Multiple IT Resources for LDAP Server?

All,
I have a client with several Sun Java System Directory Server (SJSDS) instances, each containing separate user repositories. The schemas for each SJSDS instance have been customised - uid is not the user identifier attribute, nor is inetorgperson the user objectClass.
I have imported the SJSDS connector and am stuck at how I can represent these multiple real-world SJSDS instances in OIM. I understand that I can create separate IT Resources for each SJSDS instance, complete with their individual hostnames and IP addresses; this makes sense. However, according to the "Extending the Functionality" guide (http://download.oracle.com/docs/cd/E11223_01/doc.904/e10446/custom.htm#CIHDDEGA), the user identifier attribute and objectClass seem to be defined at the connector level through the Lookup.iPlanet.Configuration Lookup Definition? Am I correct in therefore assuming that this means all of my LDAP Server IT Resources have to share the same user identifier attribute and objectClass?
Can anyone suggest how I might be able to define unique settings for attributes such as the user identifier attribute and objectClass for each LDAP Server IT Resource? What is the standard approach?
Also, I read that there is a one-to-one relationship between a process task and its adapter. Does this therefore mean that I should create separate "Create User" adapters for the Process Definition associated with each IT Resource implemented?
Any guidance / clarification would be greatly appreciated :-)
Damian

See this is the underlying assumption for multiple instances creation in OIM for any target system:
- Create multiple IT Resources of same IT Resource type. Each one will have individual connection parameters specified in it. You know that.
- Now while provisioning, you just select anyone of this IT Resource as required, so your request is directed towards the required target.
Note
- It considers that you are always provisioning same attributes to all those targets because you will always see same process form for all targets.
- You have same objectClass for all.
- You have same 'Unique Attribute' and 'Key Fields' for reconciliation.
- Although you can modify the IT Resource for providing different attribute list for prov and recon based on your target system by providing different values for look up's in place of- AttrName.Prov.Map.iPlanet and AttrName.Recon.Map.iPlanet. But since RO, Process Form etc all are same so no such real usage.
Note - Lookup - 'AttrName.Prov.Map.iPlanet' has got one attribute objectclass. See if modifying it works. But in OIM process form, attributes will always be same
Work-Around if above doesn't work
The only thing you can do is replicate one instance of SJSDS multiple times within OIM for every OIM object. Say if you want 5 different instances of SJSDS then like following:
- Create 5 identical RO, Process Form, rules, Process Definition, Lookup's etc within xml for every OIM object that you thing will change for all these 5 instances. If anything is common then let all the 5 refer to it. Do it by copying + renaming xml.
- Now import everything in OIM. So now you can see 5 different RO like SJSDS1, SJSDS2 ,SJSDS3 .. etc for all these 5 instances and they will behave differently with no overlapping and you can configure these individually.
- But this is very critical procedure. You need to take proper care while replicating.
Hope it helps.
Thanks
Sunny
Edited by: rajsunny

Similar Messages

  • When I try to connect LDAP server with Directory certificate installed in Onboard Administrator , I get the below error message. Initiating Directory Settings diagnostic for LDAP server 10.0.0.2 port 636

    10.0.0.2Accepting Directory Server certificate for /CN=qtp-ldap.oaqtp.com signed by /DC=com/DC=oaqtp/CN=qtp-ldap
    Skipping certificate 1 (/CN=qtp-ldap.oaqtp.com): subject issuer mismatch 
    Certificate of Directory Server cannot be verified with the installed LDAP certificate. 
    Unable to establish SSL connection with directory server. 
    You may need to install a certificate for your server to allow SSL connections. 
    It says "Subject Issuer mismatch" .. What could be the reason ?
    -Shibi Keyan

    Well, it sounds like the certificate name is different than what you are trying to connect to. Can you try connecting to the DNS name instead? This sounds like a DNS and Certificate Name issue.
    http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx
    Kurt Hudson, Sr. Technical Writer AD DS, AD CS, PKI, Azure AD

  • InitialContext.unbind() deleted the admin user for LDAP server...

    Hi,
    I am doing a connection to a LDAP server from Java code. Everything was fine for several days. But today I noticed that I don't execute an unbind operation and decided to put the necessary code. So I used InitialContext.unbind(). The result was that on the first execution of my program everything was OK. But on the second execution I was not able to bind to the server at all with the constructor of InitialLdapContext class even after restarting the machine from which I execute the Java code and the machine with the server. So it went that the admin user I was using for bind and unbind credentials was deleted. I am sure that the unbind() method is causing the problem because I actually broke the two LDAPs that I have (testing referrals...).
    Now I use close() method instead of the unbind() method and everything is OK but I wonder how is this possible and why is it not documented?

    I can't imagine documenting something like "This method will delete the admin user from your server". If that's the case then it's a bug, not something to be documented. Report it to whoever wrote your Java implementation. If that's Sun, then here:
    http://bugs.sun.com/bugdatabase/login.do
    You might also want to look into your LDAP server and see if it's a known bug there.

  • Steps needed to switch over from  port  389 to  636  for LDAP server

    Hi ,
    we need to switch to new LDAP server with port 636.
    current server is being eol'd and port 389 doesnt work on the new server
    server : sunone web server 6.1
    i have installed the ca certificates and also tesed that port 636 is open .
    what are the config changes needed to be done.. It is a simple ACLl based access control application
    Thanks
    Naresh

    What are the errors printed by the server when it's trying to connect to the
    DBMS? Have you configured the DBMS for 'mixed-mode' connection? (ie:
    allowing the plain TCP socket listener that the driver wil need).
    Joe Weinstein at Oracle

  • How to get clear userpassword for LDAP Server?

    I am writing a code for getting and setting attributes from and into IBM Directory Server. I get userPassword attribute which is like "[B@1dacd79e".
    Does anyone know what is and how to convert it into clear text?If any code possible.
    Thanks
    Steve

    I have found answer in forum.
    Ref: http://forum.java.sun.com/thread.jsp?forum=51&thread=163745

  • Multiple logon for Microsoft Server 2008 R2

    I currently work for the U.S. Government as a System Administrator.  I'm in the middle of an inspection on my system and one of the inspector asked me about multiple logon for Microsoft Server 2008 R2.
    How many times are you allowed to logon to Microsoft Server 2008 R2 before it lock the system?  And also if I'm the system administrator what is the limit on logging to different systems with my account.
    These are questions that I do not have an answer to and I couldn't find any assistance on the Tech Support website.
    Thank you for your assistance.
    Andre'

    Hi,
    If you mean how many users can log on the same computer, this is limited by the resource:
    If You  refer system administrator as domain administrator, domain administrators have full administration rights to their domain.
    Alex Zhao
    TechNet Community Support

  • Is it possible to create multiple LDAP server in the same bi11g application

    Hi,
    they are 8 location users are acessing my report.now i am trying to implementing LDAP server for the user security in my obiee11g application. is it possible to configure/implement multiple LDAP server in the same BI server.
    Thanks
    Deva

    YES. refer http://total-bi.com/2011/07/multiple-ldap-authentication-providers-in-obiee-11-1-1-5/

  • Steps for portal and Microsoft LDAP server integration

    Hi,
    Could any one guide me steps for portal and Microsoft LDAP server integration. Need it urgently.
    Thanks in advance.
    Regards,
    Niraj

    Please don't cross post in multiple forums..

  • How to configura multiple ldap server to the sun access manager

    Hi,
    please help how to configure multiple ldap server to the sun access manager, for example access manager does't find the user in ldap1 then it should search in ldap2.
    Thanks
    Mouli

    There�s no need for deleting the default amSDK based datastore because it�s needed for some default accounts.
    You may try to create the datastore using the commandline (amadmin)
    Have a look /etc/opt/SUNWam/config/xml/idRepoService.xml
    You may also try to create amadmin account in the external ldap directory.
    (Un)fortunately i�ve never tried to remove the default datastore.
    -Bernhard

  • Can you run multiple APEX listeners for different instances on the same server

    Please confirm that we can run multiple APEX listeners for different instances on the same server?  Is it an xml setup configuration or do we need to do more??
    Thank You,
    Tony Miller
    SmartDog Services
    Austin, TX

    Yes.. Just exactly what I was looking for...
    Thanks Jari!!
    Thank You,
    Tony Miller
    SmartDog Services
    Austin, TX

  • What should be done in certmap.conf for 2-way SSL support from a standalone Java application to an SSL enabled LDAP Server

    To support certficate based client authentication using 2-way SSL from a standalone java application which uses JNDI and JSSE1.0.2 to connect to an SSL enabled LDAP Server how do we configure the certmap.conf?Is there any additional setup required at the LDAP Server side apart from enablinf SSL with the option"Required Client Authentication" enabled.The 2 way SSL handshake goes through but the access log file (After configuring the certmap.conf for the issuer DN of the client certficate etc..)shows SSL failed to LDAP DN?But inspite of this access log error the Java client does get an SSL Connection object with which it is able to connect to the LDAP.IS the certmap.conf file being looked up by the LDAP Server at all?

    have you out.flush() and out.close() before you call connection.getInputStream()?

  • Need help setting up LDAP server for Address Book

    I've set up Panther servers before for AFP which is pretty simple but now the office I work at wants me to setup an LDAP server so they can share the same contact information, probably about 2,000+ entries. I'm guessing that this will have to be entered in the LDAP server entry by entry.
    I need to know how to setup the server and what settings need to be on the clients' computers, such as in Address Book.
    The server is an older G4 tower and I've got 8 computers hooked up to it on a simple network. I don't think I'll need to make the LDAP server accessible from outside the network but it's something I'll have to worry about for the future.
    Thanks for any help you can offer.

    bump

  • Ldap server authentication for EAI domain

    Hi everybody,
    I have configured a new realm fot the security of the created EAI Domain and
    made it default. In this realm, the authentication provider is the iPlanet LDAP
    Server.
    Now the booting is fine but then when I am starting the Weblogic Studio, it is
    not getting authenticated and I keep getting the error :
    <Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security> ERROR: No
    realm found.>
    <Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security> ERROR: Ini
    tialization of WLI Authentication Service failed with exception java.lang.Runtim
    eException: ERROR: No realm found..>
    The error page obtained at studio is what is given as attachment.
    Anybody having any info regarding the same - pl. do pass on.
    Thanks and regards,
    Ritwik
    [wli-error.doc]

    Hello Ritwik,
    it should for sure, but with this release WLI depends on the
    compatibility realm.
    Christian Plenagl
    Developer Relations Engineer
    BEA Support
    "Ritwik" <[email protected]> wrote:
    >
    Conceptually if I create respective groups (similar to the groups and
    users of
    the compatability realm) in the ldap server and do the authentication
    from there
    - it should work - shouldn't it???
    Any pointer !!!
    Regds,
    Ritwik
    "Christian Plenagl" <[email protected]> wrote:
    Hi Ritwik,
    you can read in the WLI documentation, that WLI7 currently supportsthe
    compatibility
    realm only.
    Please have a look at:
    http://e-docs.bea.com/wli/docs70/deploy/secure.htm#1365621
    Christian Plenagl
    Developer Relations Engineer
    BEA Support
    "Ritwik" <[email protected]> wrote:
    Hi everybody,
    I have configured a new realm fot the security of the created EAI
    Domain
    and
    made it default. In this realm, the authentication provider is theiPlanet
    LDAP
    Server.
    Now the booting is fine but then when I am starting the Weblogic Studio,
    it is
    not getting authenticated and I keep getting the error :
    <Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security>
    ERROR: No
    realm found.>
    <Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security>
    ERROR: Ini
    tialization of WLI Authentication Service failed with exception java.lang.Runtim
    eException: ERROR: No realm found..>
    The error page obtained at studio is what is given as attachment.
    Anybody having any info regarding the same - pl. do pass on.
    Thanks and regards,
    Ritwik

  • " Server Error [2009]: Failed to allocate resources for results data" IR Error

    Hi,
    We recently moved form 9.3.3. to 11.1.2.3 and we run only IR and SQR reports. When we run few IR reports we get the below error.
    "Script(x):uncaught exception:  Server Error [2009]: Failed to allocate resources for results data."
    Any thought on what could be the cause. I changed the DSA setting, HTTP config settings for timeouts. I followed a oracle Knowledge base document to make sure I'm setting the right parameters still it doesn't work.
    Any advise will be appreciated.
    Thank you.

    Hi,
    Can you please try to increase the timeout settings for workspace and check the issue.
    You can refer following KM article for more information :
    Hyperion Interactive Reporting (IR) When Processing a BQY in Web Client and iHTML Error: "Server Error [2009] Failed To Allocate Resources To Results Data" [ID 1089121.1]
    To try in 11.1.2.x check these settings in workspace :
    Please go to Navigate -> Administer -> Reporting and Analysis -> Web Applications -> Right click on RA_FRAMEWORK_LWA and select Properties. A
    Window pops up. In that, go to Applications tab and then go to Data Access Servlet. There are two values there
    i) Hyperion Intelligence Client Polling Time(seconds) => Set this to zero
    ii) DAS Response Timeout => Set this to 3600
    Restart the R&A services and WebApp after this change.
    Hope this information helps.
    regards,
    Harish.

  • Cannot use file for clustered server. Only formatted files on which the cluster resource of the server has a dependency can be used. Either the disk resource containing the file is not present in the cluster group or the cluster resource of the Sql Serve

    Hi
    Windows serv 2012 cluster on sql 2012 cluster with 2 instance. on works fine , Second instanc ewhen i try to creat DB a get this message. 
    Cannot use file  for clustered server. Only formatted files on which the cluster resource of the server has a dependency can be used. Either the disk resource containing the file is not present in the cluster group or the cluster resource of the Sql
    Server does not have a dependency on it.
    CREATE DATABASE failed. Some file names listed could not be created. Check related errors. (Microsoft SQL Server, Error: 5184)
    Any help please
    kam
    KAMEL

    Hi Saurabh
    Exactly I have SQL SERVER 2012
    Failover Clustering   in windows server 2012 with two nodes with
    two instances and exactly I run them in the same server and each instance with
    three drives Backup, Data and log.   
    KAMEL

Maybe you are looking for