debug info.(I'm sure the password is the one I set in ACS)
  LABASA1(config)# AAA API: In aaa_open
  AAA session opened: handle = 884
  AAA API: In aaa_process_async
  aaa_process_async: sending AAA_MSG_PROCESS
  AAA task: aaa_process_msg(d45bd5c8) received message type 0
  AAA FSM: In AAA_StartAAATransaction
  AAA FSM: In AAA_InitTransaction
  Initiating authentication to primary server (Svr Grp: TACACS)
  AAA FSM: In AAA_BindServer
  AAA_BindServer: Using server: 192.168.1.221
  AAA FSM: In AAA_SendMsg
  User: fostco\user1
  Resp:
  callback_aaa_task: status = -1, msg =
  AAA FSM: In aaa_backend_callback
  aaa_backend_callback: Handle = 884, pAcb = d5b193e0
  aaa_backend_callback: Error:
  Incorrect password.
  AAA task: aaa_process_msg(d45bd5c8) received message type 1
  AAA FSM: In AAA_ProcSvrResp
  Back End response:
  Authentication Status: -1 (REJECT)
  AAA FSM: In AAA_NextFunction
  AAA_NextFunction: i_fsm_state = IFSM_PRIM_AUTHENTICATE, auth_status = REJECT
  AAA_NextFunction: authen svr = TACACS, author svr = <none>, user pol = , tunn pol =
  AAA_NextFunction: New i_fsm_state = IFSM_DONE,
  AAA FSM: In AAA_ProcessFinal
  AAA FSM: In AAA_Callback
  user attributes:
  None
  user policy attributes:
  None
  tunnel policy attributes:
  None
  Auth Status = REJECT
  aaai_internal_cb: handle is 884, pAcb is d5b193e0, pAcb->tq.tqh_first is d441d1d8
  AAA API: In aaa_close
  AAA task: aaa_process_msg(d45bd5c8) received message type 3
  In aaai_close_session (884)

  I have run into a similar situation. I just want to authenticate via TACACS to enable mode in an ssh session. After using the "aaa authentication enable console TACACS LOCAL" command on the ASA, the ACS server rejects the password.
  I have tried everything I can think of on the ACS as far as "TACACS+ enable password" using both a windows database or a separate password, and PIX/ASA command sets. I cannot go into enable mode unless I set the ASA to LOCAL authentication, which just uses the globally defined enable password.

• Enable Logging for JSF?

  Some of my JSF actions are not working correctly, and I'd like to enable logging for the faces framework, to be able to see which actions are being called, etc. Is there some way to get faces to write out to a containe rlog file, or even the console? (I'm using Log4J, and the faces JARs are in my WEB-INF/lib directory, if that helps).
  thanks,

  Faces uses the standard java logging facility. You need to configure logging.properties which is in lib directory for the jvm.

• Unable to enable logging for AD connector

  I cant enable log for my AD connector because when i set environment variable
  WLS_REDIRECT_LOG = F:\MyMachine\middleware\user_projects\domains\base_domain1\servers\oim_server1\logs\oim_server1-diagnostic-1.log
  and restart server its starts logging everything in the oim_server1-diagnostic-1.log... even it ask the username and password in this log file....
  Any Solution will be appreciated

  The configuration file for OJDL is logging.xml, which is located at the following path:
  DOMAIN_HOME/config/fmwconfig/servers/OIM_SERVER/logging.xml
  Here, DOMAIN_HOME and OIM_SERVER are the domain name and server name
  specified during the installation of Oracle Identity Manager.
  e.g. /home/ofmuser/fusion/Middleware/user_projects/domains/oimdomain/config/fmwconfig/servers/oim_server1
  <?xml version="1.0" encoding="UTF-8"?>
  <logging_configuration>
  <log_handlers>
  <log_handler name='adcs-handler' level='[LOG_LEVEL]' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
  <property name='logreader:' value='off'/>
  <property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/LOGFILE_NAME.log'/>
  <property name='format' value='ODL-Text'/>
  <property name='useThreadName' value='true'/>
  <property name='locale' value='en'/>
  <property name='maxFileSize' value='5242880'/>
  <property name='maxLogSize' value='52428800'/>
  <property name='encoding' value='UTF-8'/>
  </log_handler>
  <logger name="OIMCP.ADCS" level="TRACE:32" useParentHandlers="false">
  <handler name="adcs-handler"/>
  <handler name="console-handler"/>
  </logger>
  replace LOG_LEVEL as TRACE:32
  replace LOGFILE_NAME with proper name
  first part put in log_handler
  and the second part put into logger section
  regards,
  nayan
  Edited by: Nishith Nayan on Jan 17, 2012 11:00 PM

• OCS 2007 Enabling Federation for all users globally

  I've set up federation in OCS 2007 and it's working. The problem now is I need to make enable it en mass for my users.
  I've searched all properties and can't find where I enable it for all users. The setting I'm looking for is equivalent to going in the users properties > Other Settings [configure] > and checking Enable Federation and Enable Remote access.
  I'd hate to go through 300+ users to check this. Does anyone know where I can set this globally?
  Thanks.

  What are the odds of that...answered my own question.
  I right clicked the users folder > configure users and it walked me through checking those options.
  Hope it saves someone some time :)

• How to enable logging for the Web Proxy

  Hi,
  Does anyone know how to enable logging for the Web Proxy feature under "Web" in Server Admin?

  Aren't the web proxy hits logged in the standard apache logs? /var/log/httpd/access_log

• EAS LOGS for indidual Users

  Hello Team
  is there any way to pull out the EAS logs for individual user from the IIS directory, instead of searching the user in each log files?
  Am using exchange 2007 and i would like to review the EAS connectivity for one particular user who is having the problem in viewing his inbox in mobile.so that i would like to look the LOGS for any errors for the particular users 

  You could import the file into Excel and sort through them.  Or maybe the log parser tool might be helpful.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Tracking user operations in OIM

  Hi all
  Is there any way to know the user operations in OIM.
  For example, if an OIM user other than XELSYSDAM performs an operation in OIM like crerating a user /group.
  Now as the system administrator i wanted to know which user created which user/group.
  I hope this can be acheived by quering the database.However i wanted to know is there any other way through the OIM Admin or Design console.
  Thank you

  Steps to Enable Logs
  1. Navigate to c:/Oracle/Xellerate/config , open log.txt file
  2. Uncomment categories below <File Appender> to edit Location or pattern
  3. Uncomment categories below <Xellerate> according to ur requirement.
  The job is pretty simple!!!
  Cheers!!
  Newbie

• GRC 10: Initial password for multiple users creation in a ARQ request???

  Hi All,
  I was trying to create a request in ARQ for multiple users. I noticed that, I could add all the necessary required information for multiple users using the template. I added the roles as well. However, I could not set the initial password for multiple users as the tab "User System Details" (where the initial password is provided for a single user) is disabled!!!
  The users were successfully created in the R/3 system. However, due to non-availability of initial password, these users could not log into the R/3 system.
  May I know how to set the initial password for multiple users?
  Regards,
  faisal

  Vit,
  I was trying to test this multiple user creation scenario. But I am surprise to get a template where in I have only below mentioned fields:
  1. User Name
  2. User Id
  3. Email
  I filled these details and uploaded. Then filled the "User Access" details. While submitting the request, I got the error:
  "Last name is not mentioned for user id XXX"
  But there is not such column in provided template by GRC!
  I added 2 columns: First Name and Last Name and saved it and uploaded again. These details are not picked up!
  Following are the only columns shown:
  1. User Name
  2. User Id
  3. Email
  4. Manager
  Out of above, only "Manager" field is editable and others are disabled.
  Last time I remember, I has got complete template with all the columns. Unfortunately, I have deleted it and not available with me now.
  Any idea you have why am I getting such incomplete template?
  Regards,
  faisal

• How to enable logging for mail.app in Mountain Lion

  I am at my wits end trying to figure this out....
  Does anyone have a clue how to enable the logging for mail.app under Mountain Lion?
  In the past, you could open up Console and click on Console.log and see the logging of mail. Under mountain Lion, there is no more console.log. I cannot figure out how to enable it.
  I have tried to run the AppleScript of "Turn On Logging" but the script errors out under Mountain Lion.
  Does anyone know how to do this or a better way, maybe a tool or something that can help you troubleshoot mail.app issues?
  Thanks in advanced

  Hello,
  I have a similar problem. The script "Turn on Logging.scpt" runs without error, but I do not see any socket logging. I only get two messages, which I also get when I start mail without the script by just clicking the mail.app icon in the dock. The Messages are:
  1/10/13 3:43:32.618 PM Mail[11276]: Using V2 Layout
  1/10/13 3:43:36.388 PM Mail[11276]: *** -[IADomainCache init]: IA domains cache is out of date.
  Any help would be appreciated