GW user provisioning with iManger
I've just updated to Groupwise 2014, and everything seems to be working smoothly, but I need to clear a few things up regarding GW account creation.
In the past, I've manually created users with C1, and I used a template that had Groupwise PO information in it, and it all worked well. I can still create users with this template in C1 with the 2012 snapins, and everything seems to still work fine in GW2014, but I assume this isn't supported. Creating a user with iManager (with the GW plugins) with this same template does not create a Groupwise account at all, and I can't set GW info at user creation; I have to open the user after creation, go to the Groupwise tab, and pick the PO that they should belong to, and I can't actually change any groupwise options, like groups, visibility, nicknames, etc. In this case, the user gets created in GW, but the GW info (like email address, PO, etc) never makes it back into eDir. I do have email publishing enabled for the directory, but it doesn't seem to be doing anything.
My question is this: If I create a directory user and want to have a GW account automatically created for them at account creation time, what is the correct way to do that in 2014?
Thanks!
Adam
I've added a significant amount more GroupWise 2014 functionality since the v20 release. Jrbimprt and gwusers can both create users in GroupWise 2014 and make associations. But it is still not possible to create users via a template because there are no appropriate attributes which can be assigned to the template to identify the target 2014 system and the post office in which to create users. The 2012 attributes are not suitable e.g. "NGW: Post Office" must hold an eDir object name. Hence my suggestion to Novell. If necessary I'll provide my own aux class definition, but as I think such an aux class could be widely used, it is better for Novell to provide a standard definition than for 3rd party developers to each devise similar but different
schemes.
Contact me direct if you want to try the post v20 enhancements.
John
Similar Messages
-
OIM - Users provisioned with different resource form versions
Hi !!
we are having some problems with different resource form versions and maybe you can help us.
We have two different versions of one resource form. One of them has 2 extra fields.
Some users were provisioned with that resource with the previous form version (no extra fields) and some with the new one (extra fields).
The problem is that now, if we try to edit that resource for the users with the old version, we are not able to edit or even see the information for those extra fields.
It seems that they have been associated with the old version and we need to change it in order to make them use the new one. Is that possible? How can we fix that?
Thanks in advance.Alternatively you can manually update the form version in the OIM database.
If it is a small number of forms it might be easier to do that then to bother with fvc.
Best regards
/Martin -
User provisioning with Sun Directory Server
I'm migrating from the internal user data store to external with Sun Directory Server as the LDAP backend and I'm unable to provision new users. I use unidssearch to list the unprovisioned accounts and it lists the user I'd like to provision. I then execute 'uniuser -user -add "DID=uid=testy,ou=People,dc=domain,dc=com" -n 10' which returns an Insufficient access right error. When I look at das.log I see the following entry...
DATE = Thu May 10 10:25:09 2007
PID = 440; TID = 1095888896
LOG TYPE -> DEBUG
FUNCTION NAME -> ctldap_CalUserUpdateByDirectoryId
dn: uid=testy,ou=People,dc=domain,dc=com
changetype: add
ctCalXItemId: 00010:00500
o: Domain Corporation
objectClass: ctCalUser
This entry tells me that uniuser is try to do an LDAP_ADD on an existing object in the directory when it should do a LDAP_MODIFY.
Does anyone know why this is?the unidsacisetup(8) command can be used to add the ACI for Sun Directory server. The ACI it sets is a little to loose for my liking so I modified it slightly.
Original:
(target="ldap:///dc=domain,dc=com") (targetattr = "*") (version 3.0; acl "Calendar Administrators Group"; allow(all) groupdn = "ldap:///cn=OracleCalendarAdminGroup,ou=OracleCalendar,dc=domain,dc=com";)
Modified:
(target="ldap:///dc=domain,dc=com") (targetattr = "*") (version 3.0; acl "Calendar Administrators Group"; allow(read,write,compare) groupdn = "ldap:///cn=OracleCalendarAdminGroup,ou=OracleCalendar,dc=domain,dc=com";) -
Regarding user provision with disable and locked status
Hi All,
what i need to do if i want to provision a user with disabled and locked status for first time.
i am using OIM 11g
Can any one please help me out in this.
Regards
PrasadYou can provision a user into EBS.
Call "*Disable User*" task on SUCCESS of Create User task in EBS process defn.
Let me know if you see any challenges in this approach.
If target application supports Lock Status then you can add a task and attach adapter to lock that account and call in the same way. -
Provisioning with the AD connector (MSFT_AD_91150)
Hi friends,
I configured the AD Connector version: MSFT_AD_91150 in Oracle Identity Manager 11g.
Scenario Tested:
1. It created the user in Oracle Identity Manager 11g.
2. Resource was manually assigned to the user AD User created.
3. Check Active Directory is user-provisioned.
4. User was successfully created in Active Directory.
5. Accessed at the workstation with the user provisioned. For example: user/password = user1/xell2011
Final result:
- The user can not access the workstation with the password provided in the procurement process manually.
- The user can access the workstation when no password is entered. For example: user/password = user1/(blank)
- The connector is not sending the password.
Any suggestions to solve this problemFriend Kevin,
I have connected with a ldap browser to Active Directory, these are the values of the classes when:
-(A) The user is created in the Active Directory directory
-(B) The user is created through Oracle Identity Manager (provisioned)
*(A) User created in Active Directory in the organization identitymanager*
dn: CN=jlk, OU=identitymanager, DC=businessvk,DC=com
displayName: jlk
givenName: jlk
sAMAccountType: 805306368
primaryGroupID: 513
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
badPasswordTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=businessvk,DC=com
cn: jlk
userAccountControl: 66048
userPrincipalName: [email protected]
dSCorePropagationData: 16010101000000.0Z
codePage: 0
distinguishedName: CN=jlk,OU=identitymanager,DC=businessvk,DC=com
whenChanged: 20110406115109.0Z
whenCreated: 20110406115100.0Z
pwdLastSet: 129465642609525000
logonCount: 1
accountExpires: 9223372036854775807
lastLogoff: 0
lastLogonTimestamp: 129465642697181250
objectGUID:: 77+9UO+/vdqp77+977+9Qu+/ve+/ve+/ve+/vQ9J77+9
lastLogon: 129465642697181250
uSNChanged: 43491
uSNCreated: 43485
objectSid:: AQUAAAAAAAUVAAAAx5Pvv73qnoF/77+977+9w7JXBAAA
countryCode: 0
sAMAccountName: jlk
instanceType: 4
badPwdCount: 0
name: jlk
*(B) Users provisioned with Oracle Identity Manager, in the organization identitymanager*
dn: CN=dr.SUSE, OU=identitymanager, DC=businessvk,DC=com
displayName: dr.SUSE
givenName: [email protected]
sAMAccountType: 805306368
primaryGroupID: 513
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
badPasswordTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=businessvk,DC=com
mail: [email protected]
cn: dr.SUSE
initials: suse@b
userAccountControl: 66080
telephoneNumber: 14521111
userPrincipalName: [email protected]
dSCorePropagationData: 16010101000000.0Z
codePage: 0
distinguishedName: CN=dr.SUSE,OU=identitymanager,DC=businessvk,DC=com
whenChanged: 20110406115400.0Z
whenCreated: 20110406115358.0Z
pwdLastSet: 129465644405150000
logonCount: 0
accountExpires: 129472488000000000
lastLogoff: 0
objectGUID:: Iu+/ve+/vTFWKjFO77+977+9VO+/vQ==
sn: dr.SUSE
lastLogon: 0
c: DE
uSNChanged: 43498
uSNCreated: 43494
objectSid:: AQUAAAAAAAUVAAAAx5Pvv73qnoF/77+977+9w7JYBAAA
countryCode: 0
sAMAccountName: [email protected]
instanceType: 4
badPwdCount: 0
name: dr.SUSE
Thanks. -
IOP 11.1.2.0 integration with Shared Services (User Provisioning)
In the IOP 11.1.2.0 install guide, the Admin and Admin provisioning roles are provisioned through Shared Services.
"Provision Integrated Operational Planning Administrator and Integrated Operational Planning
Provisioning Manager roles for the Integrated Operational Planning instance to the Admin user through
Oracle's Hyperion® Shared Services Console
a. Connect to the Oracle's Hyperion® Shared Services Console; for example, http://
hss_server:hssserver_port/interop.
b. Log in as the administrator.
c. Expand User Directories and Native Directory.
d. Select Users and click Search.
e. Right-click the Admin user and select Provision.
f. Expand Default Application Group.
g. Expand the Integrated Operational Planning instance created.
h. Highlight IOP Administrator and Provisioning Manager.
i. Click the right arrow in the middle of the two windows to select the roles.
j. Click Save, and then click OK."
The users and groups are defined in Shared Services, per the IOP 11.1.2.0 admin guide (p. 144).
Is there an IOP user provisioning example in the shared services user's guide, and which version of the guide would I find that in?
Access priveledges are controlled from the Admin workbench for IOP users, per p.145 of the IOP 11.1.2.00 user's guide.
Thank you.IOP Roles are listed in the 11.1.2 Shared Services User and Role Security Guide, on page 158:
Integrated Operational Planning Roles
Table 39 Integrated Operational Planning Roles
Roles Tasks per Role
Provisioning Manager Provisions users and groups with Disclosure Management roles
IOP Administrator Administers Oracle Integrated Operational Planning, Fusion Edition. IOP Administrators can modify models, access
ACL pages, and perform all Integrated Operational Planning tasks
IOP User P erforms Oracle Integrated Operational Planning, Fusion Edition actions as a normal user -
Migrating EPMA Planning application: Failed to sync with user provisioning
Hi All,
We are migrating applications from Production to Dev. We have one EPMA Planning and one Essbase application in both environments.
We have migrated artifacts into File system in PROD(Shared services, EPMA, Planning, Essbase and Reporting). We have copied and pasted in import_export folder in DEV.
Then we are trying to migrate artifacts into applications from File system in DEV. First we did EPMA artifacts successfully in migration status report then we have deployed application into planning without any errors.(msg showing as in sync deployment). After that we did shared services, it is failed
migration status report error msg:
+28:6571:Application <xxxxx> does not exist in target. 28:6571:Application <xxxx> does not exist in target. 28:6571:Application <xxxx> does not exist in target. 28:6571:Application <xxxxx> does not exist in target. 28:6571:Application <xxxx> does not exist in target. ...+
When i am trying to open the planning application, i am getting error: Failed to sync with user provisioning, check planning log for details
HyS9planningsyserr.log details:
[INFO] RegistryLogger - REGISTRY LOG INITIALIZED
[INFO] RegistryLogger - REGISTRY LOG INITIALIZED
Creating rebind thread to RMI
com.hyperion.planning.DuplicateUserException: Another user with the name hypadmin already exists.
com.hyperion.planning.DuplicateUserException: Another user with the name hypadmin already exists.
com.hyperion.planning.HspRuntimeException: Failed to sync with user provisioning. Check Planning log for details
at com.hyperion.planning.HspJSImpl.synchronizeUserWithProvisioning(Unknown Source)
at com.hyperion.planning.HspJSImpl.login(Unknown Source)
at com.hyperion.planning.HspJSImpl.login(Unknown Source)
at com.hyperion.planning.HyperionPlanningBean.Login(Unknown Source)
at HspLogOn.Handle(Unknown Source)
at HspLogOn.doGet(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3241)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2010)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1916)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
java.lang.RuntimeException: Errors occured during syncrhonization: [com.hyperion.planning.DuplicateUserException: Another user with the name hypadmin already exists.]
at com.hyperion.planning.HspJSImpl.synchronizeUserWithProvisioning(Unknown Source)
at com.hyperion.planning.HspJSImpl.login(Unknown Source)
at com.hyperion.planning.HspJSImpl.login(Unknown Source)
at com.hyperion.planning.HyperionPlanningBean.Login(Unknown Source)
at HspLogOn.Handle(Unknown Source)
at HspLogOn.doGet(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3241)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2010)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1916)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
java.lang.RuntimeException: Errors occured during syncrhonization: [com.hyperion.planning.DuplicateUserException: Another user with the name hypadmin already exists.]
at com.hyperion.planning.HspJSImpl.synchronizeUserWithProvisioning(Unknown Source)
at com.hyperion.planning.HspJSImpl.login(Unknown Source)
at com.hyperion.planning.HspJSImpl.login(Unknown Source)
at com.hyperion.planning.HyperionPlanningBean.Login(Unknown Source)
at HspLogOn.Handle(Unknown Source)
at HspLogOn.doGet(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3241)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2010)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1916)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
com.hyperion.planning.DuplicateUserException: Another user with the name hypadmin already exists.
com.hyperion.planning.HspRuntimeException: Failed to sync with user provisioning. Check Planning log for details
at com.hyperion.planning.HspJSImpl.synchronizeUserWithProvisioning(Unknown Source)
at com.hyperion.planning.HspJSImpl.login(Unknown Source)
at com.hyperion.planning.HspJSImpl.login(Unknown Source)
at com.hyperion.planning.HyperionPlanningBean.Login(Unknown Source)
at HspLogOn.Handle(Unknown Source)
at HspLogOn.doGet(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3241)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2010)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1916)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
java.lang.RuntimeException: Errors occured during syncrhonization: [com.hyperion.planning.DuplicateUserException: Another user with the name hypadmin already exists.]
Thanks,
madyHi,
I got solution for this issue through Oracle Support.
I have restored database and migrated artifacts using LCM. any one method is enough to do Planning application migration (from Oracle Support)
Thanks,
mady -
Hyperion Planning - Failed to sync with user provisioning. Check planning
Hi All,
I'm trying to configure Hyperion Planning to user an external user repository (OID) but when i try to login with an OID user i get the following error :
"Failed to sync with user provisioning. Check planning log for details"
I'm not hyperion expert so please excuse any school boy mistakes.
Use Case : login to Hyperion Planning using an OID user
Setup:
1) User created in OID
2) Use Provisioned in HSS with planning roles
3) User can login to HSS
4) Able to login with Native user with the exact same roles
5) Version 11.1.2
6) Can only see native user in EAS..
I've googled away and tried various things:
1) Run provisionUsers script :
Loaded Version of Essbase RTC: 0xb1200
[Wed Jan 25 09:39:04 GMT-06:00 2012] Planning successfully notified HBR repository.
Wed Jan 25 09:39:41 GMT-06:00 2012 :: [Wed Jan 25 09:39:41 GMT-06:00 2012] Plann
ing: Synchronizing the following users with user provisioning: [XXX]
Wed Jan 25 09:39:41 GMT-06:00 2012 :: Planning: Error occurred while synchronizing: Errors occured during syncrhonization: [com.hyperion.css.CSSIllegalArgumentE
xception: EPMCSS-251046: Invalid principal.]
2) Bouncing servers
Any help would be great.
Thanks,
OzHi,
Have you updated the datasources for each of the planning applications, you will need to update the password and probably recycle planning app server.
Cheers
John
http://john-goodwin.blogspot.com/ -
Planning 931 - Failed to sync with user provisioning
I am getting " Failed to sync with user provisioning. Check Planning log for details" error message while trying to login
This issue is not for all users. I can login as admin and refresh my security via planning webHi Amit,
i had similar issue when i migrated planning application from test to Dev.
here is the solution which I followed and resolved the issue:
1.Login as admin account
2.click on Administration tab.
3. select Dimensions from menu.
4. select any of the member.
5. Click on Assign Access.
6. Which takes you new window.
7. Click on "migrate identities", once it is successful.
8. logoff and try to login with any other user.
hope this helps.
www.dornakal.blogspot.com
Edited by: Dornakal on May 6, 2009 10:52 AM -
Failed to sync with user provisioning
Hi,
None of the users other than admin are able to login to planning application in SIT. I have the admin access in SIT, but still not able to log into any planning application. The error i get is "Failed to sync with user provisioning. Check Planning log for details".
What could be the reasons? Which log do i check?
version - 11.1.1.3
Regards,
Ragav.Have you tried running the updateusers utility :- http://download.oracle.com/docs/cd/E12825_01/epm.111/hp_admin/ch03s12.html
this should try and sync HSS with the planning tables, it will also output any failures.
Cheers
John
http://john-goodwin.blogspot.com/ -
Failed to sync with user provisioning. Check Planning log for details
hey everyone,
we just did a password update for our hyperion planning application owner account. and now when i try to login to hyperion planning, i get the following error message:
Failed to sync with user provisioning. Check Planning log for details.
I can still login to shared services and workspace with the same application owner account.
i also tested and verified that I can login to Essbase via Excel using this application owner acct. after i changed the password, i have stop and restarted the weblogic web services after I updated the password.
because i kept getting the error, i have reverted back the password to the original one... but i am still getting the same error message.
btw, we are using a solaris server running WebLogic9, Hyperion System 9. any help or tips would be appreciated.. thx.Hi,
Have you updated the datasources for each of the planning applications, you will need to update the password and probably recycle planning app server.
Cheers
John
http://john-goodwin.blogspot.com/ -
Failed to sync with user provisioning 9.3.3
Hello,
I have a new twist on a common error. We have two Planning applications. We copied one from prod to dev, but during the duration of this, I had to change my password. Now I can sign onto one planning application, but not the one we refreshed, due to the "Failed to sync with user provisioning" error. I can sign onto EAS Console and Shared Services.
Can you please tell me what I have to do to resync this Planning application, and instructions on how to do this? I have access to the admin account and database tables if required. This is version 9.3.3.
Thank you,Hello John,
I am logging in with my user id, which is an administrator, but not the "admin" account. I am unfamiliar with the term application owner, but I expect it is the "admin" account. We use single server sign on, so my network username and password are the Hyperion/Essbase username and password.
I think the problem is, between the time we copied the application from production and copied it to development, I changed my password.
I looked in the hsp_users table, and it does not have usernames. Is there a way to associate the user_id with a username to find out which one is mine?
I would copy the SID value from the working to the non-working one. I understand that part.
Thank you, -
Sync with user provisioning error
Hi,
I am working on planning 9.3. I am facing following problems :
1)I have created a form and when I use "Assign access" option I don't see any user in the list. When I click on add access option, I am getting following error
" Sync with user provisioning succedded with Errors. See Planning log for details"
2)When I add an user in user console management and give provisioning(Application provisioning) to it , it is not giving me any error. But I am not able to sign in with the new username to the application
Please suggest solution.
ThanksHi,
This is in response to post by tclauer..
Is this happening on all planning apps or is the problem specific to one app ?
Can you log in with the admin account ?
Can you access the following URL from the planning server :-
http://<HSS servername>:58080/interop/framework/getCSSConfigFile
Does a file exist in (I am assuming you are on Tomcat)
Hyperion\deployments\Tomcat5\HyperionPlanning\temp
like :- <HSS servernamer>-getCSSConfigFile-<generatednumber>-CSS.xml
There should also be a file in the same directory called :-
SharedServices_Security_Client.log
This log might give further details to the errror
Cheers
John -
Secure External LDAP with local user provisioning in a org.
To all:
I'm working with 05Q1 or as some say v3. I was able to successfully set up user authentication with external ldap and dynamic creation of users with in local org and ldap and map over attributes for storage into local ldap. Now I need to try and make it a secure external ldap authentication. Without disturbing any of the other orgs with in the local system.
Is it possible without turning on security for all? Where would the certs be stored for the secure external LDAP that I am authenticating against?
Help would be appreciated.
If anyone is trying to do the same thing let me know if your having trouble. I sure did, just getting to the point that I am right now.
Thanks,
- MiloHi,
Check following forum thread.
Re: custome role maper example
Regards,
Kal -
[OIM] Error in Direct Provisioning (with auto save form) - GTC DB App Table
Hi,
I am getting an error when setting up direct provision of a GTC DB App Conn using OIM access policy (and group membership) or through manual provisioning with prepopulate and auto save form.
Manual provisioning with prepopulate ONLY (not with auto save form) WORKS!!!
Some information about my OIM config:
- Prepopulate adapters are set up on both forms (parent and child)
- "Auto prepopulate" and "Auto save form" are set up at Process Definition
- For direct provisioning, I have created an access policy with an associated group which has a membership rule
What it is working:
- Provisioning manually, using prepopulate adapters only, not auto save form. Both tables are updated properly
- All *3 tasks are called and finished with status=Completed*: "System Validation", "Create User" and "Child Table UD_<connector child table name>_US row Inserted"
Testing direct provisioning:
- I have tested adding the resource manually with prepopulate and autosave form configured, and also through access policy/group membership. The error is the same on both tests
- The resource is displayed as provisioned and it is created an entry in the parent table of the resource, but not on child table
- I also observed that only: "System Validation" and "Create User" tasks were executed (status=Completed). But it is missing the task "Child Table UD_<connector child table name>_US row Inserted"
- The error log info displays only an error regarding to UGP table (Groups info) but I am not sure if that is the cause of entry creation on child table.
It seems the SQL stmt tries to get ugp_name (group name) using ugp_key but that has null value.
"SELECT ugp_name FROM ugp WHERE ugp_key=java.sql.SQLSyntaxErrorException: ORA-00936: missing expression"
Note: When testing manually (without auto save form), I got "SELECT ugp_name FROM ugp WHERE ugp_key=1" which it is the same SQL stmt but the value is provided.
My guess:
- It seems that error is aborting the whole execution process so "Child Table UD_<connector child table name>_US row Inserted" task does not run, even though previous tasks are finished with the status=Completed. Consequently, the entry is not created on child table.
Please, any guess or help would be very helpful. In case nothing works, I guess I will have to create and customize a "Update child Form" task as an workaround which would be called after "Create User" task.
Regards,
Hugo
My environment:
- Windows 2003, WebLogic 10.3.0.0, OIM 9.1.0.2 BL4, Oracle 10g, Java 1.6, DB App Table Connector 9.1.0.2 (from October 2009)
- Target Resource: Parent and Child Table (Oracle 10g - the same OIM DB)An update:
I solved that error about "ORA-00936: missing expression" applying OIM 9.1.0.2 BP05. That was not impacting my issue regarding direct provisioning with auto save form and child form.
So please if anyone can confirm:
- Can I set up prepopulate adapters on child forms AND also use "auto save form" on GTC DB App Table connector?
If not, any suggestion?
Regards
Hugo
Maybe you are looking for
-
I recently replaced a damaged hard drive with a new one direct from Apple. I was running OS 10.4.8 before the accident and easily used the Classic mode when running several odler programs I own. Now that I have a new harddrive, OS X 4.8 tells me I no
-
Switching from PC to Mac Itunes purchased music
Having recently made the move from pc to mac I backed up all my music on my old pc and transferred it onto my mac. All the music shows up on Itunes but when I downloaded it onto my 5G ipod the music purchased from Istore will not download??? any clue
-
Where are the downloads?
Why is it so hard to find downloads for older editions of photoshop? I have CS5 Extended on old laptop that crashed so I've taken over my wife's laptop that has not cd drive, so I need to download the program. It is virtually impossible to find on
-
Alias directive case-sensitive?
I've come across an issue with the Alias directive... I set an alias in the ServerAdmin and realized that upon saving it converted everthing in the target path to lowercase. The directive subsequently did not work. When I edit the path manually via t
-
Wanted working example of a rich media enhanced magzine
Does anybody know a working (live) example of a rich media enhanced magzine, preferably a magazine with flipping pages and (a combination of) normal and moving pictures (movies). If so please advise url, because a (moving) picture is more than a tho