OID LDAP configurations for OIM
Hi All
I switched OID instances for OIM but still OIM still looking at the old OID instance although I updated the Directory Server under the IT resources
Do I need to change any other configuration to reflect the new OID instance ?
Thanks
I exported oim-config.xml but I can't find an XML element for LDAP . only an element for Database called directDB
Did I miss anything here ?
Thanks
Edited by: 599647 on Mar 3, 2012 5:02 PM
Similar Messages
-
LDAP Configuration for ECC 6.0 ( ABAP Stack only)
Hi,
Can any one guide me with the steps for the LDAP Configuration for ECC 6.0 ( Abap stack only).
Some of my observations are....
I can see the LDAP Support in the Installation master at the following path.
1. Additional Software Life cycle Tasks --> Application Server --> LDAP Support.
But the prerequisites for this task is given as "You must have extended the LDAP schema for the sap data types before.".
When i am goint thru service market place i came across the following note.
Note 888848 - Notes on schema enhancement with RSLDAPSCHEMAEXT.
Thanks,
TanujDear All,
We are trying to configure the LDAP using with active directory . In the
step of "Synchronization of SAP User Administration with LDAP
Directory"when executing the report"RSLDAPSYNC_USER" we are facing one
error.
Please find the trace file and error screenshot in the attachment.Please help us on
priority.
Please find the Trace log in the below:
RFC destination : LDAP_LDAPSE-01
Tracelevel : 8,704
F5: Shutdown F6: Clear list F7: Dump status F8: Refresh list
[Wed Jun 26 11:15:38 2013]
Slot 0 (WIPROTECH): >>> ldap_initU(host="abg-mumabc-dc1.abgplanet.abg.com", port=389)
[Wed Jun 26 11:15:39 2013]
Slot 0 (WIPROTECH): <<< ldap_initU() == <NOT NULL> := connected
Slot 0 (WIPROTECH): >>> ldap_set_option(version=3)
Slot 0 (WIPROTECH): <<< ldap_set_option() == 0
Slot 0 (WIPROTECH): >>> ldap_simple_bind_sU(dn="poornataad", password: not initial)
[Wed Jun 26 11:15:40 2013]
Slot 0 (WIPROTECH): <<< ldap_simple_bind_sU() == 0 := success
[Wed Jun 26 11:15:43 2013]
>>>>Required attributes table
Line 0: "CREATETIMESTAMP" (length 15)
Line 1: "MODIFYTIMESTAMP" (length 15)
Line 2: "SAPUSERNAME" (length 11)
<<<<Required attributes table
Slot 0 (WIPROTECH): >>> ldap_search_sU(base="CN=poornataad,CN=Users,DN=abgplanet,DC=abg,DC=com", filter="(&(OBJECTCLASS=user)(SAPUSERNAME=*))", scope=2)
Slot 0 (WIPROTECH): <<< ldap_search_sU() == 91
>>> ldap_msgfree()
<<< ldap_msgfree()
Slot 0 (WIPROTECH): >>> ldap_unbind_s()
Slot 0 (WIPROTECH): <<< ldap_unbind_s() == 0
Please find the error screenshot in the below.
Regards,
Dilip Sampath.CH
+91-9619735957. -
LDAP configuration for HR Portal in dual stack EHP4 - Best Practice
Hi Experts,
Hello Experts,
We are trying to use the JAVA Stack of ECC server for HR Portal i.e Dual Stack and have applied EHP4 package for ESS/MSS Appraisal. When we are trying to configure the LDAP ADS datasource through portal , we are not able to do it since ABAP datasorce file is available by default.This we are doing for HR(ESS/MSS) Portal.This is for access to the object data stored in the Active Directory.
We have already checked note 718383.
Also, for the scenatrio ,LDAP <-> ABAP <-> J2EE
We have already checked sap help doc.here:
http://help.sap.com/erp2005_ehp_04/helpdata/EN/e6/0bfa3823e5d841e10000000a11402f/frameset.htm
What should now be the best practice to follow for configuration ? Should we go for separate Portal server or is it possible to use Java Stack of ECC server for configuration ?
Also, LDAP <-> ABAP <-> J2EE scenario please suggest if it a best practice and we can follow the same .What are the limitations , risks and issues ? Please suggest if this has been implemented and running well in any live project .
Are the suggestions applicable for load balanced production servers as well?
Thanks,
RakeshHi,
the UME datasource must remain ABAP but you can sync the users between ABAP and LDAP using the LDAP connector:
http://help.sap.com/saphelp_nw70ehp2/helpdata/en/48/74040175bb501ae10000000a42189b/frameset.htm
Regards,
Jozsef -
Hi All,
Please teach about user management in Oracle Service Registry(OSR).
We want to manage all users in LDAP(OID).
Questions
Q1) How can we manage the user in OID?
Q2) OSR default user(admin) will not be displayed on the security realm in WebLogic.
Can we configure security realm in WebLogic?
Regards & Thanks
yoshida.Refer to this doc http://download.oracle.com/otndocs/tech/soa/OSR103ProductDocumention.pdf
Section 6. External Accounts Integration -
AD password sync connector configuration for OIM Cluster
Hi
I have OIM running on clustered environment in two nodes.
I have some AD domain controller. I need to install the AD password sync connector (version 9.1.1) in the AD domain controller.
I remember that in the earlier versions we need to install the user management console and then change the value in xlConfig file to have both the node name.
Version 9.1.1 is changed to use the SPML webservices. I have installed the SPML WS in both the nodes.
My question is where do i specify in the AD password sync connector that I have two server as there is no xlConfig or any other config file that I can give both the server address.
I referred the following PDF http://download.oracle.com/docs/cd/E11223_01/doc.910/e11218.pdf
Thanks
Narendar Doshihave you tried importing the cert in cacerts under $JAVA_HOME?
-
IDM 11g installation issues on x64 for OIM startup
Hello,
I am trying to build a IDM 11g env on x64 machine. We have installed the following components.
a. Weblogic 10.3.4/JDev
b. SOA 11.1.1.2 and patch SOA 11.1.1.3
c. RCU to create schemas for OIM, MDS, OAM etc.
d. IAM 11.1.1.3 for OIM
e. Configured for the following, Admin Server, Managed Server, Enterprise Manager and SOA.
f. Started Weblogjc Admin Server
g. Configured for OIM for DB schema, no LDAP, RManager, ports, etc.
h. Restarted Admin Server nd OIM Managed Server, looks like all the servers started but failed to load OIM package.
All the services are running and Weblogic admin reports all the servers as up and running but cant start the oim page on http://localhost:7001/oim as configured.
I have a x64 bit installation packages with jdk160_21
Please can anyone let me know how to proceed.You need to set up your existing DNS server to allow it to delegate to a GNS Service running on the Oracle Database Grid.
Ask your network admin to give you a subdomain that the Oracle GNS will take responsibility for.
For example if your company domain is acme.com then the GNS will resolve all connections to database.acme.com
The GNS will also be allowed to allocate a range of IP's as when those IP's or subdomain are requested the DNS just passes the work on to the GNS to resolve.
So the first step is to talk to your network admin about DNS delegation -
Problem OIM OID Ldap Sync Configuration in 11g.
Hi Team,
I am doing OIM and OID LDAP Sync configuration There It is failed in "Configuration Process" Step.
and also in weblogic OIM Maganaged server in ADMIN mode not in running mode.
please find the both logs.
*********************************Weblogic Logs**********************************************
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
<28-Sep-2012 14:07:44 o'clock BST> <Info> <Management> <BEA-141107> <Version: We
bLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
<28-Sep-2012 14:07:47 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STARTING>
<28-Sep-2012 14:07:47 o'clock BST> <Info> <WorkManager> <BEA-002900> <Initializi
ng self-tuning thread pool>
<28-Sep-2012 14:07:48 o'clock BST> <Notice> <Log Management> <BEA-170019> <The s
erver log file E:\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim
server1\logs\oimserver1.log is opened. All server side log events will be writ
ten to this file.>
28-Sep-2012 14:07:56 oracle.security.am.common.nap.util.NAPLogger log
SEVERE: Failed to communicate with any of configured Access Server, ensure that
it is up and running.
<28-Sep-2012 14:07:57 o'clock BST> <Notice> <Security> <BEA-090082> <Security in
itializing using security realm myrealm.>
<28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STANDBY>
<28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STARTING>
<28-Sep-2012 14:08:20 o'clock BST> <Warning> <oracle.jps.upgrade> <JPS-06003> <C
annot migrate credential folder/key ADF/anonymous#oimBpelCredKey.Reason oracle.s
ecurity.jps.service.credstore.CredentialAlreadyExistsException: JPS-01007: The c
redential with map ADF and key anonymous#oimBpelCredKey already exists..>
<28-Sep-2012 14:08:21 o'clock BST> <Warning> <oracle.adf.share.ADFContext> <BEA-
000000> <Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic initializati
on is performed improperly.
This message may be avoided by performing initADFContext before using getCurrent
To see the stack trace for thread that is initializing this, set the logging lev
el of oracle.adf.share.ADFContext to FINEST>
<28-Sep-2012 14:08:24 o'clock BST> <Error> <Deployer> <BEA-149205> <Failed to in
itialize the application 'oim [Version=11.1.1.3.0]' due to error oracle.iam.plat
form.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
pInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
un(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
rAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
Caused By: oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
pInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
un(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
rAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
>
<28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
ttribute was not found in element application in the deployment descriptor in E:
\Oracle\Middleware\Oracle_IDM1\server\apps\spml-xsd.ear/META-INF/application.xml
. A version attribute is required, but this version of the Weblogic Server will
assume that the JEE5 is used. Future versions of the Weblogic Server will reject
descriptors that do not specify the JEE version.>
<28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
ttribute was not found in element application in the deployment descriptor in E:
\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim_server1\tmp\_WL_
user\spml-xsd\s8d2b9/META-INF/application.xml. A version attribute is required,
but this version of the Weblogic Server will assume that the JEE5 is used. Futur
e versions of the Weblogic Server will reject descriptors that do not specify th
e JEE version.>
<28-Sep-2012 14:08:24 o'clock BST> <Emergency> <Deployer> <BEA-149259> <Server '
oim_server1' in cluster 'OIM_Cluster' is being brought up in administration stat
e due to failed deployments.>
Loading xalan.jar for XPathAPI.
14:08:30 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] -
----------------- NEXAWEB SERVER LICENSE ------------------
- Customer ID : 122
- License type : Enterprise
- Max unique IPs : unlimited
- Max XUL sessions : unlimited
- Max CPUs/server : unlimited
- Clustering allowed : true
- Expiration date : none
Nexaweb Technologies Inc.(C)2000-2004. All Rights Reserved.
Nexaweb Technologies Inc.
10 Canal Park
Cambridge, MA 02141
Tel: 617.577.8100. Email: [email protected]
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Clustering is OFF.
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Servlet Engine: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PD
T 2011 1398638 Oracle WebLogic Server Module Dependencies 10.3 Thu Mar 3 14:37:5
2 PST 2011 Oracle WebLogic Server on JRockit Virtual Edition Module Dependencies
10.3 Thu Feb 3 16:30:47 EST 2011
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Servlet API Version: 2.5
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Nexaweb Server Info = Nexaweb Server 3.3.1072
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Nexaweb Server initialized successfully.
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Log Management> <BEA-170027> <The S
erver has established connection with the Domain level Diagnostic Service succes
sfully.>
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000197> <Listening fo
r announcements from cluster using unicast cluster messaging>
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000133> <Waiting to s
ynchronize with other running members of OIM_Cluster.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[2]" is now listening on 127.0.0.1:14000 for protocols iiop, t3, CLUSTER-BROA
DCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[3]" is now listening on 0:0:0:0:0:0:0:1:14000 for protocols iiop, t3, CLUSTE
R-BROADCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[1]" is now listening on fe80:0:0:0:0:5efe:a2f:f22a:14000 for protocols iiop,
t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Warning> <Server> <BEA-002611> <Hostname "UK
SHWTOAP03A.skandia.co.uk", maps to multiple IP addresses: 10.47.242.42, 0:0:0:0:
0:0:0:1>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult" is now listening on 10.47.242.42:14000 for protocols iiop, t3, CLUSTER-BROA
DCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000330> <Start
ed WebLogic Managed Server "oim_server1" for domain "IAM_domain" running in Prod
uction Mode>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to ADMIN>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000360> <Serve
r started in ADMIN mode>
**********************************OIM OID Ldap Sync Configuration Logs****************************
[2012-09-28T14:49:11.171+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Updating Ldap Sync Configuration
[2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] ENTRY
[2012-09-28T14:49:11.171+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] Create the Database connection
[2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: createDBConnection] ENTRY
[2012-09-28T14:49:11.296+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] isLIBOVD:true
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] ENTRY
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] RETURN
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
[2012-09-28T14:49:11.312+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
Updated LDAP Server Details in mds schema
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
[2012-09-28T14:49:11.812+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [OIM_CONFIG] Updated LDAPContainerRules.xml.
[2012-09-28T14:49:11.812+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: mdsMetadata] [SRC_METHOD: loadEventhandler] RETURN
[2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Created jobs using seedSchedulerData. Log location C:\Program Files\Oracle\Inventory\logs
[2012-09-28T14:49:14.687+01:00] [as] [ERROR] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] File not found[[
java.io.FileNotFoundException: File not found
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.<init>(ZipFile.java:117)
at java.util.jar.JarFile.<init>(JarFile.java:135)
at java.util.jar.JarFile.<init>(JarFile.java:72)
at oracle.as.install.oim.config.util.RoleSODJarUtil.updateFile(RoleSODJarUtil.java:32)
at oracle.as.install.oim.config.OIMConfigManager.configureOIM(OIMConfigManager.java:783)
at oracle.as.install.oim.config.OIMConfigManager.doExecute(OIMConfigManager.java:538)
at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:335)
at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:87)
at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:104)
at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:63)
at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:158)
at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:83)
at java.lang.Thread.run(Thread.java:662)
[2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Failed configuration step Configure OIM Server
[2012-09-28T14:49:14.702+01:00] [as] [ERROR] [] [oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] One or More configurations failed. Exiting
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:CONFIG
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INTERVIEW
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INSTALL
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:COPY
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:LINK
[2012-09-28T14:49:14.765+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
[2012-09-28T15:11:21.461+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
[2012-09-28T15:11:27.914+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
Regards,
Ravi.Your log files too give some hint... Please verify whether following files like .xldatabasekey are present in your environment:-
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
I doubt whether OIM is properly installed in your environment otherwise .xldatabasekey would have been present in <DOMAIN_HOME>/config/fmwconfig..
Also, as far as Weblogic starting in ADMIN mode is concerned, you may try to do the following...
ps -eaf| grep AdminServer
Kill the process
Then remove the lok file. i.e. Lock files...
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/oim_server1/tmp/*oim_server1.lok*
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/soa_server1/tmp/*soa_server1.lok*
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/AdminServer/tmp/*AdminServer.lok*
After that
Take the backup of /home/oracle/Oracle/Middleware/user_projects/domains/<DOMAIN_HOME>/servers/AdminServer/data/ldap/ldapfiles (I mean CUT this folder and save it in Backup folder..
Share the result with us.... -
Hi Experts,
I had configured OIM - OID Ldap Synchronization. Create/Modify/Delete of users are working as expected.
During User Account creation, user type will be given as Role A or Role B in OIM. This user type is created as Group/Role in OID. Role A or Role B is a group in OID and adds the User DN under this group based on User Type from OIM.
Now the problem is, When i modify User-Type of the User in OIM from Role A to Role B, in OID the user account is not getting added into the changed Groups. And also it is not getting deleted from old group which is assigned earlier.
What are the changes that need to be performed for Group changes in OIM/OID. Please throw some pointers on this.
Thanks in Advance,
Sandeep.Any suggestions experts?
-
Help required in OIM-OID LDap Synch and GTC flat file connector
Hi Experts,
I am using OIM 11.1.1.5 with OID LDap Synch enabled. I have OIM protected with OAM 11.1.1.5.0 and almost all normal things are working.
Once I am doing TRUSTED FLAT FILE GTC recon to OIM, the users are getting created in OIM without any password and due to that my users are not getting created in OID(Ldap Synch is enabled);
The following exception is getting thrown:
<Nov 13, 2011 9:48:21 AM CET> <Warning> <XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT> <BEA-000000> <FILE SUCCESSFULLY ARCHIVED : /home/oracle/OAM_ProtoTyping/TestCSV/Scheduled.csv>
<Nov 13, 2011 9:48:21 AM CET> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
<Nov 13, 2011 9:48:22 AM CET> <Error> <oracle.iam.ldapsync.impl.eventhandlers.user> <IAM-3010021> <An error occurred while creating the user in LDAP.
oracle.iam.platform.entitymgr.MissingRequiredAttributeException: [usr_password]
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.checkRequired(EntityManagerImpl.java:1450)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:263)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPPostProcessHandler.createUser(UserCreateLDAPPostProcessHandler.java:261)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPHandler.execute(UserCreateLDAPHandler.java:123)
at oracle.iam.platform.kernel.impl.OrchProcessData.runPostProcessEvents(OrchProcessData.java:1166)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:710)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:675)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:705)
at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
at sun.reflect.GeneratedMethodAccessor1821.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy335.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:380)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3822)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
Has any body faced similar kind of issue.
I tried to use post process event handler on create but while updating password its saying the user state is not in synch with OID.
So I am unable to use post process event handlers as well.
Regards,
JThanks Sunny,
But the post process event handler with reset/update password is not working on CREATE;
the following error message is being thrown:
oracle.iam.platform.kernel.EventFailedException: Password reset failed because user JSMITH151 is not synchronized to the LDAP directory.
at oracle.iam.ldapsync.impl.eventhandlers.user.util.LDAPUserHandlerUtil.resetPassword(LDAPUserHandlerUtil.java:203)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserResetPasswordLDAPHandler.execute(UserResetPasswordLDAPHandler.java:167)
at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:898)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:634)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:665)
In 11.1.1.3 OIM, I found the password was available for mapping in GTC connector, but in OIM 11.1.1.5, oracle has removed the password mapping attribute.
Can you please suggest?
I checked with Oracle Support, They are saying in OIM 11.1.1.5 they have introduced a new post process event handler which should generate the password on every trusted reconcilication event.
But in my environment its not behaving like that.
Regards,
J -
What is the best way update similar OID and OAM LDAP attributes via OIM?
Our environment uses OIM provisioning to an OID LDAP which is used by OAM.
For legacy purposes, we need to populate both the Oracle "orcl*" attributes and OAM "ob*" in cases where they have the same or similar usage.
Example: When a user is disabled in OIM we need to set orclisenabled="false" and obUserAccountControl="DEACTIVATED" in OID
What is the best way to accomplish this in OIM? My initial thought was to write a custom adapter, similar to the out-of-the-box OID Modify User adapter, which supports modifying multiple attributes.
Is there a better way?You can create two tasks which will modify two attributes of OID.
On Disable user task, call task1 and on Success of task1, call Task2 (using Task to Generate Feature).
You can make use of OOTB connector only. -
Configured for LDAP authenication , still giving odbc error.
Hi,
I have gone through several posts in forum.I did not find solution for my issue.
Here is what we have done
We are trying OBIEE authentication and authorization by LDAP (Nortell Directory Server).Here is what i did
-Impersonator User created and Credentials are added to Oracle BI Presentation Services Credential Store
We have following config in instanceconfig.xml
<Auth>
<SSO enabled="true">
<ParamList>
<!--IMPERSONATE param is used to get the authenticated user's
username and is required -->
<Param name="IMPERSONATE"
source="httpHeader"
nameInSource="Z-USERID"/>
</ParamList>
<LogoffUrl>http://IP/analytics/saw.dll?Logoff</LogoffUrl>
</SSO>
</Auth>
-Configured LDAP Server under Security Manager/LDAP Servers( set cn attribute in advanced tab for user name attribute).Tested connection It is successful.We are not importing users.
- In Variable manager created an intilization block named it 'Authentication' and mapped three System variables(USER,GROUP,WEBGROUPS) with LDAP atrributes( for groups and webgroups we provided an attribute under user DN). Tested by supplying a username and password it pulled the attribute values.
We log into a WebApplication and the webapplication redirect the request to along with header Z-USERID.
https://XXX.COM/analytics/saw.dll
Here is how it is working:
If supply username and password in two URL parameters nquser and nqpassword it works,i get Dasboard page and other links according to the configured groups in LDAP.
if i do not supply URL parameters nquser and nqpassword, i get "not logged in page."
the initblock that deals with authentication and autherization is working fine.
Single sign on is not working, it is reading the httpheader that we supply.I am not sure why it expecting password.
ssw Logs show following error
Odbc driver returned an error (SQLDriverConnectW).
State: 08004. Code: 10018. NQODBC SQL_STATE: 08004 nQSError: 10018 Access for the requested connection is refused.
nQSError: 43001 Authentication failed for loggedinIN_USERID in repository Star: invalid user/password. (08004)
I tried some of the suggestion on this site like change passwords to 8 characters of impersonator passphrase etc with no success.
It looks like it is trying databse authentication even though we configured initblock with LDAP settings.
Please help!.Hi
have you created an impersonate user in the Repository ??
Yes,added him to groups Administrator and XMLP_ADMIN
Can you open the url through firefox and look at the cookies ..,
Yes, I opened, When i get not logged in page, when i check cookies ,
i see following cookies
SAWISAPI
nquireID
sawP - Blank
sawU - loggedinUSERID
another two session based cookies.
open the saw.log in textpad and launch your sso link in Firefox
Search for the nquserID and check the values ...it will be encrypted but should be there !!
I searched both saw and server logs, i did not find "nquserID" String.ofcourse i see logged user's login ID in saw logs.
Also do you have load Balanced web servers .. if yes can you ask your web admin to enable sticky session ??
I checked with IChain admin, if the webapp is load balanced they would add sticky bit.But currently app is not in load balanced environment.
Thanks Sid, Please help me resolve this,
Thanks -
ORA-00001: unique constraint during "Configure Database Security Store for OIM Domain"
Hi Guru's,
I am following the below steps for OIM 11.1.2.1 with SOA 11.1.1.7 Installation and facing below error during step "Configure Database Security Store for OIM Domain".
Installed Database 11.2.0.3
Installed RCU (Here I used two versions.
RCU 11.1.2 - Used IDAM prefix for (Metadata Services, OPSS, OIM)
RCU 11.1.1.7 - Used SOA prefix for(Metadata Services,SOA Infrastructure, User Messaging service)
Installed JDK 7 (Java 1.7)
Installed WL 10.3.6 (MW_HOME-/u01/Middleware/fmw, WL_HOME=/u01/Middleware/fmw/wlserver_10.3)
Installed FMW 11.1.2.1 for OIM. (ORACLE_HOME=Oracle_IDM1)
Installed FMW 11.1.1.7 for SOA (ORACLE_HOME=Oracle_SOA1)
WL Domain creation. (Domain Name – idam_domain1)
Configure Database Security Store for OIM Domain.
Internal Exception: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (IDAM_OPSS.IDX_JPS_RDN_PDN) violated
Also followed the below bug solution, but issue still occurs.
Bug 16690836 : CONFIGURE DATABASE SECURITY STORE (CONFIGURESECURITYSTORE.PY) SCRIPT IS FAILING
@ 1. Delete the Schemas using RCU.
@ 2. Recreate the OAM schemas.
@ 3. Reinstall the WLS and OAM software.
@ 4. Run config.sh to create a new domain.
@ 5. Run setDomainEnv.sh from user_projects/domains/<Domain_name>/bin
@ 6. Run the configureSecurityStore.py from same window.
Not sure if anyone tried with different steps that fixed the issue? Could you please help.
Thanks
VGHi Gurus, I got the solution from Oracle. SOA 11.1.1.7.0 shouldn't be used with Identity Management 11.1.2.1.0(11GR1-PS1) version. Identity Management 11.1.2.1.0(11GR1-PS1) is bundled with SOA 11.1.1.6.0. When used this SOA version, Installation went smooth. Thanks VG
-
Enabling LDAP Sync after OIM configuration in R2
Friends,
Did anyone tried enabling LDAP Sync after OIM configuration in R2?
I am trying to do the steps given in the below url.
http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm#IDMIG4357
But I am not finding the below.
/db/LDAPUser
/db/LDAPRole
/db/LDAPRoleHierarchy
/db/LDAPRoleMembership
/db/RA_LDAPROLE.xml
/db/RA_LDAPROLEHIERARCHY.xml
/db/RA_LDAPROLEMEMBERSHIP.xml
/db/RA_LDAPUSER.xml
/db/RA_MLS_LDAPROLE.xml
/db/RA_MLS_LDAPUSER.xml
Few of them exist in /metadata/iam-features-ldap-sync but not all. I am not finding LDAPContrainerRules.xml any where at all.
Am I doing something wrong or this documentation is wrong.
Please suggest.From another post, try following
I have not tiried it yet, but looks ok. Post your results/experiences, shall also try it out.
Find detail steps at below link
http://docs.oracle.com/cd/E27559_01/install.1112/e27301/oim.htm#CDDGJIBJ
http://docs.oracle.com/cd/E14571_01/install.1111/e12002/oidonly014.htm -
X.509 PKI LDAP Schema for OID
Hi,
my question is about availability X.509 PKI LDAP Schema for OID. Does anyone know if it is possible to import already predefined schema into OID?
Is it neccessary to folow RFC2587 and define the schema by hand?
Any response and advice appreciated.
Petr
P.S.
I am quite new in the area of OID so some my questions may seem incomrehensible.Hello Petr:
You most certainly can load your own custom schema items into OiD. A few things to keep in mind when you do this.
Make sure you load the attributes first.
Then your objectclasses.
Then your Catolog/indexes if you have any.
Then load your directory entries.
And last load any ACI's you may have.
If you give me a few of your schema definitions I would be happy to give you an example of how to do this.
There are many PKI venders out there and not all of them store certificates the same way. Some use standard schema attributes and others add their own custom attribute. -
ADF11g - integration with OIM -folder structure for OIM configuration files
Hi All,
I'm trying to make call to a remote OIM using OIM API, from my ADF backing bean onclick of a button
on the JSPX page.
I'm able to compile the page, but the issues I'm facing is that I'm not able to read the configuration details
specified for OIM connectivity from the OIM configuration files (authwl.conf, xl.policy, xlconfig.xml).
So do any one know what is going to be the folder structure for these config files (OIM), when we are integrating to
this API from ADF backing bean.
Thanks All .
Thanks & Regards,
Dharmathej MHi Daniel, thanks for the response but i readed that doc before asking here and that's one of the reasons of my question.
On the first line of the doc it says *"This appendix includes instructions that describe how to configure WebSphere so that Oracle Identity Manager (OIM) and Oracle Identity Analytics (OIA) can be installed on separate servers."*
It assumes both products are on different servers and also the creation of an new profile and node for oia.
WAS_NDS_HOME/AppServer/bin/manageprofiles.sh -create*
-templatePath WAS_NDS_HOME/AppServer/profileTemplates/managed*
-profileName oia-managed01 -profilePath WAS_NDS_HOME/profiles/oia-managed01*
-nodeName oia-managed01-node01 -hostname hostname*
Integrate the OIA node to the OIM Cell by typing the following command on the OIA Machine:*
cd OIM_HOME/xellerate/setup; ./xlAddNode.sh oia-managed01 oia-managed01-node01 192.168.21.9 8883 xelsysadm password1*
Our intention is to use same machines, servers,... oim is using so we don't need to use extra machines or create extra websphere objects.
Any tips on that?
Regards.
Maybe you are looking for
-
My Blackberry Tablet was forced to upgrade and lost everythin
Has this happened to anyone? I have been using the Blackberry Playbook for 3 months now and have setup everything and synced it to the desktop before. Just recently, I plugged it into the computer to sync pictures and such but it could not connect bu
-
How to minimize Final Cut pro with one click?
I know you can minimize windows (canvas, timeline, etc) by pressing Command+M 4 times but how to minimize Final Cut pro with one click?
-
when i am going from 1st detail list to basic list and choosing another sales order number i am geting the previous data instead of data according to new sales order number. i have tried in ECC5.0 and also in 4.7EE.Plz Help me. The code is as follows
-
Inventory management: posting block : material master field
Hi, In het material master you have a field Physical Inventory Blocking Indicator, but when I create a counting document (MI01) with posting block. The field in the material master is still blank. How can this happen? Best regards, Eric.
-
My mac wireless keyboard always shows 100-percent charge when its not
How do I allow my iMac to correctly show the battery level of my Mac wireless keyboard? It always shows 100-percent, which is wrong most of the time. It reads and shows my Mac wireless mouse battery level correctly.