Group Membership Error
Hello,
I'm trying to implement an AWS against an Oracle database and consistently receive the following error message:
11/18/04 15:46:00- Authentication source sync agent failed to synchronize users to group '27'*** COM exception was: (0x80044fa4) [SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> com.plumtree.openfoundation.util.XPIllegalArgumentException: second argument is null']
I've included my source for the GetChildUsers (C#) method below:
publicPlumtree.Remote.Auth.ChildUserList GetChildUsers()
System.Data.OleDb.OleDbConnection oraAuthSource;
System.Data.OleDb.OleDbDataAdapter daGroupMembers;
oraAuthSource = newSystem.Data.OleDb.OleDbConnection("Provider=MSDAORA;Data Source=ebzd.world;User ID=dummy;Password=dummy");
String grpMemberQuery = "select u.USER_ID, u.USER_EMAIL_ADDR, u.DN_TXT from ROSTER_USER u, USER_GROUP_MEMBER gm where u.USER_ID = gm.USER_ID and u.USER_ID < 75 and gm.USER_GRP_ID = " + groupID;
daGroupMembers = newSystem.Data.OleDb.OleDbDataAdapter(grpMemberQuery,oraAuthSource);
System.Data.DataTable dtGroupMembers = newSystem.Data.DataTable();
daGroupMembers.Fill(dtGroupMembers);
ChildUser[] cuaReturnList = newPlumtree.Remote.Auth.ChildUser[dtGroupMembers.Rows.Count];
try
intgrpCount = 0;
foreach(DataRow drCurrent indtGroupMembers.Rows)
String userName = drCurrent["u.USER_EMAIL_ADDR"].ToString();
String userID = drCurrent["u.USER_ID"].ToString();
String dnText = drCurrent["u.DN_TXT"].ToString();
cuaReturnList[grpCount] = newChildUser(userName,userID,dnText);
grpCount++;
catch(Exception e)
thrownewException("There was an error retrieving the child users for Group ID: " + groupID + ". " + e.Message);
returnnewChildUserList(cuaReturnList);
The GetUsers and GetGroups work just fine. Thanks for any help in getting me through this.
Regards,
George
This error is familiar__I ran into it when I used the wrong stacks. Make sure your AWS web service is using the right SOAP Encoding Style. Document Literal for .NET and not RPC Encoded:
Similar Messages
-
Problem in AD Group membership Insert Error "Response: CURRENT_ATTRIBUTES"
Hi all,
I am using Oracle Identity and Access Management 11g (11.1.1.5.0) with Weblogic 10.3.5 and apply patch -11.1.1.5.4. I have install AD Connector (activedirectory-11.1.1.5.0) and recon Group, OU and Users as a target source Successfully. When I tried to provision user in AD user is provisioned successfully but got following error message in Group membership Insert.
Task Name - Group membership Insert
Resource Name: AD User
Description:
User: Test User 10 [?TESTUSER10?]
Status: Rejected
Response: CURRENT_ATTRIBUTES
Response Description: Unknown response received
Notes:
Assigned to User : System Administrator[?XELSYSADM?]
Error Details
Setting task status... "CURRENT_ATTRIBUTES" does not correspond to a known Response Code. Using "UNKNOWN".
Schedule Detail
Projected Start: November 7, 2012 6:14:47 PM Projected End: November 7, 2012 6:14:47 PM
Actual Start: November 7, 2012 6:14:47 PM Actual End: November 7, 2012 6:14:48 PM
Last Update: November 7, 2012 6:14:48 PM
Back to Resource Provisioning Details
OIM LOG
Running UPDATECHILDTABLEVALUES
Target Class = oracle.iam.connectors.icfcommon.prov.ICProvisioningManager
<ObjectClassInfos>
<ObjectClassInfo type='Group' container='false' embedded='false'>
</optionsByOperation>
</Schema>
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCUPDATECHILDTABLEVALUES.UPDATECHILDTABLEVALUES(adpADIDCUPDATECHILDTABLEVALUES.java:111)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCUPDATECHILDTABLEVALUES.implementation(adpADIDCUPDATECHILDTABLEVALUES.java:56)
at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2917)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:547)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.ejb.beansimpl.tcProvisioningOperationsBean.retryTasks(tcProvisioningOperationsBean.java:4042)
at Thor.API.Operations.tcProvisioningOperationsIntfEJB.retryTasksx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy348.retryTasksx(Unknown Source)
at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.retryTasksx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy172.retryTasksx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy347.retryTasksx(Unknown Source)
at Thor.API.Operations.tcProvisioningOperationsIntfDelegate.retryTasks(Unknown Source)
at com.thortech.xl.webclient.actions.ResourceProfileProvisioningTasksAction.retryTasks(ResourceProfileProvisioningTasksAction.java:702)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: java.lang.NoSuchFieldError: CURRENT_ATTRIBUTES
at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.getCurrentAttributes(ICProvisioningManager.java:408)
at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.updateChildTableValues(ICProvisioningManager.java:485)
... 104 more
com.thortech.xl.dataobj.util.tcAdapterTaskException: CURRENT_ATTRIBUTES
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCUPDATECHILDTABLEVALUES.UPDATECHILDTABLEVALUES(adpADIDCUPDATECHILDTABLEVALUES.java:117)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCUPDATECHILDTABLEVALUES.implementation(adpADIDCUPDATECHILDTABLEVALUES.java:56)
at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2917)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:547)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.ejb.beansimpl.tcProvisioningOperationsBean.retryTasks(tcProvisioningOperationsBean.java:4042)
at Thor.API.Operations.tcProvisioningOperationsIntfEJB.retryTasksx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy348.retryTasksx(Unknown Source)
at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.retryTasksx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy172.retryTasksx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy347.retryTasksx(Unknown Source)
at Thor.API.Operations.tcProvisioningOperationsIntfDelegate.retryTasks(Unknown Source)
at com.thortech.xl.webclient.actions.ResourceProfileProvisioningTasksAction.retryTasks(ResourceProfileProvisioningTasksAction.java:702)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)Hello
1. Download the latest version of Connector Server.
2. Stop OIM
3. Take from Connector Server Distr:
connector-framework.jar
connector-framework-internal.jar
to
$XEL_HOME\apps\oim.ear\APP-INF\lib
$XEL_HOME\ext\internal
4. Delete temporary cached libs from:
$DOMAIN_HOME\servers\$WEBLOGIC_NAME\tmp\_WL_user\oim_11.1.2.0.0\*
5. Start OIM-server
Записки на полях внедрения: java.lang.NoSuchFieldError: CURRENT_ATTRIBUTES -
Error when splitting Group membership
Hi all,
We are implementing SAP CRM 7.0 EHP3.
I'm having issues with the Split functionality in CRM. I have configured the Loyalty program, memberships, members and cards. The membership type that we use is "GROUP" membership which means one membership for multiple members.
I have a membership with 3 assigned members and when I try to split one of the members, I'm getting an error. After doing some debugging, it looks like the program is looking for "Related memberships" which to me is wrong. This is for "Shared" memberships. I wonder if there is Note or something that we need to apply.
Can anyone help me and let me know if we are doing something wrong?
Regards
JacquesHi Jacques,
I have created the split membership successfully as per the split ratio.
I have followed below steps:
1) Identify a Standard membership with Single member assigned (for ex: membership Id -4)
with Point balance as - 450 points
2) Assign another member to membership ID - 4 and click on save
3) So standard membership turns to Group membership
4) Now Click on Split membership, on the new screen choose newly added member in the drop down.
5) Choose Split ratio for example 60/40
6) Click on split membership, now system will create a new membership( Standard membership)
This will show point balance as 180 points
I hope this helps.
Regards
Pramod -
Weblogic 10.3.0 - Security Violation when Group Membership Lookup enabled
Dear Admins,
We're running a Weblogic 10.3.0 cluster with our own software deployed.
We're using SQL authentication (JDBC to Oracle DB) to authenticate users.
Recently we've been tuning our WL cluster to improve performance, and have enabled Group Membership Lookup Hierarchy Caching.
Sometimes users log into our application and get inssuficient rights (or some other error). This appears to happen at random. Most of the times they can log in without problems.
We determined it's not something to do with the cluster, although it can happen on one node and the other node will work as normal.
In the Managed server we see this error (with test user):
Managed7Server.out00011:java.rmi.AccessException: [EJB:010160]Security Violation: User: 'test' has insufficient permission to access EJB: type=<ejb>, application=leanapps, module=process_general.jar, ejb=LaLifeProcessController,
method=create, methodInterface=Home, signature={}.
When we disable Group Membership Lookup Hierarchy Caching, this error never occurs.
Our settings (Security Realms -> myrealm -> Providers -> SQL Authenticator -> Performance):
Max Group Hierarchies In Cache: 5000 (we have approx. 2000 groups)
Group Hierarchy Cache TTL: 3600
provider specific settings :
Group Membership Searching: unlimited
Max Group Membership Search Level: 0
Also in Myrealm -> Performance we have set :
Enable WebLogic Principal Validator Cache
Max WebLogic Principals In Cache: 5000
If we put the TTL really low (default 60 seconds), the error hardly ever occurs. But we want to have cache that lasts longer then one minute.
This might be a bug, as we have other clusters running on WL 10.3.5, 12c where we use the same cache settings. This issue does not occur there.
I'm more then willing to provide more info or config files
Edited by: user5974192 on 21-nov-2012 5:17This is fixed now. Someone had defined a Servlet for the web service in web.xml that was preventing the EJB container to kick in.
Edited by: user572625 on Aug 25, 2011 11:54 PM -
Getting list of all users and their group memberships from Active Directory
Hi,
I want to retrieve a list of all the users and their group memberships through JNDI from Active Directory. I am using the following code to achieve this:
==================
import javax.naming.*;
import java.util.Hashtable;
import javax.naming.directory.*;
public class GetUsersGroups{
public static void main(String[] args){
String[] attributeNames = {"memberOf"};
//create an initial directory context
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://172.19.1.32:389/");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
env.put(Context.SECURITY_CREDENTIALS, "p8admin");
try {
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
//get all the users list and their group memberships
NamingEnumeration contentsEnum = ctx.list("CN=Users,DC=filenetp8,DC=com");
while (contentsEnum.hasMore()){
NameClassPair ncp = (NameClassPair) contentsEnum.next();
String userName = ncp.getName();
System.out.println("User: "+userName);
try{
System.out.println("am here....1");
Attributes attrs = ctx.getAttributes(userName, attributeNames); // only asked for one attribute so only one should be returned
System.out.println("am here....2");
Attribute groupsAttribute = attrs.get(attributeNames[0]); // memberOf
System.out.println("-----"+groupsAttribute.size());
if (groupsAttribute != null){
// memberOf is a multi valued attribute
for (int i=0; i<groupsAttribute.size(); i++){
// print out each group that user belongs to
System.out.println("MemberOf: "+groupsAttribute.get(i));
}catch(NamingException ne){
// ignore for now
System.err.println("Problem encountered....0000:" + ne);
//get all the groups list
} catch (NamingException e) {
System.err.println("Problem encountered 1111:" + e);
=================
The following exception gets thrown at every user entry:
User: CN=Administrator
am here....1
Problem encountered....0000:javax.naming.NamingException: [LDAP: error code 1 -
000020D6: SvcErr: DSID-03100690, problem 5012 (DIR_ERROR), data 0
]; remaining name 'CN=Administrator'
I think it gets thrown at this line in the code:
Attributes attrs = ctx.getAttributes(userName, attributeNames);
Any idea how to overcome this and where am I wrong?
Thanks in advance,
Regards.In this sentence:
Attributes attrs = ctx.getAttributes(userName, attributeNames); // only asked for one attribute so only one should
It seems Ok when I add "CN=Users,DC=filenetp8,DC=com" after userName, just as
userName + ",CN=Users,DC=filenetp8,DC=com"
But I still have some problem with it.
Hope it will be useful for you. -
SQL syntax for querying Active Directory group membership
Post Author: cantrejj
CA Forum: Data Connectivity and SQL
I've established a connection to Active Directory through Crystal Reports XI. Now I need to write an SQL select statement to return all computer accounts and their group memberships. My statement returns all the computer accounts in the target OU, but when I add the memberOf field to my report everything goes blank. What am I doing wrong? I've included below my query statement and would welcome any suggestions...******************************************Select CN, memberOfFrom 'LDAP://OU=Managed Accounts, OU=Central Valley Service Area, DC= root, DC=sutterhealth, DC=org'where ObjectClass='computer'********************************************No ERRORs, no PANICs:
# grep -i error /var/log/samba/log.smbd
# grep -i panic /var/log/samba/log.smbd
# grep -i error /var/log/samba/log.smbd.old
# grep -i panic /var/log/samba/log.smbd.old
# -
Group membership alterations timeout
Hello,
I've imported about 100 security groups with their members from AD to FIM and have altered precedence so that FIM now manages these groups. I want to change the groups to criteria based membership and have successfully done so in a number of cases,
however I am finding that groups with more than apx. 700 members are causing an error in the portal.
Event viewer says that the diagnostic log may contain more information but it does not. It also suggests checking the SharePoint log but unfortunately I have been unable to find an appropriate log.
I've had this error occur before in similar circumstances and my guess is that there is some sort of timeout cancelling the operation.
Does anyone know of a fix for this? Is there a way to empty the group memberships?
Many thanks
Portal error:
"Unable to process your request. Please contact your help desk or system administrator."
Event viewer:
"The portal was unable to complete a request and showed a user the default error page.
An unhandled exception was caught.
Check the product diagnostic log file and then check the SharePoint log file."Hello FIM-EN,
You probably have a timeout issue. Tyr to increase the value in the file "C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.ResourceManagement.Service.exe.config":
/configuration/ resourceManagementClient/ @timeoutInMilliseconds
[0,360000]
90,000
The timeout of the client side of communication.
link:
http://technet.microsoft.com/en-us/library/ff800821%28v=ws.10%29.aspx
Regards,
Sylvain -
User Group Membership change Alert
As a system administrator, I will like to be alerted when a user's group membership has changed on the domain. Can Spiceworks compare the imported memberships in its database with AD and alert me when they do not match? Below is an image of the information that SW imports which could be used for this comparison.
This topic first appeared in the Spiceworks CommunityAssuming you know the dn of the groups to remove the person from and add them to, and the dn of the person to move, you should be able to do something similar to:
Attributes attrs = new BasicAttributes(true);
Attribute uniquemember = new BasicAttribute("uniquemember");
uniquemember.add("uid=user,o=domain.com"); //add user to move to attribute
attrs.put(uniquemember);
DirContext ctx = //connect to your ldap dir
try{
ctx.modifyAttributes(groupToRemoveFromDN, ctx.REMOVE_ATTRIBUTE, attrs);
ctx.modifyAttributes(groupToAddToDN, ctx.ADD_ATTRIBUTE,attrs);
catch (NamingException ne) {
//return error appropriately
try{
ctx.close();
catch (NamingException ne) {
//do what you want with error
}You also might want to check out the JNDI tutorial at http://java.sun.com/products/jndi/tutorial/index.html
--Nicole -
Does anybody have any advice on how to properly set up a LiveCycle domain to allow group membership to work correctly?
Our domain appears to be properly configured to retrieve our users and groups from Active Directory through LDAP. However, groups are not properly populated with users, and users are not properly associated with groups.
For example, if I bring up a user in AdminUI > Settings > User Management > Users and Groups, it only shows them as being a member of "All principals in domain..." and "All Principals."
Likewise, if I bring up a group known to have members in "Users and Groups," it appears to be empty.
However, if I execute the following query against the MySQL database, which would appear to display the groups of which a given user is a member, I see the expected groups listed.
i SELECT edcprincipalentity.commonname, edcprincipalentity_1.commonname
i FROM (edcprincipalgrpctmntentity
i INNER JOIN edcprincipalentity ON
i edcprincipalgrpctmntentity.refchildprincipalid = edcprincipalentity.id)
i INNER JOIN edcprincipalentity AS edcprincipalentity_1 ON
i edcprincipalgrpctmntentity.refparentprincipalid = edcprincipalentity_1.id
i WHERE (((edcprincipalentity.commonname) Like "%name%"));
We have a turnkey installation, and below are our installed component versions:
JMX Monitor v1.0 patch N/A
Adobe LiveCycle Forms v7.2.0 patch 1
Adobe LiveCycle Workflow v7.2.1 patch 1
Adobe LiveCycle Form Manager v7.2.0 patch 1
User Management v1.23.0 patch N/A
Thanks for any assistance you can provide.The key to resolving this issue was the following error in the log:
[com.adobe.idp.um.provider.directoryservices.LDAPDirectoryGroupProviderImpl] errorCode:8193 errorCodeHEX:0x2001 message:retrieving record value chainedException:javax.naming.CommunicationException: xxx.xxx.xxx:389 [Root exception is java.net.BindException: Address already in use: connect]chainedExceptionMessage:xxx.xxx.xxx:389 chainedException trace:javax.naming.CommunicationException: xxx.xxx.xxx:389 [Root exception is java.net.BindException: Address already in use: connect]
The resolution was editing the Windows registry to allow more open ports, per http://support.microsoft.com/kb/196271/EN-US/ . -
Group Memberships not Flowing into Metaverse
Hello,
I'm trying to figure out why the group member attributes in the CS are not flowing into the MV. Here's what I have:
An HR system running on SQL Server
A staging database that extract data from the HR system
The staging database has a table representing person object
The stating database has a table representing person multi-valued attributes (i.e location, job code, etc)
The staging database has a table representing group objects
The staging database has a table representing group memberships (mult-valued)
A SQLMA connected to the person and person multi tables
A SQLMA connected to the group and group membership tables
All group memberships are based on job codes and locations. There are no approval process in place. If they have this job code, they get certain groups. That's all calculated in the staging database and the memberships are in the group membership
table
This system does connect to AD (and a few other things), but I'm not concerned with that, right now.
I've read 100 articles on this, most of them over 5 years old, and tried the ones that made sense. The flow from the database into the CS works well. No issues there.
But, a search of the metaverse for the group shows an empty member attribute. The sync process is not throwing any errors. At least they're not showing up in the sync service app or the event logs.
Where allowed, I'm using rules extensions for everything. I can't use a rules extension to set the member attribute because it's an rdn.
I'm going to move forward with this by extending the metaverse schema and adding a multi-valued string attribute named "memberOf" to the person object. Then, I'll modify my existing MA to use that attribute instead of the member attribute.
I'm not sure what kind of issues I'm going to run into when exporting that to AD. I'll cross that bridge when I come to it. I don't anticipate that being an issue as the dns for all these objects will be calculated by the ADMA based on locations,
group functions and person types (bascially, I don't care about the MV rdn).
Anyway, I'm looking for some real world insight on this. This whole effort is to migrate off an existing IDM system that works very, very well but quite expensive to license.
Thanks,
Greg WilkersonHey Cameron,
I have total control of all the DB tables FIM is accessing. I build them up as part of IDM process.
I've read this article, along the many others that address the "manager" scenario. This really doesn't apply in this case as the user and group objects are loaded in separate MAs. Getting reference values to flow with both object live in the
same CS shouldn't be an issue.
I also saw a solution where the group and user objects were in the same table and differentiated by the "object_type" value (user, group). That solution solved the issue of the groups and user being in the same CS. As I grow tired of my daily
FIM beatdown, that solution is growing more attractive. That's a major DB redesign, and seems quite inefficient.
The multi-value table for group memberships already exists in the DB. For FIM purposes, I transferred that data into the user object multi-value table. See screen shot. I can certainly configure the group MA to access that multi-value table
and load the group members as references. But, because the group MA CS will not contain the user objects, I don't see how the references will be set. If the reference value isn't set in the CS, it's not going to flow into the MV (at least I haven't
figured out a way to set the an reference value for an object in the MV - my problem all along.
This whole "setting a reference value" encompasses much more than just group memberships in my implementation. Telephone resources and physical access (key cards, etc) are provisioned through the existing eDirectory system. These objects exist
in our current IDM system and are associated with users based on rules. So, the reference value process is something I need to figure out, if I'm going to use this product.
Maybe I could use a stripped down ECMA2 as a "staging" CS, export the users and groups into this CS and assign the reference values, then import the groups back into the MV, memberships intact. I'm not sure that would get me where I want to go, and
it seems like a lot of extra "stuff" to solve what should be a simple problem. Hmmmmmm. Or, connect the ECMA2 directly to my group membership multi-value table in the DB. Hmmmmmm. I'd still have to export the groups and users into that
CS, but the import might be much more straight forward. Hmmmmmm.
The structure of my GroupMembership table (both columns are anchors or directly translatable to anchors):
EmployeeGroups
GroupName varchar(50) not null,
EmployeeID nvarchar(50) not null,
ID int identity(1,1) not null -
I have a ODM that has jut been added to AD. I have OD groups that I now need to add AD members to push MCX down to my clients, the problem is if I do it from WGM I'm only able to do one member at a time. This is not so bad when I have to do it to groups with about ten members, but it gets REALLY boring when I have groups with a large number of users. Seems this would be a great task to do from a script, has anyone done this or could lead me to some info on how to do it?
Thanks for the reply.
Will dseditgroup work with AD? After reading the man page for it I tried,
dseditgroup -o read -n /Active\ Directory/All\ Domains/ testgroup
*testgroup= Group we created in AD with about five users in it.
After I hit enter the shell returns with nothing, not even a error. Do I have the syntax wrong or can I not use dseditgroup to read group membership from a AD group? -
AD account used for running SIA locked during group membership querying
Hello,
I have code that is querying user / group membership from the BOE repository using the Java Enterprise SDK. When running against an environment using an AD service account to run the SIA, an error is thrown and the AD account is subsequently locked when I execute my code. The error is as follows:
com.crystaldecisions.sdk.exception.SDKServerException: The Active Directory Authentication plugin failed to verify the currently specified administration credentials required to connect to Active Directory. Please contact your system administrator.
cause:com.crystaldecisions.enterprise.ocaframework.idl.OCA.oca_abuse: IDL:img.seagatesoftware.com/OCA/oca_abuse:3.2
detail:The Active Directory Authentication plugin failed to verify the currently specified administration credentials required to connect to Active Directory. Please contact your system administrator.
The server supplied the following details: OCA_Abuse exception 10505 at [.\exceptionmapper.cpp : 79] 50068 { , , secWinAD}
...The Active Directory Authentication plugin failed to verify the currently specified administration credentials required to connect to Active Directory. Please contact your system administrator. Plugin error: SecWinAD Error: an error occurred in CADCredentialManager::SwitchSecurityContexts().
If the account is successfully running the SIA, I'm not understanding why this message is being thrown. Also - I'm assuming some internal login is happening with this AD account when I query for group membership (?), as I am able to query for other types of metadata without error / locking the account. Based on the error thrown, the authentication with this ID is failing, and is probably being attempted multiple times, resulting in the account being locked? Can anyone provide insight here?
Thanks...Ted is right on the mark with this one.
The cause is outlined in the exception indicating a problem with the SwitchSecurityContexts() function. The Active Directory plugin requires a set of credentials with which to connect to Active Directory and perform any necessary lookups. Therefore, the issue is not with the account running your SIA (and by extension your CMS), but the Active Directory administration credentials you've set on the plugin (either via the CMC or through code). When the CMS tries to impersonate, or switch security context to the other account, it fails to authenticate against Active Directory.
Check to make sure this property is set identically to the account running the SIA, and like Ted said, that you can successfully update the plugin via the CMC.
Thanks,
Jim -
Question on Group Membership issue in installation
Hi,
I am installing the Oracle DB and got this error in the 'Prerequisite Checks':
'Group Membership: <GroupName>
This is a prerequisite condition to test where user "<userID>" is a member of the group "<GroupName>"SD wrote:
Hi,
I am installing the Oracle DB and got this error in the 'Prerequisite Checks':
'Group Membership: <GroupName>
This is a prerequisite condition to test where user "<userID>" is a member of the group "<GroupName>"consider reading & following the Installation Guide found at http://tahiti.oracle.com -
ACS 5.3 Group Mapping based on AD group membership
Hi,
I am configuring a new ACS 5.3 system. Part of the rules is that I want to match the users specific AD group membership, and match appropriatly to an identity group.
What i'm trying to do is say that if the user is a member of the AD Group (G-CRP-SEC-ENG) then associate them with the Identity Group SEC-ENG. The under the access service, authorization portion, i assign shell profiles and command sets based on Identity Group.
It seems that the ACS server will not match the AD Group for the user, and it will match the Default of teh Group Mapping portion of the policy every time.
I tried several configuration choices from : AD1:ExternalGroups contains any <string showing in AD>, AD1:memberOf <group>.
Is there something special i need to do in the Group Mapping Policy to get it to match and active directory group and result in assigning the host to an Identity Group?
Thank you,
SamiOk, my case is like this.
I use ACS 5.3 for VPN authentication, using AD and an external RSA for token authentication (2 factor authentication)
I didn't add all the VPN users in the ACS, because it will be troublesome, the users authentication will be managed by AD and RSA server.
In some cases where we need to restrict a group of user to only access certain resources, downloadable ACL is used.
Following the Cisco docs, i manage to get downloadable ACL works when the authorization profile matching criteria is username, but when i change the matching criteria to Identity group, the downloadable ACL won't work.
I have a case with Cisco engineer now and still in the middle to sort things out.
The advice from the Cisco engineer is to have the Access Service set to Internal User instead of RSA server, but that will require us(the admin) to import all the VPN users into the ACS database.
Wondering whether there is a fix for this.
Thanks. -
OIM: What is the purpose of "Update" while editing group memberships
Hi,
This is when you lookup a user's Resource Profile and go to "Edit" link. The process form shows up along with a drop down to edit the group memberships. When we select one of the choices such as "Groups" another window pops up where we could add more entires into the child form. In this form there is an "Update" column with a radio button besides a "Remove" column. What is the purpose of this "Update" column? We can add or delete child entries but what does update do? Is there a way to remove this selection altogether?
Thanks in advanceUpdate I can see used for a cases where you have multiple columns on a child table entry and want to change one of them. Strictly speaking, you can update a single column child table rather than delete and insert also. Access policies always do insert and delete actions, but you will want to implement an update task as well if you expect anyone to be editing child tables on resources directly.
Maybe you are looking for
-
Please answer my question.Thanks
-
How can i update multiple records at same time in psa
Hi, i need to modify certain column's value in psa. for one of InfoObject fix value i need to change to some other value, can i write some routine or any other way to do so quickly. thnx
-
How can I get my camera to work again?
Have had my phone for almost 6 months and have never had a problem with the camera. After I did the last upgrade to my iphone which was just a few days ago my camera stopped working. I click on the camera icon and it's either showing the shutter or i
-
Performance Report Manager not collecting data
I'm running SMC 3.6 with the Performance report manger module installed on the server and hosts. The hosts are logging data to their circular file. But when I open the Report Manager then Data-Data Collection there are no hosts listed in the "Hosts w
-
KdeGraphics-Okular - How to change the color of Text Selection tool
Hello All I'm trying to know how to change/fix the color of the Text Selection Tool (Ctrl + 4). Because when I highlight the text, it's only one color (Dark Blue) that make me could not read clear. ---- My OS Configuration OS : Arch DE: LXDE WM: Open