OAM-OIM 11g User Lockout Question

Similar Messages

• OAM-OIM 11g r2 integration is failing

  Hi,
  Following is my configuration,
  1. I have OIM 11g r2 and OAM 11gr2 installed on different weblogic domains.
  2. OIM synchronized with OUD LDAP
  3. I followed the steps described in http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oim.htm
  4. After the integration, I'm not able to login to the Oracle Access Manager console. Though my authentication is successful, I'm getting authorization error.
  As per the doc, oamadmin user (member of oamadministrator group) should be able to login to the console. On weblogic console -> security realms screen, I can see oudauthenticator (authenticates against OUD LDAP) created by the idmconfig tool (tool used for the integration). On the same screen, if I open oamadmin user profile, I don't see any group membershiip information for this user. I also created Administrator group in my LDAP and assigned oamadmin as a member, but in vain. My guess is, since oam server is not recognizing user's role, it's giving an authorization error.
  The documentation mainly talks about using OID as LDAP between OIM and OAM, though it claims other LDAPs are also supported. If anyone has successfully integrated, what do you see in oamadmin user profile, especially in the group membership attribute. Any other ideas/workarounds are greatly appreciated.
  Thanks, Nishanth

  I successfully did this into my VMWare and oamadmin user has there:
  [oracle@thiagoleoncioVM ~]$ ldapsearch -D cn=orcladmin -w **** -b "dc=leoncio,dc=thiago" -L -s sub -v orclmtuid=*oaamadmin* memberOf
  filter pattern: orclmtuid=*oaamadmin*
  returning: memberOf
  filter is: (orclmtuid=*oaamadmin*)
  dn: cn=oaamadmin,cn=Users,dc=leoncio,dc=thiago
  memberof: cn=oaamcsrgroup,cn=groups,dc=leoncio,dc=thiago
  memberof: cn=oaamcsrmanagergroup,cn=groups,dc=leoncio,dc=thiago
  memberof: cn=oaamenvadmingroup,cn=groups,dc=leoncio,dc=thiago
  memberof: cn=oaaminvestigationmanagergroup,cn=groups,dc=leoncio,dc=thiago
  memberof: cn=oaaminvestigatorgroup,cn=groups,dc=leoncio,dc=thiago
  memberof: cn=oaamruleadministratorgroup,cn=groups,dc=leoncio,dc=thiago
  memberof: cn=oaamsoapservicesgroup,cn=groups,dc=leoncio,dc=thiago
  1 matches
  I hope this information helps you with your issue then you should be able to see what is missing there,
  Thiago Leoncio.

• Oim 11g Custom Challenge questions

  hi,
  does oim 11g allows users to setup custom challenge questions.
  Sun Idm does have this feature..
  any idea on Oracle Idm..
  thank you.

  How to add custom challenge questions in OIM 11g
  Find below link for 11gR2
  http://srini-bellamkonda.blogspot.in/2012/11/adding-custom-challenge-questions-in.html

• OIM 11g - User Not enabled After the job "enable user after start date"

  Hi,
  I have a future hired user in OIM whose start date is set in OIM. The status of the user in OIM is 'Disabled Until Start Date'.
  After the start date has passed and the scheduled job 'enable user after start date' is run, I see that the user is still in the status 'Disabled Until Start Date'. I re-run the scheduled job 'enable user after start date', this time manually, still the state of the user remains unchanged.
  Please help in troubleshooting as to find out the root cause of the issue and a workaround/solution, if possible.
  This issue is intermittent and has happened with quite a number of user. Any pointer would be helpful.
  Regards,
  Sudipto S.

  I agree with Nayan.
  One alternative approach can be to write your own custom scheduler which can overcome the limitation of OOTB scheduled job 'enable user after start date'. Let the OOTB job get executed first. After it, your custom scheduler should fire a simple SQL Query:
  SELECT USR_KEY, USR_STATUS FROM USR WHERE (USR_START_DATE > SYSDATE -1) AND USR_STATUS='Disabled Until Start Date';
  //Means those users who are supposed to get enabled today and are still not yet enabled and are in 'Disabled Until Start Date'. May be 2-3 user keys at max will come...
  As you said it happens only intermittently and not for all users... So, let the OOTB scheduled job take care of most of such users... And after it has finished, if any user still remains in 'Disabled Until Start Date', your custom scheduler should enable it via using tcUserOperationsIntf.enableUser(userKey);
  Using API is always better than database update... Because APIs trigger downstream provisioning workflows as well and not just updates OIM Database...
  Keeping your constraints in mind, I think it is the correct answer.

• OIM 11g - User Management Authorization policy issues

  Hello,
  1) Created an organization -> Human Resource
  2) Created an Role -> HR_Admins
  3) Assigned HR_Admins roles as administrative role of Human Resource organization
  4) Created user1 with organization as Human Resource & Assigned HR_Admins role to this user.
  5) Created authorization policy for user management with following selections
  Permission -> Create User.
  Data Constraints -> Selected "Users that are members of selected Organizations" & selected above Human Resource organization.
  Assignment -> HR_Admins role .
  now when i log into user1 i am not able to see Administration tab where i can select Create user.
  I am working on this issue for couple of days ,but not able to find the solution & have i missed some configurations ?
  Thank-You
  Rahul Shah

  Hi Rahul,
  I have tested your scenarion.. with below clause
  1) Created an organization -> Human Resource
  2) Created an Role -> HR_Admins
  3) Assigned HR_Admins roles as administrative role of Human Resource organization
  4) Created user1 with organization as Human Resource & Assigned HR_Admins role to this user. : default role All Users
  5) Created authorization policy for user management with following selections
  Permission -> Create User. :- *"Select ALL"*
  Data Constraints -> Selected "Users that are members of selected Organizations" & selected above Human Resource organization.
  Assignment -> HR_Admins role .
  In data constraints
  Organization Security Setting     Hierarchy Aware (include all Child Organizations)
  Now I am able to see the create user tab and, I can create user in Human Resource org only.
  If it doesn't work for you. Just assign "REQUEST ADMINISTRATOR" IN AUTH POLICY. Test the result.
  Also what is your OIM version?
  Test it with fresh data like new role name, org and user,
  -kuldeep
  Edited by: Kuldeep on May 22, 2012 4:19 AM

• OIM 11g-OIA11g Integration question

  Hi All,
  As per the OIM-OIA Integration documentation, we need either OIM 9.1.0.2 BP14 or OIM11g BP3 to integrate with OIA 11gR1 BP3. But in our case, We have upgraded oim 9.1.0.2 BP 13 to oim 11.1.1.5.0. Now, I have two questions
  1. Do we need to apply BP3 on top of upgraded OIm 11.1.1.5 or not required to integrate OIA11g?
  2. Is those versions compatable to integrate OIm 11.1.1.5.0 and OIA 11.1.1.3.6?
  Please suggest me.
  Thanks.

  It would be compatible. See the statment below:
  To use this integration method you must have at least Oracle Identity Manager version 11gR1 BP3 or version 9.1.0.2 BP14a, and at least Oracle Identity Analytics 11gR1 BP3Oracle has mentioned about minimun requirement which is already met your case.

• OIM 11g: How to remove rule requiring unique user email addresses

  Use the OIM 11g Administrative and User Console to update a user's email address to be the same as another user's address and on save you get error message:
  "The user with the attribute Email and value [email protected] already exists"
  In OIM 9.1 we used to be allowed duplicate email addresses.
  OIM 11g wants them to be unique (refer OIM 11g User Guide table 11-2 in section "11.2 User Entity Definition" which shows the email attribute properties with unique:yes).
  How do you change this to "unique:no"?
  The OIM 11g Admin Guide section "14 Configuring User Attributes" describes the User.xml file in MDS but doesn't mention unique properties.
  The System Properties accessed via System Management->System Configuration doesn't show anything that looks like an option to enforce email address uniqueness.
  Thanks

  OIM 11g does not allow duplicate email addresses. We asked Oracle about this and they responded that the feature (duplicate email addresses) was "removed from OIM 11g due to sending mail notifications, security and other related
  concerns". We think we can live with this restriction and did not make an enhancement request.
  The user guide does show that email address is unique:
  http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14316/usr_mangmnt.htm#BGBDCDCH
  but there's no way to override the rule.

• OIM 11g integration AutoLogin error (first login or forgot password)

  Hi,
  We are currently integrating OAM+OIM 11g (R2). We have used a 10g webgate for this.
  When the user logs in for the first time, and sets his password and answers the challenge questions, he should be "Auto logged in" when he is finished.
  The same scenario should happen, if the user forgot his password, and resets it. He should be "Auto-logged in" when finished.
  This is not happending for us.
  The OIM logs tells us this:
  ERROR: Autologin failed oracle.iam.ui.platform.sso.exception.AutoLoginException: Error occured while retrieving TAP partner key from Credential store
  We have tried to verify everything recommended by this Oracle Support article:
  How to Solve Autologin problems in OIM with OAM? [ID 1475297.1]
  Any ideas what we are missing?
  Thanks & Regards,
  Henrik

  Maybe this is a something?
  Whate should the value of the property OAM_SERVER_VERSION be, when running idmConfigTool.sh and using a 10g webgate for the integration?
  Chapter 7.6 in the integration documentation states this:
  OAM_SERVER_VERSION: 11g (use 10g if Oracle Access Manager 10g is used)
  http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oim.htm#CACFCJHI
  Under chapter 2.4.5 in the idmConfigTool documentation it's described like this:
  OAM_SERVER_VERSION: Required only when Access Manager server does not support 11g webgate in Oracle Identity Manager-Access Manager integration. In that case, value should be provided as '10g'.
  http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/idmcfgtool.htm#CIHCICHD
  When we ran the script, we had the value set to "11g" (because that's our OAM version)... now I'm wondering if I need to set this value at all..
  Regards,
  Henrik

• Self Registration in OIM 11g

  Hi,
  Can some one guide me on how to add User defined fields to self Registration page.My requirement is : In self registration form(at the login page),I have to add some UDFs and delete some existing fields.
  2.User should be created immediately - no approval process for user creation
  3.User email address should be the userid/username. All the oim-username properties should apply to user email address.(No duplicate user email address).Please help.
  Thanks.

  Regarding Question 1, Chapter 8 ( managing profile) of OIM 11g user guide should help you here. In summary, You will need to use self service related authorization policies to add udfs to self profile page.
  http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14316/my_profile.htm#CACICCFD
  Regarding Question 3, Please check out 11.5.2 Configuring the Username Policy of OIM 11g user guide.
  http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14316/usr_mangmnt.htm#CHDJGJJA
  You will need to configure EmailIdPolicy as the username generation policy. OIM11g has OOTB validations to enforce email uniqueness.

• OIM 11g: Event Handler "Data Object"

  Is there any way in the OIM 11g Users event handler model (pre-insert) to get a "data object" type structure of the column names and values which will be inserted into the database (i.e USR_FIRST_NAME = "John"). This would be similar to what the legacy 9.1x event handler model provided via the getDataObject() method.
  I know how to get the data from the orchestration parameters, but for our requirements we need the data to be keyed by database column name ("USR_FIRST_NAME") and not field name as in the orchestration params ("First Name").
  OIM must do this conversion at some point (field name -> database column name). Can we somehow leverage this same function?
  Thanks.

  You can accomplish through if statements in your event handler to check for the attributes that determine the logic. For example, if your user's last name changes, you can check the orchestration.getParameters() to see if it contains a key for "UserManagerConstants.AttributeName.LAST_NAME.getId()" and if it does, then perform your logic to update the user.
  You could also come up with a lookup that can be referenced for these and have your own custom java code that outputs information based on the values in the lookup. Just think creatively and anything is possible.
  Or you can get a connection to the database, and have a constants file that translates the metadata names back to database fields and continue to use your existing code.
  Lots of options.
  -Kevin

• Custom tabs under userprofile - resources in OIM 11g

  Currently in OIM 11g user's available resource accounts are shown as a list under resources tab.
  Is there any way we can customize this page to display one more layer of tabs below it, and fliter the resource accounts to be disaplyed under each sub-tab?

  For OIM 11g R2, we don't have any composer and all. You need to understand the OIM UI then you need to proceed with Customization.
  Steps:
  http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/oim/oim_11g/customize_oim_ui_selfservice_tabs/customize_oim_ui_selfservice_tabs.htm
  Pointers: http://docs.oracle.com/cd/E23943_01/doc.1111/e14309/uicust.htm#BABIGCJA

• Questions against OIM 11g

  Hi All!
  Is it possible to add user photo to user profile in new OIM 11g? My second question is: there is possibility to add attachment to approvall form (like word doc), or digitally sign approval form?
  Any help will be nice
  Best
  mp

  MariuszP wrote:
  Hi All!
  Is it possible to add user photo to user profile in new OIM 11g? My second question is: there is possibility to add attachment to approvall form (like word doc), or digitally sign approval form?Without customization:
  No photo http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14316/usr_mangmnt.htm#BGBGFJAH
  No digitally signed approval form
  No attachments

• OIM 11g R2: Delete User UDF fields

  Hi all,
  I installed and configured OIM 11g R2. In this environment I created an UDF for User entity.
  Here the steps that I followed:
  - created a sanbox
  - opened User Form
  - added a custom field named "MyCustomField". The type field is Text.
  Now, due to a mistake during UDF creation, I have to delete it.
  I found this post (OIM 11gR2 - Unable to remove UDF which describe how to delete an UDF field.
  The post gives these instructions:
  - export the sandbox
  - remove UDF occurences in xml files
  - import the sanbox
  I followed the instructions and at the and I checked the result: the UDF field does not exist in the User form, but the associated database field still exits in database.
  My question is: how I can delete the database filed without create database inconsistency?
  Thanks in advance,
  Daniele

  Hi Nayan,
  I tried to export Users.xml using Depolyment Manager Export, but I the export failed whit this error.
  [2012-10-09T10:03:37.366+02:00] [oim_server1] [ERROR] [] [XELLERATE.WEBAPP] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: fc578f2854422d44:67bee673:13a2720c2c5:-8000-0000000000015853,0] [APP: oim#11.1.2.0.0] Class/Method: LoadDeploymentUtility/handleExportData encounter some problems: invalid character in name[[
  Thor.API.Exceptions.tcAPIException: invalid character in name
  at com.thortech.xl.ejb.beansimpl.tcExportOperationsBean.getExportXML(tcExportOperationsBean.java:245)
  at Thor.API.Operations.tcExportOperationsIntfEJB.getExportXMLx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  Caused by: oracle.xml.parser.v2.XMLDOMException: invalid character in name
  at oracle.xml.util.XMLUtil.validateName(XMLUtil.java:464)
  at oracle.xml.parser.v2.XMLDocument.createElement(XMLDocument.java:877)
  at com.thortech.xl.ddm.repositories.api.impl.APIRepository.getElementforHashMapAttribute(APIRepository.java:552)
  at com.thortech.xl.ddm.engine.visitor.ExportVisitor.visitStarted(ExportVisitor.java:126)
  at com.thortech.xl.ddm.engine.data.datatypes.SchemaInstance.traverse(SchemaInstance.java:252)
  at com.thortech.xl.ejb.beansimpl.tcExportOperationsBean.export(tcExportOperationsBean.java:281)
  at com.thortech.xl.ejb.beansimpl.tcExportOperationsBean.getExportXML(tcExportOperationsBean.java:235)
  ... 120 more
  ]]Do you have any other suggestions?
  Thanks,
  Daniele

• Getting error while provisioning user to AD  - OIM 11g R2

  Hi,
  I have installed the AD connector and I am able to do the user and group reconciliation between AD and OIM 11g R2.
  But when I am trying to provision the user to AD, I am getting the below error :
  oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user[[
  java.lang.NumberFormatException: null
       at java.lang.Long.parseLong(Long.java:375)
       at java.lang.Long.parseLong(Long.java:468)
       at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:104)
       at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:123)
       at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.createObject(ICProvisioningManager.java:267)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCCREATEOBJECT.CREATEOBJECT(adpADIDCCREATEOBJECT.java:109)
       at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCCREATEOBJECT.implementation(adpADIDCCREATEOBJECT.java:54)
       at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
       at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
       at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:3148)
       at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:716)
       at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
       at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
       at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:847)
       at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1162)
       at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:757)
       at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:173)
       at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:235)
       at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
       at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
       at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2910)
       at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:3008)
       at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:471)
       at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:180)
       at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:639)
       at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:357)
       at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
       at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
       at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2910)
       at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:288)
       at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
       at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
       at oracle.iam.provisioning.spi.DOBProvisioningUtil.provisionObject(DOBProvisioningUtil.java:128)
       at oracle.iam.provisioning.spi.DOBProvisioningMechanism.provision(DOBProvisioningMechanism.java:341)
       at oracle.iam.provisioning.impl.ProvisioningServiceImpl$4.process(ProvisioningServiceImpl.java:483)
       at oracle.iam.provisioning.impl.ProvisioningServiceImpl$4.process(ProvisioningServiceImpl.java:471)
       at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
       at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
       at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
       at oracle.iam.platform.tx.OIMTransactionManager.oimExecute(OIMTransactionManager.java:46)
       at oracle.iam.provisioning.impl.ProvisioningServiceImpl.provision(ProvisioningServiceImpl.java:471)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy380.provision(Unknown Source)
       at oracle.iam.provisioning.api.ProvisioningServiceEJB.provisionx(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
       at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
       at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy379.provisionx(Unknown Source)
       at oracle.iam.provisioning.api.ProvisioningService_p7m7x_ProvisioningServiceRemoteImpl.__WL_invoke(Unknown Source)
  Please help me in solving this issue.
  Thanks.
  Edited by: user9212679 on May 9, 2013 4:17 AM

  Hi Kevin,
  Thanks for the reply. As suggested by you I have assigned the default value as 0 for all the checkbox type in form designer for AD User form but still I am getting the same error while provisioning the AD resource.
  Please help.

• Error While Creating User in OIM 11g R2

  Experts,
  I am working on OIM 11g R2, while creating user i am getting below prompt
  IAM-2050242: Orchestration process with id 815, failed with error message IAM-3010201:LDAP create event failed: Object Class Violation.
  any pointers?

  Try to check which OBJ Class violation are you hitting , for example: If you have uniquemember instead of member and try to add more than one member this will be a rule violation. Eg: ADD request to an attribute that is included in an account entry because the attribute entry has been existed prior to the ADD request.
  I hope this helps.
  Thiago Leoncio.