OID and OIM Groups synchronization

I'm using OID 10.1.0.4 and OIM 9.0.3.1 with Oracle AS.
OID is a trusted source for OIM user reconciliation.
Let's say, I have Group named Group1 in OID (under cn=Users container)
I've created user group Group1 in my OIM.
Is there any standard way to put reconciled user to Group1 in OIM right after OID's admin put user to Group1 in OID?

Hi:
Were you able to resolve this issue? I need to achieve same functionality but OU instead of groups. Please share your thoughts on this incase you came across a solution.
Thanks!

Similar Messages

OIM 10G OID user account / group membership reconciliation

Hello
I have an OID environment that is used for OAM access to applications within the environment. I need to be able to reconcile users from OID into OIM along with their group membership so that roles for users are maintained and updated. I have ORM integrated within the environment so entitlements would need to flow to orm to document that users are members of a role / OIM group. Not sure if this is possible through the trusted reconciliation or if there is a user / group target reconciliation that can be used for this. Any help you can give for this would be appreciated.
Thanks

When i use ADCS timestamp as 0 (to capture changes from the beginning and not necessarily after the group change event occured on the AD side) and run AD user target recon this is getting updated. Is this correct and if so how can i always default ADCS timestamp as 0 in the scheduled task and are there any side effects for this sort of approach.
Prasad.
Edited by: Prasad on Nov 7, 2011 12:31 PM

OID and MS Active Directory LDAP information Synchronization

Do you know have to do the integration between OID and MS active Directory? How to synchronize the LDAP information between two?

Hi, I have the same question.
Thanks,
Malin

Intaract with oid and bring the all groups resides in oid through ldap

Hi,
i would like to intaract with oid and bring the all groups which were resides in
oracle intrnet directory through ldap. can u please give me the procedure
that i can follow or else suggest me a documentation regarding this .
regards,
srinivas

try this (behaviour not garranteed):
For local groups (groups within the Portal's group install base) you can program a loop on the table PORTAL.WWSEC_GROUP$ then read the column NAME.
For non local groups, use the (unsupported) API wwsec_oid (function get_group_name_from_dn(wwsec_group$.dn) ) instead of reading the NAME column.
If the result is incomplete (synchro issues with OID for instance due to DIP) you'll have to use ldap request with DBMS_LDAP package.(or java alternative, of course)
Patrick.

Exporting and Importing OIM Groups

Hi
I am trying to export and import OIM Groups from one environment to another.
It looks like some of the details of the groups (such as Administrative Groups details) are missing after the import.
Any ideas?
I will assign Points. Thanks
Regards
Vijay Chinnasamy

Hi Kevin,
Thanks for the note.
I found that during my import, it asked me to provide "substitutions".
Once I click, "Cancel Substitutions", the other data is there.
I think duirng my previous import, I clicked on "Next" too soon..
Regards
Vijay Chinnasamy

Can not synchronize the SAP NW UME users and system groups with SSM

We have created a demo enviroment for a client demo.
In SAP NW UME:
1. Create the system group.
2. Asing the goup created to the admin user (pipadmin).
In Administrator's user interface:
3. Acces to Administration > Set System Defaults in order to synchronize user tables. The data informed in the fields are:
SSM Administrator = pipadmin
Cache directory = C:Program FilesSAPSSMInternetPubcache
Global cache setting = Enable
End point = <IP:port>
User name = pipadmin
pasword = ······
cache = Enable
Then we click on syncronize tables (Administration > Set System Defaults). The "Update compled" message is showed but users and application group don't appear in the Administration > Manages Application Groups.
Note: We tried to syncronize yesterday and we recieved the message: restart the SSM Extended listener.

Thank you for your answer Bob.
Yes, I restarted the SSM Extended listener after all the steps.
Do you know if there is another missing step?
Regards,
Santiago

OID and Active Directory

1 Does Oracle OID integrate with Active Directory to synch data with Active Directory periodically?
2 Marshall data from Active Directory on demand (live link)?
3 Does Oracle Single Sign-on solution work with multiple directories (i.e. OID and AD both being used by Oracle Single Sign-on)
4 Can Oracle Single-Sing-on work with a Desktop login into a Domain (also called NT Authentication or Desktop authentication).

This is what I have to share with you....For further details refer link http://otn.oracle.com/products/oid/index.html and Oracle Internet Directory Administrator's Guide.
1 Does Oracle OID integrate with Active Directory to synch data with Active Directory periodically?
For synchronizing from Microsoft Active Directory to Oracle Internet Directory, you need to track changes in Microsoft Active Directory and configure your Active directory connector giving its URL, user account and password to be used by the Active Directory connector, its DIT info on domain which contain the users/groups. And in the Active Directory synchronization profile you'll have to set the mapping rule.
2 Marshall data from Active Directory on demand (live link)?
Yes, its possible to migrate data between directories. Configure your Active Directory connector and External auth Plug-in. And use the Directory Integration and Provisioning Assistant.
3 Does Oracle Single Sign-on solution work with multiple directories (i.e. OID and AD both being used by Oracle Single Sign-on)
Yes, its possible. When a user tries to log in, the OracleAS Single Sign-On server tries to verify the credentials the user enters against those stored in Oracle Internet Directory. If the user credentials are not there, then the Oracle directory server invokes the Active Directory external authentication plug-in. This plug-in verifies the user credentials in Microsoft Windows. If the verification is successful, then the Oracle directory server notifies the OracleAS Single Sign-On accordingly.
4 Can Oracle Single-Sing-on work with a Desktop login into a Domain (also called NT Authentication or Desktop authentication).
Oracle Application Server Single Sign-On enables native authentication, also called autologin, in a Microsoft Windows environment. Once logged into the Windows desktop, the user automatically has access to Oracle components. OracleAS Single Sign-On automatically logs the user into the Oracle environment using user's Kerberos credentials.

OIM Group Permissions(OIM User access rights)

Is it possible to set the permissions for an OIM group (ie AD Admins) to have access to Enable, Disable, and Revoke the resources on the Resource Profile page for a user– without giving them write access to the User Detail page.
And secondly, could it be restricted enough to only allow them to do those actions on a specific resource (ie AD User) and not other resources (ie OID, etc).
Please let me know asap if have any idea..
Thanks..

My suggestion would be request based Enable/Disable/Revoke. You can code an approval task to validate submission of the request based on a group membership and either allow the process to continue or reject the request. Once you give someone access to manage users and access to the menu item, they will have access to all the drop downs for that user. You will need to test the permissions. You can give the group update writes to specific objects, and only read only to others and see if this meets your requirements.
-Kevin

OID and Oracle Forms in 9iAS Release 2

Whenever I bring up a first form in 9iAS forms over the web scenario, I am forced to log into the database through a pop up login box in IE. This is so even though I have a perfectly valid "userid=user/pwd@database" value in the URL. I have tried moving the userid value to the formsweb.cfg group and it helps not a whit. Once I log on everything works hunkydory. I am figuring there is some issue with OID. Is this a valid assumption?
How, exactly, does the OID and forms over the web interact. Do I need to create an OID user that has resource access to the database and then use that id in the userid variable in the URL? If so, how do I do this. Please feel free to be specific as if you were talking to an idiot or a small child...type very slowly and enunciate as you go. Not being able to log in from the formsweb.cfg and the URL is an irritant, not a showstopper, but it is a big irritant.

AS with all the downloads on otn this is a full version with no
time limit. But you are under the OTN license which says that
you have to purchase the product if you are developing
production applications with it. Its free for evaluation and
personal education purposes.

StoreFront : Payment and Shipping group relationships are missing for some orders

Hi Team,
In our application, we are able to see relationship between payment and shipping group for some orders. But we are not able to find these relationships for some orders.
We are verifying in "dcspp_payship_rel" table. We are wondering why this behavior is happening for some orders.
Could you please suggest to move further ?
Regards,
Babji...

Hello.
First of all you must ensure that you are properly using transactions when you create/update the orders.
There are best practices to update the orders in ATG that must be followed to avoid loss of information.
Like this steps below:
Acquire a write lock using the ATG lock manager.
Start the transaction.
Synchronized on the Order object.
Update the Order.
End the synchronization.
End the transaction.
Release the lock.
Here are some links that should help you understand the steps to be followed to make a correct update of an order:
https://atgoasis.wordpress.com/2014/08/28/best-practices-for-updating-an-order-in-atg-commerce-applications/
http://www.digitalsanctuary.com/tech-blog/java/atg/design-pattern-for-updating-an-atg-order.html
http://sumangalavijay.blogspot.com.br/2011/10/atg-update-order.html
Oracle ATG Web Commerce - Managing Transactions in Oracle ATG Web Commerce
Hope it helps you! =)

Oracle Forms 11g SSO with OID and IAM

What versions of OID and Access Manager are required to get an Oracle Forms and Reports 11.1.1.2 application
on Weblogic 10.3.2 configured for Oracle SSO using OID authentication?
We want the OID to store and authenticate Users for username and password logins to the database, then
ultimately by user Certificate authentication in OID. I have OID 11.1.1.2 installed and SSO enabled for Forms
in Enterprise Manager.
Is Access Manager required for Forms SSO with OID authentication to work or just to allow user interaction
for registration and Password reset?
Things mention OAM 10.4.3 and others talk about IAM 11g for Forms 11.1.1.2 SSO to work with OID.
We did this back in Oracle Forms and OID 10g with JSP and LDAP to setup users but I understand 11g is
different and IAM can help or is required for this type of SSO to work.
Any help?
Edited by: Kirch on Apr 30, 2013 7:39 AM

Hi,
According to Oracle's certification matrix found at http://www.oracle.com/technetwork/middleware/downloads/fmw-11gr1certmatrix.xls, Oracle Forms 11.1.1.2 is not supported to use any Oracle Access Manager (OAM) version. OAM is a component of IAM. It is only supported with Oracle SSO 10.1.4.x. The best solution would be to upgrade the Forms and Reports environment to either 11gR2 (11.1.2.1) or to the latest 11gR1 patchset 11.1.1.7. Both versions are compatible with OAM 11.1.1.7.0 and OID 11.1.1.7.0 where only Forms 11gR2 (11.1.2.1) is compatible with OAM 11.1.2.0 and OID 11.1.1.7.0. That would be the best solution as we have ran into configuration problems in the past with using Oracle SSO 10.1.4.x.
Since OID 11.1.1.2.0 is already installed, you should be able to patch it up to 11.1.1.7.0.
For user authentication in OID, it is required to have OAM or Oracle SSO as both products use WebGate or mod_osso agents for authentication and authorization. For purposes of allowing end users to register accounts and password reset, you will either need to also install another IAM component called Oracle Identity Manager (OIM) or create a customized SSO login page that can be coded to perform these actions. I believe there are some examples available on the Internet.
Thanks,
Scott
http://pitss.com/us

Issue while integrating OID and BPEL.

Issue while integrating OID and BPEL.
We followed steps mentioned in for integration. WE have two SoA instances, home, oc4j_soa.
http://download-uk.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/service_config.htm#BABIBGFF
Before running configure_oid.bat script, we changed jazn.xml to include the contents that are available in home\jazn.xml.
The contents we replaced contain
<jazn xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-10_0.xsd" schema-major-version="10" schema-minor-version="0" provider="LDAP" location="ldap://myhost:389" default-realm="my-realm" >
     <property name="custom.sso.url.login" value="/jsso/SSOLogin" />
     <property name="ldap.user" value="orclApplicationCommonName=jaznadmin2,cn=JAZNContext,cn=products,cn=OracleContext" />
     <property name="ldap.password" value="{903}dA0r1HydR5qIhjAn2OCLMSWlFXeLdV//sCLFNwSfWhE=" />
     <property name="custom.sso.key.alias" value="ssoSymmetricKey" />
     <property name="idm.token.asserter.class" value="oracle.security.jazn.sso.SSOCookieTokenAsserter" />
     <property name="idm.token.collector.class" value="oracle.security.jazn.sso.SSOCookieTokenCollector" />
     <property name="idm.token.type" value="HTTP_COOKIE" />
     <property name="idm.token.collector.cookie.1" value="ORA_OC4J_SSO" />
     <property name="custom.sso.url.logout" value="/jsso/SSOLogout" />
     <property name="ldap.protocol" value="no-ssl" />
     <property name="idm.authentication.name" value="JavaSSO" />
</jazn>
configure_oid.bat ran successfully.
But when we try restarting SoA, it gives error. If we replace the above to point to XML-based jazn then SoA starts succcessfully.
Please let us know if we are missing anything.
Regards
Yatan

*1.) No I am not able to complete 2.1.3.3 step 3 the*
work list application is showing "authentication fail"
user look up is showing "unable to find the realm with name my-realm "
*2.) After 2.1.3.3 step 2, if I try restarting the SOA suite, it throws following error.*------------------------------------------------------------------------------------------------------------------------------------------------------------
Configuration information
Running in C:\product\10.1.3.1\OracleAS_1
Operation mode:Startup, App Server, No Enterprise Manager, Single Instance
Oracle home:C:\product\10.1.3.1\OracleAS_1
Oracle home name:Unnamed
Instance name:ias_soa.myhost
Instance type:allProducts
Version:10.1.3.1.0
Uses infrastructure:false
Not an infrastructure instance, no infrastructure information available
Components:[j2ee, apache, orabpel, oraesb, owsm, Wsil]
2009-06-29 04:10:49.962--Begin log output for Mid-tier services (ias_soa.myhost)
2009-06-29 04:10:49.962--Processing Step: starting OPMN
2009-06-29 04:10:57.493--Processing Step: starting OPMN managed processes
2009-06-29 04:11:22.806--End log output for Mid-tier services (ias_soa.myhost)
An unknown OPMN error has occured
oracle.appserver.startupconsole.model.ConsoleException: An unknown OPMN error has occured
     at oracle.appserver.startupconsole.control.OPMNController.doStart(OPMNController.java:140)
     at oracle.appserver.startupconsole.control.Controller.start(Controller.java:69)
     at oracle.appserver.startupconsole.control.GroupController.doStart(GroupController.java:47)
     at oracle.appserver.startupconsole.control.Controller.start(Controller.java:69)
     at oracle.appserver.startupconsole.view.controller.ControllerAdapter.start(ControllerAdapter.java:30)
     at oracle.appserver.startupconsole.view.controller.MasterControlAdapter.run(MasterControlAdapter.java:94)
     at oracle.appserver.startupconsole.view.Runner.main(Runner.java:39)
Caused by: oracle.appserver.startupconsole.model.ConsoleException: There are some errors while stopping the following components. Refer to the generated error report for more details.
==================================================
ias-component: default_group
process-type: oc4j_soa
process-set: default_group
Error Message:failed to start a managed process after the maximum retry limit
==================================================
     at oracle.appserver.startupconsole.control.OPMNController.doStart(OPMNController.java:139)
     ... 6 more
Caused by: oracle.ias.opmn.optic.OpticControlException: Error from opmn during process control operation
     at oracle.ias.opmn.optic.AbstractOpmnEntity.runCommand(AbstractOpmnEntity.java:174)
     at oracle.ias.opmn.optic.AbstractOpmnEntity.start(AbstractOpmnEntity.java:110)
     at oracle.appserver.startupconsole.control.OPMNController.doStart(OPMNController.java:97)
     ... 6 more
Exception caused by
There are some errors while stopping the following components. Refer to the generated error report for more details.
==================================================
ias-component: default_group
process-type: oc4j_soa
process-set: default_group
Error Message:failed to start a managed process after the maximum retry limit
==================================================
oracle.appserver.startupconsole.model.ConsoleException: There are some errors while stopping the following components. Refer to the generated error report for more details.
==================================================
ias-component: default_group
process-type: oc4j_soa
process-set: default_group
Error Message:failed to start a managed process after the maximum retry limit
==================================================
     at oracle.appserver.startupconsole.control.OPMNController.doStart(OPMNController.java:139)
     at oracle.appserver.startupconsole.control.Controller.start(Controller.java:69)
     at oracle.appserver.startupconsole.control.GroupController.doStart(GroupController.java:47)
     at oracle.appserver.startupconsole.control.Controller.start(Controller.java:69)
     at oracle.appserver.startupconsole.view.controller.ControllerAdapter.start(ControllerAdapter.java:30)
     at oracle.appserver.startupconsole.view.controller.MasterControlAdapter.run(MasterControlAdapter.java:94)
     at oracle.appserver.startupconsole.view.Runner.main(Runner.java:39)
Caused by: oracle.ias.opmn.optic.OpticControlException: Error from opmn during process control operation
     at oracle.ias.opmn.optic.AbstractOpmnEntity.runCommand(AbstractOpmnEntity.java:174)
     at oracle.ias.opmn.optic.AbstractOpmnEntity.start(AbstractOpmnEntity.java:110)
     at oracle.appserver.startupconsole.control.OPMNController.doStart(OPMNController.java:97)
     ... 6 more
<?xml version='1.0' encoding='WINDOWS-1252'?>
<response>
<msg code="-82" text="Remote request with weak authentication.">
</msg>
<opmn id="bg1ws0008:6201" http-status="206" http-response="2 of 3 processes started.">
<ias-instance id="ias_soa.myhost">
<ias-component id="default_group">
<process-type id="home">
<process-set id="default_group">
<process id="91427687" pid="4148" status="Alive" index="1" log="C:\product\10.1.3.1\OracleAS_1\opmn\logs\\default_group~home~default_group~1.log" operation="request" result="success">
<msg code="0" text="">
</msg>
</process>
</process-set>
</process-type>
<process-type id="oc4j_soa">
<process-set id="default_group">
<process id="91427688" pid="5856" status="Init" index="1" log="C:\product\10.1.3.1\OracleAS_1\opmn\logs\\default_group~oc4j_soa~default_group~1.log" operation="request" result="failure">
<msg code="-21" text="failed to start a managed process after the maximum retry limit">
</msg>
</process>
</process-set>
</process-type>
</ias-component>
<ias-component id="HTTP_Server">
<process-type id="HTTP_Server">
<process-set id="HTTP_Server">
<process id="91427686" pid="5140" status="Alive" index="1" log="C:\product\10.1.3.1\OracleAS_1\opmn\logs\\HTTP_Server~1.log" operation="request" result="success">
<msg code="0" text="">
</msg>
</process>
</process-set>
</process-type>
</ias-component>
</ias-instance>
</opmn>
</response>
*3.) opmnctl status -all ?*
C:\product\10.1.3.1\OracleAS_1\opmn\bin>opmnctl status -all
Usage:
opmnctl [<scope>] status [<options>] [host port]
Notes:
- if host,port is specified, contact opmn on host,port;
otherwise, contact opmn in local ias instance.
scope:
@instance(:name)*|@cluster
scope specifies how far to apply the query. To apply the query to
all known iAS Instances, specify "cluster". To apply the query
to a specific set of 1 or more iAS Instances, specify
"instance(:instname(:instname...))". If no names are supplied
in an instance scope string then the request is applied to the
"local" instance. In this context, "local" means the instance
containing the opmn server handling the request.
Default: local iAS Instance.
Options:
[ias-component|oc4j-group]=id
- filter output by ias-component name
- i.e. filter output by oc4j-group name
-l - pre-selected long output format:
%cmp32%prt18%pid7R%sta8%uid10R%mem8R%utm9R%por
-fmt <fmtlist> - output format (see details below)
Option "-fmt <fmtlist>" and "-l" are mutually exclusive
-fsep <string> - field separator (default:" | ")
-rsep <string> - record separator (default:"\n")
-noheaders - don't print a header
-c <count> - number of times to print status (default:1)
-i <nsecs> - seconds between each print (default:5)
-app [-l] - application status (optional long format)
-port - opmn "request" host and port (scope
argument invalid)
Format String Syntax:
<fmtlist> - A single string containing one or more statistic
identifiers concatenated together where each identifier has
the following format: %<statname>[<width>[<justification>]]
default: %cmp32%prt18%pid7R%sta8
<statname> - Must be one of the following:
ins - iAS Instance Name
cmp - iAS Component Id
prt - Process Type Id
prs - Process Set Id
idx - Index of process in Process Set
pid - OS Process Identifier
uid - Opmn Unique Id
typ - Name for this kind of process
sta - Process status
stm - start time (ms)
utm - up time (ms)
cpu - cpu time (ms)
mem - memory used (Kb)
pme - private memory (Kb)
sme - shared memory (Kb)
hpz - heap size (Kb)
por - Port List
<width> - The number of columns to use for this field. Output
less than this value will receive padding according to the
specified justification. Output more than this value will
be truncated and terminated with '~'.
default: the width of each datum
<justification> - How to justify output when less than the width.
Must be L, R, or C (left, right, or center justification).
default: L
4.) SOA Suite version ? *10.1.3.1.0*
5.) Did you manually tweak some configuration file or followed the documentation as it is ? I have followed the document as it is.
I have changed only jazn.xml available in ..j2ee/oc4j_soa suite to have the below section: This section was copied from jazn.xml of ..j2ee/home directory that has been automatically updated after running configure_oid.bat file
<jazn xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-10_0.xsd" schema-major-version="10" schema-minor-version="0" provider="LDAP" location="ldap://myhost:389" default-realm="myrealm" >
     <property name="custom.sso.url.login" value="/jsso/SSOLogin" />
     <property name="ldap.user" value="orclApplicationCommonName=jaznadmin2,cn=JAZNContext,cn=products,cn=OracleContext" />
     <property name="ldap.password" value="{903}dA0r1HydR5qIhjAn2OCLMSWlFXeLdV//sCLFNwSfWhE=" />
     <property name="custom.sso.key.alias" value="ssoSymmetricKey" />
     <property name="idm.token.asserter.class" value="oracle.security.jazn.sso.SSOCookieTokenAsserter" />
     <property name="idm.token.collector.class" value="oracle.security.jazn.sso.SSOCookieTokenCollector" />
     <property name="idm.token.type" value="HTTP_COOKIE" />
     <property name="idm.token.collector.cookie.1" value="ORA_OC4J_SSO" />
     <property name="custom.sso.url.logout" value="/jsso/SSOLogout" />
     <property name="ldap.protocol" value="no-ssl" />
     <property name="idm.authentication.name" value="JavaSSO" />
</jazn>
instead of
<jazn xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-10_0.xsd" schema-major-version="10" schema-minor-version="0" provider="XML" location="./system-jazn-data.xml" default-realm="jazn.com">

     <property name="idm.authentication.name" value="JavaSSO"/>
     <property name="idm.token.asserter.class" value="oracle.security.jazn.sso.SSOCookieTokenAsserter"/>
     <property name="idm.token.collector.class" value="oracle.security.jazn.sso.SSOCookieTokenCollector"/>
     <property name="idm.token.type" value="HTTP_COOKIE"/>
     <property name="idm.token.collector.cookie.1" value="ORA_OC4J_SSO"/>

     <property name="custom.sso.url.login" value="/jsso/SSOLogin"/>
     <property name="custom.sso.url.logout" value="/jsso/SSOLogout"/>
     <property name="custom.sso.key.alias" value="ssoSymmetricKey"/>
</jazn>

Problem with provisioning to particular OU in OID through OIM

Hi,
Please go through the following issue and suggest.
I have integrated OIM with OID for provisioning purpose through OID connector.Iam prepopulating OU structure in the "Container DN" field in the process form of OID through an adapter.
For example : "ou=BG,o=shipper,dc=xoserve,dc=com" is the Container DN iam prepopulating in OID process form and the user is getting provisioned to OID within the same structure(That structure already exists in OID).
But when I dont have an "ou" in OID, suppose if i want to provision the user to something like "o=Network,dc=xoserve,dc=com"(note this one dont have ou),iam prepopulating "o=Network,dc=xoserve,dc=com" in the process form but iam not able to provision the user.In the console iam seeing the error like
*"ERROR,18 Feb 2010 10:58:15,343,[XL_INTG.OID],com.thortech.xl.integration.OID.tcU*
*tilOIDUserOperationscom.thortech.xl.integration.OID.util.tcUtilLDAPOperations: N*
*amingException :Unable to search LDAP. Check the following values and try again:*
*Base Search detail: ou=Network,dc=xoserve,dc=com, filter expression is cn=H*
*ELLO567"*
My "o=Network" is being sent as "ou=Network"(overwtitten) from process form to OID and as a result it is not able to find that structure in OID.
Plzzzz help....

Hi Chavi / OIMLearner,
I have tried that and it works fine. But all my DNs are not of same structure. Some are like "cn=userid,ou=abc,o=cde,dc=fgh,dc=com" and some are like "cn=userid,o=cde,dc=fgh,dc=com" and there comes the problem.The value of ldapOrgDNprefix is overwriting my DN which is generated perfectly through my adapter.
I dont want that Lookup.OID.Configuration to overwrite my DN.Pls suggest...

Single Oracle Database repository to support SOA and OIM is it possible

Hi, I'd like to install and configure SOA and OIM and would like to know if I can use one database as the repository to support SOA Suite install and OIM install ?
In a development environment is it safe to install SOA Suite 11g and OIM 11g on the same server with all of its components? This is only for the development environment. Thanks

Hi,
I feel you can do it with single Oracle Database,check the below links:
http://ofmwsoa11g.blogspot.com/p/oim-oam-ldap-oid-dip-ovd-oif-sso.html
http://onlineappsdba.com/index.php/2010/08/05/oracleidm-11g-step-by-installation-of-oam-oim-oaam-oapm-oin-111130-part-i-load-schema/
Best regards,
Rafi.

Execute a Process when removing OIM Group ( Role )

Hi All,
I have a Provisioning Process for a resource object ( RO ). I have definied a Access Policy and attached it to OIM Group G1 and Resource Object RO. That means, when the OIM Group G1 is assingned to user U1 through "Group Membership" option, the provision process attach to RO will be executed.
My problem is,
I need to execute the same kind of process when I Unassingn the G1 from User U1.
Could someone pls help me to solve out this problem ?
/Br
Thirlk

Hi,
Thanks for your reply..
I only use "Group Membership" scenario and fire the access policy through that.
I also enable the "Revoke If no longer Apply" option as well.
Thing is, When the Group is unassigned from the user, I need to create a "Service Request" to our support system saying that "Please Remove grant for User U for Application A1" or something. I know this can be done through the adapter.
I do the same thing when adding the Group to the User. That is done through the provision process and "Process Task Adapter". In this case, the provision process attached to the Resource Object is executed when I add the Group to the User. That is working fine and problem comes when removing the Membership.
I wonder why can't we define the Revoke process through the OIM ?
As your reply, I think the only solution is this to create an Entity adapter and configure it to "Post Delete". I have tried this and problem comes when I'm going to Map the Variables to Entity adapter.
How can I map the Variables and pass the Values to my java adapter ? Specially I need to Map the ITResource. ( DB which contains credentials to our "Service Request System" ).
Edited by: thirlk on Jul 16, 2009 9:33 PM
Edited by: thirlk on Jul 16, 2009 9:33 PM

OID and OIM Groups synchronization

Similar Messages

Maybe you are looking for