How to provision users to diffrent OU in OIM 11g(OIM configured with LDAPS)

HI All,
we have a requirment to create users in diffrent OU in OID based on the type of the user.
During user creation, if we select usertype as Employee then user should be created under OU=EMployee,dc=domain,dc=com, if we select usertype as Contractor then user should be created under OU=Contractors,dc=domain,dc=com. how do i configure this? i treid modifiying LDAP container rules, but it dint work, can you please help me on this.
Thanks

In addition to setting LDAP container rules, i had to create an eventhandler and use another field (locality name for example) to make this work. If you have more than one ldap container there is bug in OIM code becuase of which some containers don't get set. Meaning if you have one user type mapped to unique ldap container you will be fine with the suggestion above. If you have multiple user types mapped to one ldap container, and you have many such combinations some ldap containers don't get set. the following code worked for me:
     if (userRole != null) {
          if (userRole.equalsIgnoreCase("Full-Time Employee") ||
                                        userRole.equalsIgnoreCase("Part-Time Employee") ||
                                        userRole.equalsIgnoreCase("Consultant") ||
                                        userRole.equalsIgnoreCase("Internal System Accounts")) {
          userType = "Internal";
          } else if (userRole != null && userRole.equalsIgnoreCase("OIM System Accounts")) {
          userType = "System";
          } else {
          userType = "External";
     orchestration.addParameter("Locality Name", userType);
Hope this helps,
Prasad.

Similar Messages

  • URGENT: Provision users on Electronic devices like Mobile in OIM

    Hi all,
    How to provisioning users on Electronic devices like Mobile in OIM. Do we have connectors/adapters/forms to Provisioning it?
    Regards,
    Karthick

    You need to implement a disconnected resource for this. No OOTB connector.

  • How to allow user chaning his password in OBIEE 11g weblogic custom LDAP?

    Hi,
    How to allow user chaning his password in OBIEE 11g weblogic custom LDAP?
    I need to give user an option to do so, without the intervention of any Administrator. I also do not want to make user a Administrator else he will be able to login in weblogic and can do any damages unknowingly.....
    Regards,
    Rahul

    Hi,
    Replace the line in the instantconfig.xml
    <WebMessage name=”kmsgChangePasswordLink”><!–<HTML><sawm:messageRef name=”kmsgUIChangePassword”/></HTML>–></WebMessage>
    with
    <WebMessage name=”kmsgChangePasswordLink”><HTML><sawm:messageRef name=”kmsgUIChangePassword”/></HTML></WebMessage>

  • How to create user in local datasource when UME is already switched to LDAP

    HI,
    Info : I have portal ( NW 700),  recently i switched the datasource of portal to LDAP from local datasource.
    issue: if i create user in portal it get created in LDAP, i want create few users in Local datasource.
    how to create user in local datasource when UME is already switched to LDAP?
    one solution is change the ume back to local datasource > create user > then switch back to LDAP.
    do you know any other sol?
    Regards
    Shridhar Gowda

    Please let me know the Datasource file name .. i.e. the .xml filename.
    try to analyze this name and see whether you get a solution or post it here.
    Reward points if helpful -

  • OIM Provision Users to diffrent OU's

    I was trying to see how we could provsion users to diffrent OU's . As of now when I try to create users and they are being provisioned into default User container. I was trying to find out where exactly will it be pulling up the OU information from. (I belive it is from the adapter file.)So that I can change the same so that users will be populated to different OU's accordingly.

    What user user637654 recommended is what is supported out of the box.
    In many cases it simply isn't enough to meet the requirements. In that case you need to create a custom AD create user task. We have done this for a number of customers and the main problem is usually to find the transform between the information that you have available (information about the user from your trusted source) and the OU location in AD.
    One option if you have requested based provisioning is to include the OU on the object form and let the requester pick the OU. Not always appropriate but can sometimes be a viable option.
    Hope this helps
    /M

  • How to update UDF in OID11g(OIM 11g configured with LDAP SYNC)

    Hi All,
    I have configured OIM11g with LDAP SYNC and it is working fine. i have added some UDF on the user creation form and the same attributes has been created on OID as well. Now, when i create users on OIM with these custom attributes the values are not getting updated on OID resource, can anyone please let me know how to update these attributes on OID?
    Thanks in advance,

    to Update a UDF you must assign a copy value adpter in Lookup.USR_PROCESS_TRIGGERS(design console / lookup definition)
    eg.
    CODE --------------------------DECODE
    USR_UDF_MYATTR1----- Change MYATTR1
    USR_UDF_MYATTR2----- Change MYATTR2
    Edited by: Lighting Cui on 2011-8-3 上午12:25

  • OIM 11g: OIM User "Notes" field

    Does anyone know if anything has changed from 9.1x to 11g with regard to the Users.Note attribute? We have a unit test that reads and tries to set "Users.Note" via the tcUserOperationsIntf.updateUser() method. This test works fine against OIM 9.1x, but fails against OIM 11g with a tcAPIException with the message that "Users.Note" is not a valid attribute name. The Users.Note field is defined as a field lookup and exists in the database (USR_NOTE), so I'm wondering what changed.
    Any ideas?

    waynec wrote:
    Does anyone know if anything has changed from 9.1x to 11g with regard to the Users.Note attribute? We have a unit test that reads and tries to set "Users.Note" via the tcUserOperationsIntf.updateUser() method. This test works fine against OIM 9.1x, but fails against OIM 11g with a tcAPIException with the message that "Users.Note" is not a valid attribute name. The Users.Note field is defined as a field lookup and exists in the database (USR_NOTE), so I'm wondering what changed.
    Any ideas?Users.Note is not present in the entity definition for User entity (file /db/Users.xml in MDS).

  • How to call user fuction in select statement.

    hi,
    i am facing some problem.How to call user functions in select statement.please send me answer with example.
    Thanks
    Gopal

    Locations to Call User-Defined Functions
    • Select list of a SELECT command
    • Condition of the WHERE and HAVING clauses
    • CONNECT BY, START WITH, ORDER BY, and GROUP
    BY clauses
    • VALUES clause of the INSERT command
    • SET clause of the UPDATE command
    Restrictions on Calling Functions from SQL Expressions
    To be callable from SQL expressions, a user-defined
    function must:
    • Be a stored function
    • Accept only IN parameters
    • Accept only valid SQL data types, not PL/SQL
    specific types, as parameters
    • Return data types that are valid SQL data types,
    not PL/SQL specific types
    • Functions called from SQL expressions cannot
    contain DML statements.
    • Functions called from UPDATE/DELETE statements
    on a table T cannot contain DML on the same table
    T.
    • Functions called from an UPDATE or a DELETE
    statement on a table T cannot query the same table.
    • Functions called from SQL statements cannot
    contain statements that end the transactions.
    • Calls to subprograms that break the previous
    restriction are not allowed in the function.
    jeneesh                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  • How to create user defined functions in xi.

    how to create user defined functions in xi.
    can anyone give info with screen shots.

    Hi,
    Please follow the  steps mentioned in below link
    http://help.sap.com/saphelp_nw04/helpdata/en/f8/2857cbc374da48993c8eb7d3c8c87a/frameset.htm
    also refer below links to know more about UDF
    udf
    Thanks
    Swarup
    Edited by: Swarup Sawant on Mar 3, 2008 3:59 PM

  • Provision a Resource Object to Organization automatically in OIM 11g

    Hi All,
    How to provision a resource Object to Organizations automatically in OIM 11g.
    Can we use Access Policy for this , if not , is there any other way to solve this.
    Regards
    Edited by: 903745 on 31 May, 2012 1:40 AM

    Are you referring to creating an resource object (e.g. group) on the Organization itself (as opposed to users in that Organization) ? If so this can be done from a post-process event handler on the Organization object.

  • How to read User ID from the request Form and pre populating in the AD User process form before provisioning

    I am trying to read the user Id from the submitted AD User request form( Catalogue AD User form. I need User Id,firstname and lastname inorder to prepopulate the common name as in this format - lastname,firstname (userid)  for the user to be provisioned in Active Directory.
    So after filling the AD User request form with User Id and Organization and submitting the request, I am trying to
    prepopulate the common name in the process form before the provisioning.
    The prepopulate adopter for the common name is configured to read the firstname, lastname and userid. firstname and
    lastname variables are mapped to User definition and user Id is mapped to Process Data. In this setup I am not getting the
    User Id value from process data, it is empty.
    Is this a bug with OIM 11g R2 or I need to do it differently in order to read the user Id that user has entered in the
    request form for populating the common name?
    Thanks

    Ghulam Yassen wrote:
    How to get USER_ID and IP_AddressWhy exactly do you need this data and what do you plan to do with it?
    The data is not reliable and trustworthy. IP addresses can easily be spoofed (a few seconds if you know what to do and how to do it). Also, IP addresses are not static. Users also do not use the same network device to access the database - different devices will have different IP addresses.
    The o/s user on the client is supplied by the client driver. This can also be spoofed.
    The user can also use a virtualised device - which means that recording the IP and o/s user seen from the server side, is pretty much useless and meaningless.
    So if this data is intended to be used for auditing for example - it would be pretty suspect data to use for that purpose.

  • How can I provision users to SAP CUA with their passwords Disabled?

    I need to provision users to SAP CUA with their passwords disabled. How can I configure this if at all?
    Thanks!

    Thanks for the quick response. I am confirming with SAP team if its permission issue.
    Following is the snippet from JBOSS log:
    2009-04-14 11:06:26,659 INFO [STDOUT] Running SAP CUA Create User
    2009-04-14 11:06:26,659 INFO [XL_INTG.SAPCUA] createUser(): Create User Request
    2009-04-14 11:06:26,659 INFO [XL_INTG.SAPCUA] createUser(): userId :00000209, userGroup:,lastName:Employee 209,firstName:Last Name - 209,userTitle:0003,langComm:,department:,langLogIn:,timeZone:,telephone:,extension:,Fax:,email:,dateFormat:,decimalNotation:,function:,roomNo:,floor:,building:,code:,commType:,alias:,startMenu:,userType:,RoleProfile:,RoleProfileOption:Role
    2009-04-14 11:06:26,659 INFO [XL_INTG.SAPCUA] SAP CUA Create Connection Request
    2009-04-14 11:06:26,659 INFO [XL_INTG.SAPCUA] createCUAConnection(): START SAP Connection creation.
    2009-04-14 11:06:26,659 INFO [XL_INTG.SAPCUA] createCUAConnection(): SAP Connection creation successfull.
    2009-04-14 11:06:26,690 INFO [XL_INTG.SAPCUA] getStatus() :returnStructure:User 00000209 does not exist
    2009-04-14 11:06:26,690 INFO [XL_INTG.SAPCUA] getStatus() :Type:I
    2009-04-14 11:06:26,690 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:124
    2009-04-14 11:06:26,690 INFO [XL_INTG.SAPCUA] findUser(): User not exist in SAP CUA
    2009-04-14 11:06:26,690 INFO [XL_INTG.SAPCUA] createUser(): Create User Start
    2009-04-14 11:06:29,487 INFO [XL_INTG.SAPCUA] getStatus() :Mesage :User 00000209 created
    2009-04-14 11:06:29,487 INFO [XL_INTG.SAPCUA] getStatus() :Mesage Type:S
    2009-04-14 11:06:29,487 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:102
    2009-04-14 11:06:29,487 INFO [XL_INTG.SAPCUA] addRoleToUser():Add Role to User
    2009-04-14 11:06:29,753 INFO [XL_INTG.SAPCUA] getChildData() :getUserRoles method is Started
    2009-04-14 11:06:29,800 INFO [XL_INTG.SAPCUA] getUserRoles() :getUserRoles method End
    2009-04-14 11:06:30,128 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] Running RemoverTask
    2009-04-14 11:06:30,128 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, PassivatedCount=0
    2009-04-14 11:06:30,128 DEBUG [org.jboss.ejb.plugins.AbstractInstanceCache] removePassivated, now=1239725190128, maxLifeAfterPassivation=1200000
    2009-04-14 11:06:30,128 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, done
    2009-04-14 11:06:30,362 INFO [XL_INTG.SAPCUA] getStatus() :Mesage :Role assignment to user 00000209 changed
    2009-04-14 11:06:30,362 INFO [XL_INTG.SAPCUA] getStatus() :Mesage Type:S
    2009-04-14 11:06:30,362 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:048
    2009-04-14 11:06:30,362 INFO [XL_INTG.SAPCUA] Role added successfully to the user.
    2009-04-14 11:06:30,362 INFO [XL_INTG.SAPCUA] changePassword(): Change Password Start
    2009-04-14 11:06:31,284 INFO [XL_INTG.SAPCUA] getStatus() :Mesage :Password Not Allowed
    2009-04-14 11:06:31,284 INFO [XL_INTG.SAPCUA] getStatus() :Mesage Type:E
    2009-04-14 11:06:31,284 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:001
    2009-04-14 11:06:31,284 DEBUG [XL_INTG.SAPCUA] changePassword(): chanegPassword eventPassword Not Allowed
    2009-04-14 11:06:31,284 ERROR [XL_INTG.SAPCUA] changePassword():Change Password Error:Password Not Allowed
    2009-04-14 11:06:31,284 ERROR [XL_INTG.SAPCUA] createUser():ChangePassword error after user creation:SAP.PASSWORD_CHANGE_ERROR
    2009-04-14 11:06:31,284 ERROR [XL_INTG.SAPCUA] createUser():Deleting the User
    2009-04-14 11:06:31,284 INFO [XL_INTG.SAPCUA] deleteUser(): Delete User Start
    2009-04-14 11:06:32,222 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] Running RemoverTask
    2009-04-14 11:06:32,222 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, PassivatedCount=0
    2009-04-14 11:06:32,222 DEBUG [org.jboss.ejb.plugins.AbstractInstanceCache] removePassivated, now=1239725192222, maxLifeAfterPassivation=1200000
    2009-04-14 11:06:32,222 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, done
    2009-04-14 11:06:34,769 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] Running RemoverTask
    2009-04-14 11:06:34,769 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, PassivatedCount=0
    2009-04-14 11:06:34,769 DEBUG [org.jboss.ejb.plugins.AbstractInstanceCache] removePassivated, now=1239725194769, maxLifeAfterPassivation=1200000
    2009-04-14 11:06:34,769 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, done
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage :Role assignment to user 00000209 deleted
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage Type:S
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:090
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage :Role assignment to user 00000209 deleted
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage Type:S
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:090
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage :Role assignment to user 00000209 deleted
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage Type:S
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:090
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] deleteUser(): User deleted SUCCESSFUL
    2009-04-14 11:06:43,863 DEBUG [XL_INTG.SAPCUA] createUser(): 00000209:SAP.USER_CREATION_FAILED
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] closeCUAConnection(): START SAP Connection Close.
    2009-04-14 11:06:43,878 INFO [XL_INTG.SAPCUA] closeCUAConnection(): SAP Connection Close successfull.
    2009-04-14 11:06:43,925 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] Running RemoverTask
    2009-04-14 11:06:43,925 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, PassivatedCount=0
    2009-04-14 11:06:43,925 DEBUG [org.jboss.ejb.plugins.AbstractInstanceCache] removePassivated, now=1239725203925, maxLifeAfterPassivation=1200000
    2009-04-14 11:06:43,925 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, done
    2009-04-14 11:06:44,878 INFO [STDOUT] Running SAP CUA ADD ROLE
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] addRoleToUser() :Add Role
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] SAP CUA Create Connection Request
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] createCUAConnection(): START SAP Connection creation.
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] createCUAConnection(): SAP Connection creation successfull.
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] getStatus() :returnStructure:User 00000209 does not exist
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] getStatus() :Type:I
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:124
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] findUser(): User not exist in SAP CUA
    2009-04-14 11:06:44,878 ERROR [XL_INTG.SAPCUA] addRoleToUser() :User Id :00000209 not exist in target SAP system.
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] closeCUAConnection(): START SAP Connection Close.
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] closeCUAConnection(): SAP Connection Close successfull.

  • How a not provisioned user can write in a forum into my OCS?

    I explain you the problem. In Discussion Application i have created 4 Forums where 3 are only for provisioned users registered into my OCS and i would want to permit that people not registered can read a write topic into my 4th forum. I am the administrator and in the section setting i have setted this possibilty for my 4th forum. Now i would want to put in another site a link for this opened forum. What i have to do? In which kind not registered users can see my forum?
    Please help me. Bye George

    Hi George,
    As far as I know there is no way to "pass in" user credentials to SSO in the URL. The URL you provide will just be for the discussions application(/discussions/app for example) and users will be automatically redirected to login to SSO first. What I meant by "distribute the username/credentials along with the URL" was that you'd have to describe to users how they'd go about logging into the discussions applications through SSO using the guest user and the password which you'll have to supply to them.
    Please bear in mind that once users are given the credentials for the guest user that they will be able to login to other applications as well. For example, the users will be able to login to the Mail application and send e-mails. Also, depending on Workspaces settings they may be able to create new workspaces, lookup other users in the system and invite others to join the workspace, etc.
    So essentially the implication is that there are other consequences that you must keep in mind when deciding to give out the credentials to the user. In general, given these security concerns, I wouldn't recommend distributing the username and password of any user to anyone.
    Regards,
    Dave

  • How to de-provisions user's resource when the user is disable ?

    When a user is disable in OIM, I would like OIM to de-provisions all the user's resources.
    Is it possible to do it and how to do it ?

    Hi Deborah,
    I have tried the following configuration, but i am unable to de-provision the resource for the user. The Delete User task is not getting called. Here are the steps that i have followed.
    1) Created a Disable User task with conditional checked and Task Effect as Disable.
    2) Added a adapter to it, and in the response tab added a new response COMPLETE (adapter will be returning COMPLETE) and given the status for the response as Cancelled.
    3) In the Undo/Recovery tab, added the Delete User task.
    4) In the Task to Object status mapping, given Revoked for Object status for the Cancelled status.
    As per the OIM document the Undo tasks are triggered when the current process task status is Cancelled, but still i found that the undo task is not getting triggered. I have made both Disable and Delete User task as conditional. Also i have added the Delete User task under Undo/Recover tab of Create User task. Can you tell me why the Delete User task is not getting called. Here the user is also not getting deleted from OIM.
    Also all the tasks in the resource object are showing the status as Cancelled.
    I have created a simple Mobile Phone resource object and done all these steps. Can you tell what went wrong. If i directly deleted the user from Admin console the Delete User task is getting called and user is also getting deleted.

  • How to provision multiple AD Accounts to a single User Profile in OIM

    Hi,
    We are using OIM 11g R2. We have implemented AD Provisioning/Reconciliation using Active Directory 11g Connector.
    The correlation rule for linking AD accounts with OIM during target recon is set as “Email ID”
    We have some business requirement where we want to provision multiple AD Accounts to a single User Profile in OIM.
    Issue we are facing:
    Suppose we have USERID1 in OIM which has email id as USERID1@ XYZ.COM .
    After that we have provisioned sAMAccountName=USERID1 (Email ID as USERID1@ XYZ.COM )& sAMAccountName=USERID2 (Email ID as [email protected]) to the user User Login = USERID1 in OIM.
    Both the AD User accounts can be seen as provisioned.
    After we run the AD Target Recon, the target recon is failing because of “Multiple Process Matches Found” issue.
    Question here is:
    Is it possible to maintain/manage multiple AD Accounts (Same AD is used for all the multiple AD Accounts) to a single OIM profile user ?
    Regards,
    J

    Hi,
    We have seen its working and linking multiple accounts when we have Key field as "User ID" in the Process Defn & RO and the recon matching rule has email ID as the matching rule.
    Please suggest, if we are having the above kind of rule/config...will it not cause any issue?
    Regards,
    J

Maybe you are looking for