LDAP SYNC without OID

Similar Messages

• LDAP sync issues.

  In our environment we have OIM 11.1.1.3 and we have enabled LDAP sync with OID. Any user created on OIM is getting synced to OID. The problem is when we are making any changes to the attributes of the users or deleting a user the changes are reflected only to the entries which are under an OU. But all the users synced from OIM to OID are entering under a CN for eg- cn=Users. If someone can help or give proper pointers or guidance so that we can sync users to respective ou's ?

  I've had the same problem in configuring ODSEE.
  Since ldapadd doesn't exist, we had to use ldapmodify.
  You have two choices:
  a. change all of the *.ldif files and put them into the ldapmodify format
  b. add the *"-a"* to the command line, such as
  ldapmodify -h <host> -p <port> -D cn="Directory Manager" -w <password> -a -f iPlanet7_user_index_add_generic.ldif
  This assumes that you've followed the instructions and figured out what the nsslapd-backend value is -- lets say abc. You then have to edit iPlanet7_user_index_add_generic.ldif and wherever you see *<index-root>,* replace it with *"cn=index,cn=abc,cn=ldbm database,cn=plugins,cn=config"*
  The instructions state you have to extend the ODSEE using the following:
  iPlanet7_user_index_add.ldif OR iPlanet7_user_index_generic.ldif
  iPlanet7_oam_pwd_schema_add.ldif
  iPlanet7_user_index_add.ldif
  iPlanet7_user_schema_add.ldif
  It appeared that changes to the sunOne schema that you should have loaded before you started extending ODSEE for OAM (creating Users, Groups, Reserve), doesn't contain userRoot which is required for iPlanet_user_index_add.ldif

• LDAP sync is not updating any changes/deletion ?

  In our environment we have OIM 11.1.1.3 and we have enabled LDAP sync with OID. Any user created on OIM is getting synced to OID. The problem is when we are making any changes to the attributes of the users or deleting a user the change are not getting reflected back to OID. If someone can help or give proper pointers or guidance so that we can have a fully functional sync ?

  When you delete a user, they only get disabled.  There is a task called "Delayed Delete User" which will delete based on the value in the system configuration value "Period to Delay User Delete".  Try configuring this to 0 and then running the scheduled task to see if it deletes.
  For the attributes not being propagated, check the /db/LDAPUser file to see if the mappings exist for the attributes you are modifying.  In R1, there is the script which i have mentioned in this post, https://forums.oracle.com/message/10354064, for adding and removing mappings.
  -Kevin

• OIM 11g LDAP sync from different LDAP containers

  Hi,
  I have been setting up OIM 11g R2 (11.1.2) to use LDAP Sync to OID.
  As of now the sync works (both ways) for this container:
  cn=users,cn=oracleAccounts,dc=mycompany,dc=com (configured while doing the OIM config)
  Would it be possible to sync users in other containers as well? For example:
  cn=users,cn=otherAccounts,dc=mycompany,dc=com
  cn=users,cn=moreAccounts,dc=Otherstuff,dc=com
  By editing the file LDAPContainerRules.xml I can setup where the users are created when I create them through IDM.
  But that will not make the sync work for those containers.
  Any ideas where I should start to accomplish the above?
  Thanks & Regards,
  Henrik

  Okay, I think I have found an answer to how to sync users from different OU:s in my OID to different OIM organizations.
  Hopefully this will help others.
  We can use a PostProcess Event handler like this:
  1. Implement the method --> public BulkEventResult execute()
  This is used during recon actions.
  2. Get the user hashmap with attributes and set the "act_key" value with the OIM organizations ID.
  You also needs to build the logic to fetch the users "LDAP DN", which is also fetched from the map.
  From that attribute we can decide which Organization to put the user in.
  This is the best solution we have found yet..
  Docs & tips:
  http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#CCHFBGAA
  http://fusionsecurity.blogspot.se/2011/09/oim-11g-event-handler-example.html (thank you Daniel Gralewski)
  Regards,
  Henrik

• OIM and ldap sync

  I am using OIM 11gR2 and OID 11.1.1.6. Users and groups will be in OID, and OIM is
  required to do the provisioning of users. Plan is to use ldap sync between oid and oim.
  With ldap sync, all users will be available in OIM. And then in OIM can one do the
  provisioning of users. Is this approach ok? Or should we have OID connector? Or both?

  You can use LDAP Sync between OIM and OID. You dont need OID connector in this case.
  More here...
  Why would you use the LDAP Sync instead of the OID Connector?
  http://fusionsecurity.blogspot.com/2012/01/oim-11g-ldap-synchronization.html

• Problem OIM OID Ldap Sync Configuration in 11g.

  Hi Team,
  I am doing OIM and OID LDAP Sync configuration There It is failed in "Configuration Process" Step.
  and also in weblogic OIM Maganaged server in ADMIN mode not in running mode.
  please find the both logs.
  *********************************Weblogic Logs**********************************************
  Enter username to boot WebLogic server:weblogic
  Enter password to boot WebLogic server:
  <28-Sep-2012 14:07:44 o'clock BST> <Info> <Management> <BEA-141107> <Version: We
  bLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
  <28-Sep-2012 14:07:47 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
  r state changed to STARTING>
  <28-Sep-2012 14:07:47 o'clock BST> <Info> <WorkManager> <BEA-002900> <Initializi
  ng self-tuning thread pool>
  <28-Sep-2012 14:07:48 o'clock BST> <Notice> <Log Management> <BEA-170019> <The s
  erver log file E:\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim
  server1\logs\oimserver1.log is opened. All server side log events will be writ
  ten to this file.>
  28-Sep-2012 14:07:56 oracle.security.am.common.nap.util.NAPLogger log
  SEVERE: Failed to communicate with any of configured Access Server, ensure that
  it is up and running.
  <28-Sep-2012 14:07:57 o'clock BST> <Notice> <Security> <BEA-090082> <Security in
  itializing using security realm myrealm.>
  <28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
  r state changed to STANDBY>
  <28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
  r state changed to STARTING>
  <28-Sep-2012 14:08:20 o'clock BST> <Warning> <oracle.jps.upgrade> <JPS-06003> <C
  annot migrate credential folder/key ADF/anonymous#oimBpelCredKey.Reason oracle.s
  ecurity.jps.service.credstore.CredentialAlreadyExistsException: JPS-01007: The c
  redential with map ADF and key anonymous#oimBpelCredKey already exists..>
  <28-Sep-2012 14:08:21 o'clock BST> <Warning> <oracle.adf.share.ADFContext> <BEA-
  000000> <Automatically initializing a DefaultContext for getCurrent.
  Caller should ensure that a DefaultContext is proper for this use.
  Memory leaks and/or unexpected behaviour may occur if the automatic initializati
  on is performed improperly.
  This message may be avoided by performing initADFContext before using getCurrent
  To see the stack trace for thread that is initializing this, set the logging lev
  el of oracle.adf.share.ADFContext to FINEST>
  <28-Sep-2012 14:08:24 o'clock BST> <Error> <Deployer> <BEA-149205> <Failed to in
  itialize the application 'oim [Version=11.1.1.3.0]' due to error oracle.iam.plat
  form.utils.OIMAppInitializationException:
  OIM application intialization failed because of the following reasons:
  oim-config.xml was not found in MDS Repository.
  Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
  Password for OIMSchemaPassword is not seeded in CSF.
  Password for xell is not seeded in CSF.
  Password for DataBaseKey is not seeded in CSF.
  Password for JMSKey is not seeded in CSF.
  Password for .xldatabasekey is not seeded in CSF.
  Password for default-keystore.jks is not seeded in CSF.
  Password for SOAAdminPassword is not seeded in CSF.
  oracle.iam.platform.utils.OIMAppInitializationException:
  OIM application intialization failed because of the following reasons:
  oim-config.xml was not found in MDS Repository.
  Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
  Password for OIMSchemaPassword is not seeded in CSF.
  Password for xell is not seeded in CSF.
  Password for DataBaseKey is not seeded in CSF.
  Password for JMSKey is not seeded in CSF.
  Password for .xldatabasekey is not seeded in CSF.
  Password for default-keystore.jks is not seeded in CSF.
  Password for SOAAdminPassword is not seeded in CSF.
  at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
  pInitializationListener.java:145)
  at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
  un(BaseLifecycleFlow.java:282)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
  dSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
  120)
  at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
  rAction.invoke(BaseLifecycleFlow.java:199)
  Truncated. see log file for complete stacktrace
  Caused By: oracle.iam.platform.utils.OIMAppInitializationException:
  OIM application intialization failed because of the following reasons:
  oim-config.xml was not found in MDS Repository.
  Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
  Password for OIMSchemaPassword is not seeded in CSF.
  Password for xell is not seeded in CSF.
  Password for DataBaseKey is not seeded in CSF.
  Password for JMSKey is not seeded in CSF.
  Password for .xldatabasekey is not seeded in CSF.
  Password for default-keystore.jks is not seeded in CSF.
  Password for SOAAdminPassword is not seeded in CSF.
  at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
  pInitializationListener.java:145)
  at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
  un(BaseLifecycleFlow.java:282)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
  dSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
  120)
  at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
  rAction.invoke(BaseLifecycleFlow.java:199)
  Truncated. see log file for complete stacktrace
  >
  <28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
  ttribute was not found in element application in the deployment descriptor in E:
  \Oracle\Middleware\Oracle_IDM1\server\apps\spml-xsd.ear/META-INF/application.xml
  . A version attribute is required, but this version of the Weblogic Server will
  assume that the JEE5 is used. Future versions of the Weblogic Server will reject
  descriptors that do not specify the JEE version.>
  <28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
  ttribute was not found in element application in the deployment descriptor in E:
  \Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim_server1\tmp\_WL_
  user\spml-xsd\s8d2b9/META-INF/application.xml. A version attribute is required,
  but this version of the Weblogic Server will assume that the JEE5 is used. Futur
  e versions of the Weblogic Server will reject descriptors that do not specify th
  e JEE version.>
  <28-Sep-2012 14:08:24 o'clock BST> <Emergency> <Deployer> <BEA-149259> <Server '
  oim_server1' in cluster 'OIM_Cluster' is being brought up in administration stat
  e due to failed deployments.>
  Loading xalan.jar for XPathAPI.
  14:08:30 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
  (self-tuning)'] -
  ----------------- NEXAWEB SERVER LICENSE ------------------
  - Customer ID : 122
  - License type : Enterprise
  - Max unique IPs : unlimited
  - Max XUL sessions : unlimited
  - Max CPUs/server : unlimited
  - Clustering allowed : true
  - Expiration date : none
  Nexaweb Technologies Inc.(C)2000-2004. All Rights Reserved.
  Nexaweb Technologies Inc.
  10 Canal Park
  Cambridge, MA 02141
  Tel: 617.577.8100. Email: [email protected]
  14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
  (self-tuning)'] - Clustering is OFF.
  14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
  (self-tuning)'] - Servlet Engine: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PD
  T 2011 1398638 Oracle WebLogic Server Module Dependencies 10.3 Thu Mar 3 14:37:5
  2 PST 2011 Oracle WebLogic Server on JRockit Virtual Edition Module Dependencies
  10.3 Thu Feb 3 16:30:47 EST 2011
  14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
  (self-tuning)'] - Servlet API Version: 2.5
  14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
  (self-tuning)'] - Nexaweb Server Info = Nexaweb Server 3.3.1072
  14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
  (self-tuning)'] - Nexaweb Server initialized successfully.
  <28-Sep-2012 14:08:34 o'clock BST> <Notice> <Log Management> <BEA-170027> <The S
  erver has established connection with the Domain level Diagnostic Service succes
  sfully.>
  <28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000197> <Listening fo
  r announcements from cluster using unicast cluster messaging>
  <28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000133> <Waiting to s
  ynchronize with other running members of OIM_Cluster.>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
  ult[2]" is now listening on 127.0.0.1:14000 for protocols iiop, t3, CLUSTER-BROA
  DCAST, ldap, snmp, http.>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
  ult[3]" is now listening on 0:0:0:0:0:0:0:1:14000 for protocols iiop, t3, CLUSTE
  R-BROADCAST, ldap, snmp, http.>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
  ult[1]" is now listening on fe80:0:0:0:0:5efe:a2f:f22a:14000 for protocols iiop,
  t3, CLUSTER-BROADCAST, ldap, snmp, http.>
  <28-Sep-2012 14:09:04 o'clock BST> <Warning> <Server> <BEA-002611> <Hostname "UK
  SHWTOAP03A.skandia.co.uk", maps to multiple IP addresses: 10.47.242.42, 0:0:0:0:
  0:0:0:1>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
  ult" is now listening on 10.47.242.42:14000 for protocols iiop, t3, CLUSTER-BROA
  DCAST, ldap, snmp, http.>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000330> <Start
  ed WebLogic Managed Server "oim_server1" for domain "IAM_domain" running in Prod
  uction Mode>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
  r state changed to ADMIN>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000360> <Serve
  r started in ADMIN mode>
  **********************************OIM OID Ldap Sync Configuration Logs****************************
  [2012-09-28T14:49:11.171+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
  [OIM_CONFIG] Updating Ldap Sync Configuration
  [2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] ENTRY
  [2012-09-28T14:49:11.171+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] Create the Database connection
  [2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: createDBConnection] ENTRY
  [2012-09-28T14:49:11.296+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] isLIBOVD:true
  [2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] ENTRY
  [2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] RETURN
  [2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
  [2012-09-28T14:49:11.312+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
  Updated LDAP Server Details in mds schema
  [2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
  [2012-09-28T14:49:11.812+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [OIM_CONFIG] Updated LDAPContainerRules.xml.
  [2012-09-28T14:49:11.812+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: mdsMetadata] [SRC_METHOD: loadEventhandler] RETURN
  [2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
  [OIM_CONFIG] Created jobs using seedSchedulerData. Log location C:\Program Files\Oracle\Inventory\logs
  [2012-09-28T14:49:14.687+01:00] [as] [ERROR] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] File not found[[
  java.io.FileNotFoundException: File not found
       at java.util.zip.ZipFile.open(Native Method)
       at java.util.zip.ZipFile.<init>(ZipFile.java:117)
       at java.util.jar.JarFile.<init>(JarFile.java:135)
       at java.util.jar.JarFile.<init>(JarFile.java:72)
       at oracle.as.install.oim.config.util.RoleSODJarUtil.updateFile(RoleSODJarUtil.java:32)
       at oracle.as.install.oim.config.OIMConfigManager.configureOIM(OIMConfigManager.java:783)
       at oracle.as.install.oim.config.OIMConfigManager.doExecute(OIMConfigManager.java:538)
       at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:335)
       at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:87)
       at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:104)
       at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
       at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:63)
       at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:158)
       at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
       at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:83)
       at java.lang.Thread.run(Thread.java:662)
  [2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
  [OIM_CONFIG] Failed configuration step Configure OIM Server
  [2012-09-28T14:49:14.702+01:00] [as] [ERROR] [] [oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] One or More configurations failed. Exiting
  [2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:CONFIG
  [2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INTERVIEW
  [2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INSTALL
  [2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:COPY
  [2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:LINK
  [2012-09-28T14:49:14.765+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
  [2012-09-28T15:11:21.461+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
  [2012-09-28T15:11:27.914+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
  Regards,
  Ravi.

  Your log files too give some hint... Please verify whether following files like .xldatabasekey are present in your environment:-
  OIM application intialization failed because of the following reasons:
  oim-config.xml was not found in MDS Repository.
  Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
  Password for OIMSchemaPassword is not seeded in CSF.
  Password for xell is not seeded in CSF.
  Password for DataBaseKey is not seeded in CSF.
  Password for JMSKey is not seeded in CSF.
  Password for .xldatabasekey is not seeded in CSF.
  Password for default-keystore.jks is not seeded in CSF.
  Password for SOAAdminPassword is not seeded in CSF.
  I doubt whether OIM is properly installed in your environment otherwise .xldatabasekey would have been present in <DOMAIN_HOME>/config/fmwconfig..
  Also, as far as Weblogic starting in ADMIN mode is concerned, you may try to do the following...
  ps -eaf| grep AdminServer
  Kill the process
  Then remove the lok file. i.e. Lock files...
  rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/oim_server1/tmp/*oim_server1.lok*
  rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/soa_server1/tmp/*soa_server1.lok*
  rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/AdminServer/tmp/*AdminServer.lok*
  After that
  Take the backup of /home/oracle/Oracle/Middleware/user_projects/domains/<DOMAIN_HOME>/servers/AdminServer/data/ldap/ldapfiles (I mean CUT this folder and save it in Backup folder..
  Share the result with us....

• Missing /metadata/iam-features-ldap-sync in v11.1.1.6  OIM/OID sync

  Hi All
  Have picked up support of a site with Oracle Identity Management Suite already installed and need to create custom Schema attributes for users.
  Have modified the create user form no problem in OIM, and also created a custom class with the required attributes in OID.
  The bit I am stuck on is associating the custom class / attributes in OIM with the relevant fields in OID.
  Am looking at the
  Oracle® Fusion Middleware
  Integration Guide for Oracle Identity Management Suite
  11g Release 2 (11.1.2)
  E27123-03
  documentation which seems to make sense and have got as far as page 3-5 Step 2 where it says to
  Export the /metadata/iam-features-ldap-sync/LDAPUser.xml metadata file from the repository
  Issue I've got is that while i can identify the /metadata folder on the server, the only folder it contains are db and ldapReconJobs
  Anyone got any idea where things might have gone wrong / how to rectify?
  Am hoping that it may be something obvious to others as am new to this product-set.
  thanks in advance
  Dave

  thanks idamgod
  Your answer makes sense as to why the folder isnt there, but i have a bit of a problem in that there are no xServer components installed on the server so running the GUI orientated confg.sh isn't an easy option.
  (apparently not an option to install)
  is there any other (non gui orientated) way of achieving the same result?

• LDAP Sync - Syncing users from OID

  We have an instance running the IAM/IDM Suite 11.1.1.5. We have enabled LDAP Sync successfully between OIM and OID. In terms of LDAP Sync functionality, I was wondering whether users in OID can be created in OIM upon a sync. I know updates and deletes in OID can be reflected in OIM. What about creates?
  For example, we have a new OIM instance deployed with no users. We have LDAP Sync enabled to an OID instance with users populatd in the LDAP-configured OU. Assuming all attributes are mapped correctly, can OIM bring these users in through the LDAP Sync?

  If you look at the xml file for LDAPUser, the recon action rules at the bottom, it contains a rule to create when a user is not found. So when you perform the LDAP Sync recon, so long as the changelog picks up the full list of user attributes on creation by a user not in the modifydnfilter, then you will get a new oim user.
  -Kevin

• OVD/OID group reconciliation in OIM 11g with LDAP sync

  Hi All!
  Is it possible to reconcile OID groups to OIM using LDAP sync? How to achieve such configuration?
  I have OIM with LDAP sync and user and roles provisining to OVD is working.
  best
  mp

  Hi,
  I want to Integrate OIM and OID. Can you guide me in doing so?. The platform I will use is Windows 2003 Server, OIM version is 9.1. Also please tell me which version of OID i should use.
  Note: I am new to OID and OIM.
  Thanks in advance.
  Regards,
  Kazmi

• OIM - OID (11g) auto-provision thru ldap sync

  Hi,
  I have configured ldap sync. I have following questions
  1. We have created custom attributes in OID and referred to custom object class. Now when I try to create user in OIM, user is auto-provisioned to OID. But the custom attributes in OIM are not getting provisioned to OID (unable to see the custom attributes in user object of OID, unless we refer manually the custom object class). Can any one let me know how to auto-provision the custom attribtues into OID?
  2. When user is auto-provisioned to OID, it is not showing any resource profile details of OID in OIM? Is it the expected behavior? But create, udpate, delete are happening as expected.
  Please let me know if any one know the solution.

  Hi,
  Where you able to achieve this?? i have similar requirment where, i have added 5 custom attributes in both OIM and OID, when i create the users these attributes doesnot get updated on OID....should i add these UDF in any objectclass which OIM understands??please suggest
  Thanks in advance

• Error in Ldap sync with OIM 11gr2 and OID

  Hi,
  I am trying to sync OIM 11g r2 with OID using Ldap sync option. While creating a user or role I am facing this error
  IAM-2050243 : Orchestration process with id 930, failed with error message IAM-3010201 : LDAP create event failed : Error: NO_SUCH_OBJECT null.
  Help required,
  Thanks

  Any suggestions...

• How to configure security groups creation in OID through LDAP sync

  Hello,
  I am on OIM 11.1.2.1.0.  I created a new role and assigned the role to a user.  The user was added to the corresponding group in OID.
  This was the result I observed:
  Role created in OIM: PIPELINE-18010-DEC~LEAVIERWER
  There is a corresponding group created in OID under cn=Groups.  The user was successfully added to the group.
  However, I would like the new group to be created under cn=Groups,cn=PIPELINE.
  How can I achieve this?  Is there any documentation on how to use ldap sync in OIM?
  Thanks
  Khanh

  When I set the container rules for user with the expression using Organization, it did not work.
  If I copied the example from the documentation, it worked (for <expression>Country=US, Locality Name=AMER</expression>).
  I tried to change the Organization to be 1 word only, but it did not work.
  Is it limited to certain fields in the USR profile (meaning it only worked for certain fields but not all of them)?
  Default works for sure.
  Could someone please let me know?
  Thanks
  Khanh

• LDAP Sync is not working on custom attributes

  Gurus,
  I have installed and configured OIM 11g release 2. While configuring OIM, i have enabled ldapsync to OID.
  Created a custom attribute in OID and also on OIM. But when I change this attribute in OIM, that change is not going to OID and vice versa. There are not errors in the logs.
  Please throw some light on this.

  While creating a custom attribute in oim, you will give label, name right..At the same time there will be an option to provide ldap attribute name. You need to provide the name of the attribute that you created in OID here. Then only ldap sync will work on custom attributes. without specifying ldap attribute name, ldap sync wiill not work.
  Give a try and post your results here.

• Error while importing : /metadata/iam-features-ldap-sync/LDAPUser.xml

  Hi,
  I am unable to import modified Oracle Identity Manager metadata. I am using OIM 11.1.1.5 on Windows Server 2007 EE.
  I am trying to use the import/export functionality via EM.
  I am able to export the LDAPUser.xml file from */metadata/iam-features-ldap-sync/LDAPUser.xml,* have made changes to it but when I am importing it back I am getting the error :
  Error occurred while executing operation.
  MDS-00001: exception in Metadata Services layer
  MDS-01059: document with the name /metadata/iam-features-ldap-sync/LDAPUser.xml missing in the source metadata store
  The values of the parameters in the import MDS operations are :
  fromLocation : E:/MDS/import/ +(On the physical server hosting the OIM)+
  docs : */metadata/iam-features-ldap-sync/LDAPUser.xml*
  restrictCustTo:               
  excludeAllCust: false
  excludeBaseDocsan : false     
  excludeExtendedMetadata : false
  cancelOnException : true
  I have tried using the command line script as well, It runs without a hitch but when I try and import back, it gives me the same old unedited document.
  Has anyone been successful with this approach ?
  Regards,

  Yes, I have. But still the same issue. It seem to run fine using the weblogicImportmetadata.bat fine but when I export and check the updated file, I still get back the original.
  Here's what I get on runnung the weblogicImportmetadata.bat file
  Initializing WebLogic Scripting Tool (WLST) ...
  Welcome to WebLogic Server Administration Scripting Shell
  Type help() for help on available commands
  Starting import metadata script ....
  Please enter your username :weblogic
  Please enter your password :
  +Please enter your server URL [t3://localhost:7001] :t3://localhost:7001+
  Connecting to t3://localhost:7001 with userid weblogic ...
  Successfully connected to Admin Server 'AdminServer' that belongs to domain 'OIM
  +1'.+
  Warning: An insecure protocol was used to connect to the
  server. To ensure on-the-wire security, the SSL port or
  Admin port should be used instead.
  Location changed to domainRuntime tree. This is a read-only tree with DomainMBea
  n as the root.
  For more help, use help(domainRuntime)
  Disconnected from weblogic server: AdminServer
  End of importing metadata script ...
  Exiting WebLogic Scripting Tool.
  C:\Oracle\Middleware1\Oracle_IDAM\server\bin>
  Edited by: 810367 on Aug 21, 2012 6:45 PM

• Error while doing the Ldap sync for UDFs

  Hi All,
  I am doing LDAP sync for UDFs,
  Created users in OID.
  assigned to orclIDXPerson object modified the ldapconfig.props and created the input file.
  Now I am running the ldapsyncudf.sh then I getting the below error.
  Exception in thread "main" java.lang.NullPointerException
  at oracle.ods.virtualization.schema.AttributeTypeDefinition.getOID(AttributeTypeDefinition.java:117)
  at oracle.ods.virtualization.jndi.OVDSchemaContext.convertAttrDefnToJNDIAttrs(OVDSchemaContext.java:655)
  at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:137)
  at oracle.ods.virtualization.jndi.OVDSchemaContext.getAttributes(OVDSchemaContext.java:109)
  at oracle.iam.configservice.impl.LDAPUDFSyncImpl.isAttrExistsInLDAP(LDAPUDFSyncImpl.java:555)
  at oracle.iam.configservice.impl.LDAPUDFSyncImpl.validateOVDSchema(LDAPUDFSyncImpl.java:519)
  at oracle.iam.configservice.impl.LDAPUDFSyncImpl.addUDFwithLDAP(LDAPUDFSyncImpl.java:1082)
  at oracle.iam.configservice.api.LDAPUDFSyncEJB.addUDFwithLDAPx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
  at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
  at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy631.addUDFwithLDAPx(Unknown Source)
  can anyone please unblock me.
  Thanks,
  Valli

  Hi,
  Please see if these help (for 11gR2)
  Export the LDAPUser.xml file from MDS using weblogicExportMetatdata.bat. This xml contains the attributes mapping between OIM and OID for LDAP synchronization.
  Include the entry for OIM attribute (if entry does not exist for the attribute in the XML) under entity-attributes node. For e.g. use the following xml snippet to add the entry for ISD Code for Phone attribute
  <entity-attributes><attribute name=”ISD Code for Phone”> <type>string</type> <required>false</required> <attribute-group>Extended </attribute-group> <searchable>true</searchable> </attribute> </entity-attributes>
  Include the entry for OID attribute under target-fields node. For e.g. use the following xml snippet to add the entry for CountryCode
  <target-fields><field name=”CountryCode”><type>String</type> <required>false</required> </target-fields>
  Now map the OIM attribute with the OID attribute using the following xml snippet under attribute-maps node
  <attribute-maps><attribute-map> <entity-attribute> ISD Code for Phone </entity-attribute> <target-field>CountryCode</target-field> </attribute-map></attribute-maps>
  Save the changes and import the file back into MDS using WebLogic import utilities.