IPlanet User Trusted Recon

I've deployed iPlanet connector in OIM 11g.
Executed scheduler iPlanet User Target Recon. users are reconciled.
Bt when I try to execute iPlanet User Trusted Recon, no users are getting reconciled and even no events are generated.
For the scheduler iPlanet User Trusted Recon, the parameter Trusted Resource Object is Xellerate Users.
So for Xellerate Users RO, do I need to
add recon fields,
add recon action rules,
map recon fields in process def
and create recon rule
Is this the way to follow or is there something else I am missing....

Did you import "iPlanetXLResourceObject.xml" ?
Check Connector Guide (2.3.1.6 Configuring Trusted Source Reconciliation), it will ask you to perform some more steps for Trusted Recon.

Similar Messages

  • Need help in OID user Trusted recon

    Hi all,
    I am using oim9.1.0.1,oid 9.0.4.7.
    When i run the OID user trusted recon it is bringing users based on pagesize.The problem is if i set the page size as 100 then it brought 98 users where as i have 30000 users in my OID.When i set the page size to 1000 it brought 998 users and ended the process.what i didn't understand is why it is not looping again and not bringing all my 30000 records.
    regards,
    Rajesh.

    Hi All,
    I ran the OID trusted recon which brought most of my records from OID.Now i got a requirement to rerun the scheduler one more time,but this time it is not picking the records which it already brought. I changed the recontimestamp to 0 but then also it didn't brought all the records.
    Can anyone help me of how i can rerun the trusted recon again which will bring all my records.
    Regards,
    Rajesh

  • Auto Assign Organization - AD User Trusted Recon

    Hi,
    I am running a AD User trusted recon against a 2008 AD-DC.
    AD Lookup Organizatoin recon doesn't work as it is a bug in OIM 11.1.1.3.0
    I need to logically group the users into organizations in OIM.
    For e.g., IF USER ATTRIBUTE IN AD Company = ABC, on recon the user should be created in OIM under Organization ABC
    IF USER ATTRIBUTE IN AD Company = XYZ, on recon the user should be created in OIM under Organization XYZ
    I have the exhaustive list of organizations being created in OIM.
    Please let me know.
    Thanks,
    KJJ1983
    Edited by: kjj1983 on Jan 8, 2012 2:16 AM

    Not sure what lookup recon bug you are talking about in OIM 11.1.1.3, if you say that organization lookup does not work in 11.1.13 then effectively AD Trusted recon would not work in 11.1.1.3.
    I can understand that since the pre-populate does not work, thus you cannot put any values in the user create HashMap. Thus if that is the case an if you want the organization in OIM should be computed based on user attribute in AD, then you can probably use the transformation class to calculate the same.
    Doc: http://docs.oracle.com/cd/E11223_01/doc.910/e11197/extnd_func.htm#BGBBBCGE
    -Bikash

  • Avoid certain ou containers during AD User Trusted recon

    All,
    Is there any way to not synchronize users from certain containers (such as cn=users on the AD side) during AD User Trusted Recon.
    thanks in advance.
    Prasad.

    yes, why not try below
    1. update "search base" in trusted recon scheduled task as perticular OU or any individual container
    2. there is a search filter attribute in scheduled task where you can put expression
    regards,
    nayan

  • Trusted Recon: LDAP

    Hi Experts,
    I am doing trusted recon with LDAP and everything is fine.
    1. While doing trusted recon i have to give organization name in the 'iPlanet Trusted User Recon' scheduled job. (say user in 'Temp' org)
    2. After that Another scheduler would run and update the user's organization (now user in 'Org1')
    3. If i run the trusted recon with some changes, user is again moved back to 'Temp'. This moving of user I don't want.
    Any suggestions? any approach?
    I thought of writing some post process event handler after user update to move back to old org. Does it recommendable?
    Please give your iinputs.
    Thanks

    Not recommended because in that case it will raise the reconciliation event again... So, this back forth will happen at every recon cycle...
    Trusted Recon will give it TEMP... Scheduler will give it ORG1... Next Recon will again give it TEMP... Scheduler will give it ORG1...
    Better map ORG1 in the 'iPlanet Trusted User Recon itself...
    Post Process Event Handler approach won't be necessary then... However, yes, if on the basis of some attribute it could be decided that this TEMP org is given by the 'iPlanet Trusted User Recon in the first attempt and the Post Process Event Handler won't do anything... And then when the scheduler again gives it ORG1.... Next time again the 'iPlanet Trusted User Recon will give it TEMP... This time the Post Process Event Handler should change it back to ORG1... However it would be quite inefficient design... Better map ORG1 in the Trusted Recon itself... Don't use TEMP at all.....
    In iPlanet User Trusted Recon Task, Organization scheduler variable, provide ORG1...

  • Urgent: Please help: Trusted recon - Sun LDAP - timeout

    Hi Experts,
    I am doing trusted reconciliation with sun ldap using oim 11.1.1.5 bp4.
    LDAP system has around 3 lakh users. so i am planned to do trusted recon in 5 or 6 intervals to get around 50K records each time.
    i tested for 1000 users - no timeout is happening and all users are created perfectly using trusted recon
    when i run for 25K users, i am getting timeout excception below,
    1. It is searching and listing the users, (please chck time)
    recon.schedule.tasks.tcTskIPlanetUserReconciliation : countRecord() : Before search time: Tue Oct 09 13:24:41 KST 2012
    recon.schedule.tasks.tcTskIPlanetUserReconciliation : countRecord() : TotalRecords from LDAP: 22882
    recon.schedule.tasks.tcTskIPlanetUserReconciliation : countRecord() : After search time: Tue Oct 09 15:54:42 KST 2012
    2. Timeout exception
    recon.schedule.tasks.tcTskIPlanetUserReconciliation : pagingBatchingReconciliation() : The searchBase is: ou=XX,ou=XX,o=XX
    pagingBatchingReconciliation() : Problem searching directory: javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]; Remaining name: ou=XX,ou=XX,o=XX
    In iPlanet User Truseted Recon I gave,
    Abandoned connection timeout - 108000 (seconds)
    Connection pooling supported - false
    Connection wait timeout - 60 (seconds)
    LDAP Connection TimeOut - 3000 (seconds)
    Inactive connection timeout - 60 (seconds)
    Above parameters are good for more than 25K users?
    Please help me...
    Thanks..

    They look good...
    Try to use Connection pooling too if possible...
    Abandoned connection timeout - 108000 (seconds)
    Connection pooling supported - true
    Connection wait timeout - 60 (seconds) --> Increase it to say 90 (seconds)
    LDAP Connection TimeOut - 3000 (seconds) --->
    Inactive connection timeout - 60 (seconds) --> Increase it to 600 (As the default value in the LDAP Server IT Resource Type Definition)
    Alternatively You can rather break your chunks in 20000 records because you are able to fetch 22882 records successfully....

  • Active Directory Trusted Recon ends with NullPointerException

    Hi,
    I have installed  OIM 11.1.2.2.0 and AD connector version: ActiveDirectory 11.1.1.6.0. when i run "Active Directory Group Lookup Recon", I can see the groups created in "Lookup.ActiveDirectory.Groups". But when I tried to do "Active Directory User Trusted Recon" OIM given below error. I attached ITResource and Scheduler configurations.
    Any help is greatly appreciated.
    [2015-04-29T21:20:40.816+05:30] [oim_server1] [ERROR] [] [] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: eefe7b19b2a021e0:6c7958f0:14d05d5c757:-8000-000000000000009d,0] [APP: oim#11.1.2.0.0] [DSID: 0000Ko5qWtjFW7WFLz6UOA1LGFhL000004] Failed to communicate with any of configured Access Server, ensure that it is up and running.
    [2015-04-29T21:20:40.863+05:30] [oim_server1] [NOTIFICATION] [] [oracle.iam.features.scheduler.agentry.operations] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: eefe7b19b2a021e0:6c7958f0:14d05d5c757:-8000-000000000000009d,0] [APP: oim#11.1.2.0.0] [DSID: 0000Ko5qWtjFW7WFLz6UOA1LGFhL000004] [[
    java.lang.NullPointerException
      at java.io.ByteArrayInputStream.<init>(ByteArrayInputStream.java:89)
      at oracle.iam.scheduler.vo.JobHistory.getExceptionObject(JobHistory.java:123)
      at oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1277)
      at oracle.iam.features.scheduler.agentry.operations.LookupActor.refresh(LookupActor.java:3069)
      at oracle.iam.features.scheduler.agentry.operations.LookupActor.receiveEvent(LookupActor.java:3056)
      at oracle.iam.consoles.faces.mvc.canonic.Model.handleIntent(Model.java:975)
      at oracle.iam.consoles.faces.mvc.canonic.Controller.doHandleIntent(Controller.java:533)
      at oracle.iam.consoles.faces.mvc.canonic.Controller.doSelectAction(Controller.java:204)
      at oracle.iam.consoles.faces.event.NavigationListener.processAction(NavigationListener.java:99)
      at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
      at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXComponentBase.java:748)
      at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:179)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:93)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:371)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:97)
      at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:104)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:93)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:371)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:97)
      at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:98)
      at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475)
      at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756)
      at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:957)
      at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:427)
      at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:207)
      at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
      at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
      at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
      at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
      at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:128)
      at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
      at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
      at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
      at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
      at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
      at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:112)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
      at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
      at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
      at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
      at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
      at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:265)
      at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:133)
      at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
      at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
      at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
      at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
      at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
      at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
      at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
      at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
      at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

    I believe suddenly after running use cases related with target recon, you are trying to run trusted recon.
    Make sure you update the following value in IT Resource whenever u run it for trusted recon:
    Configuration Lookup
    This parameter holds the name of the lookup definition that stores configuration information used during reconciliation and provisioning.
    If you have configured your target system as a target resource, then enterLookup.Configuration.ActiveDirectory.
    If you have configured your target system as a trusted source, then enterLookup.Configuration.ActiveDirectory.Trusted.
    Default value: Lookup.Configuration.ActiveDirectory
    http://docs.oracle.com/cd/E22999_01/doc.111/e20347/deploy.htm#BABGFCFE
    ~J

  • Issue with OIM AD Trusted Recon

    Hi All,
    I am using OIM 11g BP05 and Active Directory Connector 11.1.1.5.0 version.
    While running the Active Directory User Trusted Recon, I am getting below exception in logs:
    <Dec 17, 2012 12:36:08 PM PST> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.RECON.SEARCHRECONTASK> <BEA-000000> <oracle.iam.connectors.icfcommon.recon.SearchReconTask : handle : Recon event skipped>
    <Dec 17, 2012 12:36:09 PM PST> <Error> <oracle.iam.reconciliation.impl> <IAM-5010000> <Generic Information: {0}
    oracle.iam.reconciliation.exception.InvalidDataFormatException: Required column name RECON_RECON_OBJECTGUID and value does not exist
         at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.checkRequiredColValue(ReconOperationsServiceImpl.java:1918)
         at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.convertReconFieldsToOIMFields(ReconOperationsServiceImpl.java:1506)
         at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:371)
         at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:356)
         at Thor.API.Operations.tcReconciliationOperationsIntfEJB.ignoreEventx(Unknown Source)
         at sun.reflect.GeneratedMethodAccessor1393.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
         at java.lang.reflect.Method.invoke(Method.java:611)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
    I have already added the field RECON_OBJECTGUID in the RO and mapped it in Process Definition and also created the reconcilliation profile. I don't know why it's looking for RECON_RECON_OBJECTGUID. I tried creating this column too in RO and did all the mapping and after that, its give the same error but column name is now RECON_RECON_RECON_OBJECTGUID.
    Any pointers on this issue?
    Regards,
    Sunny
    Edited by: delhi on Dec 17, 2012 3:02 PM

    My Mistake, I was making RECON_OBJECTGUID as requiered field.

  • OIM - iPlanet User Recon

    I am using OIM 9.1 connectors. I was trying to reconcile users from iPlanet.
    The following are the details from Task Scheduler ( iPlanet User Recon Task)
    IsIPlanetTarget     true
    TrustedSource     false
    Role     Contractor
    Organization     Xellerate Users
    ITResourceName     iPlanet User
    ResourceObjectName     Xellerate Users
    XLDeleteUsersAllowed     true
    UserContainer     ou=People,dc=test,dc=com
    NumberOfBatches     All Available
    BatchSize     0
    StartRecord     1
    Xellerate Type     End-User Administrator
    And when I check my Reconiliation Manager I see the status as "Event received" for Xellerate User and "No Match Found" for iPlanet User.
    And in one of the form USR_IPNT_RL
    I have given a default value for USR_IPNT_RL_Role_Name : Contractor
    And also i have checked the mapping in Resource Object , Process Definition for Xellerate Users
    Thanks in advance.

    First of all I see some initial problems here:
    1) looks like you are trying to run a trusted recon but the value in your scheduled task attribute Trusted Source is set to false.
    2) Role must be set to "Consultant" In ootb create user form there is no role as "Contractor"
    3) I think IsIplanetTarget must be set to False. (i think thats for app recon)
    Have you also defined owner matching rules i nthe design console. also you need to set the recon action rule as No match found-> create User.
    One entity Match found->establish link
    Message was edited by:
    user621551
    Message was edited by:
    user621551

  • OIM 11 - Trusted Recon creates random number of users in "disabled" state

    We are on OIM 11.1.1.5 with LDAP sync enabled to OID 11.
    When creating users from trusted recon, we get a random number of users always created as "disabled". The recon event details shows orchestration:*create* and orchastration:*Enabled*. However Enable orchestration events show compensated or failed. And the user gets created in OIM as "disabled".
    We have turned on the loggings for Trusted recon. But do not see any error for these specific number of users.
    Has anyone seen this kind of behavior?
    Thanks in advance for your answer!
    MBiswal

    I've seen this before if the user is created with a blank password. Run a select * from usr where usr_login='BARBERDW'; and validate that usr_password is not blank. It should be filled in with an encrypted value. If not, you need to look at your process handlers for setting this value.

  • One fundamental question: When users gets ceated in IDM from trusted recon

    I have a very basic question which I am not able to understand.
    When user accounts gets created in IDM from trusted recon, then the trusted recon resource object is not displayed in resource profile page of the user account. If we want to see whether the user account was created through trusted source or by manually by admin, then where can we see that?
    This information is stored anywhere in IDM DB which will distinguish user accounts created through trusted recon and those created manually in IDM?
    Please let me know if you are not able to understand my question.
    Thanks,
    Kalpana.

    You may be able to use the USR_CREATEBY field in the database. For an admin created user this should contain the USR_KEY value of the admin who created the user. I think for a reconciliation created user it may contain the USR_KEY of the OIMINTERNAL user.

  • Few users getting reconciled after running trusted recon

    Hi Experts,
    i ran a trusted recon for a particular Active Directory search base and it reconciled only 6 out of some 50 odd users. I checked if the remaininig users are already present in OIM, which they are not. I checked all the parameters and they look fine. Please kindly guide me on some pressure points to check for errors.
    Thank you for your time.

    Verify data of your users. Check reconciliation events, if they generated for all users. That would give you some idea. Click on re-evaluate button there to relink that specific user. Also make sure xlReconbatchsize system property is set to 500(by default). Also make sure (if this is cusomt code), bulk execute method of your schedule task is implemented properly.
    If nothing is clear, put logs here.
    regards,
    GP

  • Not getting all the attributes value from Trusted Recon in eventhandler

    Hi,
    I am not getting the values of all the attributes in hashmap from Trusted recon in eventhandler.
    Following is the hashmap value I am getting :
    Parameter Hashmap value is {re_key=1869, Email=[email protected], Role=Full-Time, act_key=22, User Login=TUser43, Xellerate Type=End-User, Last Name=User43, First Name=Test}
    Please let me know how to get all the attributes value in eventhandler. I need to take some decisions based on these attributes.
    Thanks

    You should be getting all the values in the recon event.
    To get the current user states for all the records in the bulk event use this:
    Identity[] currentUserStates = (Identity[]) eventDataHashMap.get("CURRENT_USER");
    Now when you are looping through your bulkParametersp[], you can use the same get from the currentUserStates:
    Identity currentUser = null;
    currentUser = currentUserStates[counter];
    Now if the attribute is not in your hashmap, you can use:
    currentUserState.getAttributes().get(attribute)
    -Kevini

  • Getting error in trusted recon from DB in oim 11g

    Hi,
    I am getting below error while running the trusted recon from DB in OIM 11g:
    [2013-12-25T23:27:33.033-08:00] [oim_server1] [ERROR] [] [oracle.iam.reconciliation.impl] [tid: OIMQuartzScheduler_Worker-7] [userId: oiminternal] [ecid: 0000KCGU85V2ZNK5qVCCyY1Ih5WC000002,1:21446] [APP: oim#11.1.2.0.0] Generic Information: {0}[[
    oracle.iam.reconciliation.exception.ReconciliationException: Exception occurred while inserting data into table RA_HRRECONTEMPROSS_GTC due to java.sql.SQLException: ORA-12899: value too large for column "IDAMPOC_OIM"."RA_HRRECONTEMPROSS_GTC"."RA_SERVICE_DT" (actual: 10, maximum: 7)
            at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl$1.process(ReconOperationsServiceImpl.java:429)
            at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl$1.process(ReconOperationsServiceImpl.java:407)
            at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
            at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
            at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
            at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
    Caused by: oracle.iam.platform.entitymgr.ProviderException: java.sql.SQLException: ORA-12899: value too large for column "IDAMPOC_OIM"."RA_HRRECONTEMPROSS_GTC"."RA_SERVICE_DT" (actual: 10, maximum: 7)
            at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:305)
            at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:241)
    Service date is a varchar field(VARCHAR 2 BYTE) in our trusted table. Its mapped to service date field in OIM 11g which is of type date.
    Please let me know if I need to change the field type in our trusted table.
    Note: The same configuration is working fine in OIM 9.x.
    Regards,
    Kalpana.

    Now, i went into IDM schema & altered date fields to VARCHAR2(30 CHAR) for all the date type attributes. Now, when I ran schedule job is worked fine and didnt got any errros. But now the trusted recon is not creating users. I dont know why users are not getting created. Can you please let me know which all things should be checked to make a recon a trusted recon so that it creates users.
    Thanks,
    Kalpana.

  • [OIM 9.1.0.2] Trusted Recon Workaround

    Hi all,
    IHAC that uses a GTC (Flat file) for trusted recon.
    The generated file for reconciliation brings entries of actives and inactives users (So, the expected result is User Creation, User Update and User Disabling).
    AFAIK, the User Definition Fields has some fields defined per defualt as mandatory. For some entries, the effect expected was the user to be disabled (in the case of inactive user), but like sometimes, the generated file has some entries with those mandatory fields in blank or invalid value, so those entries are not reconciliated and the user is not disabled. This is causing a security issue, since access and permission of the users are not revoked.
    Customer request: During trusted recon, the OIM should ignore the mandatory field just for inactive users (there is a field that define this status).
    My question:
    1) Can I achieve this requirement in OIM? Would this a trouble even by customization? Let me know your thought.
    2) Is it possible to turn those fields as 'not-required' in a native manner?
    I would appreciate any help on this.
    Regards,

    Use Transformation to achieve this...
    Following link will be helpful regarding Transformation
    Pre-Computations in OIM 11gR2
    In case of mandatory attributes in the custom Transformation:-
    (1) Use Status flag to determine InActive users
    (2) Obtain by using OIM API current values of those Mandatory fields...
    (3) Return the same value... This means ignoring the mandatory values...

Maybe you are looking for

  • How do you get your Excel Solver back? I have already tried going into add-ins. It only recently stopped working.

    How do you get your Excel Solver back? I have already tried going into add-ins. It only recently stopped working.

  • How to create a shortcut and/or how to link a file into the applicatio​n/download folder

    I would like to link a generic button of the keyboard to a file (xls, or multimedia or...) or to an application. Is it possible? I see that is possible to create a link only to a contact! I'm also interested in moving/link some executable files (like

  • Problem with calender?

    I have 2 questions about creating calender : 1- when I create a calender and add it to my main page as a portlet ,I noticed that when i click on the next button on the calender protlet to view the next page ,the next page is viewed on my whole page ,

  • 12c - plsql function in with clause

    Hi all I'm mucking around with 12c: SQL> select *   2    from v$version; BANNER                                                                               CON_ID Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production         

  • Loose dock connector in 2nd gen iPod touch

    My iPod touch (2nd gen) won't charge because the dock connector is loose. I have two connector plugs, both work fine with my iPod nano. But neither works with my iPod touch. The connection feels loose. When I examined the connector in the iPod touch