OID OIM 11g reconciliation

Hello,
I am looking in the design console at the OID User Resource Object (11g), and in the previous version for 'Reconcilation Action Rules' we had 'assign to group' for 'No user found' rule condition, however, this no longer seems to exist in 11g.
Where can this condition and action be found (note: I have tried adding a rule, but still can't see the condition)

You'll need to identify an AD Recon then. This is from the Reconciliation Insert task. This event is inserted on every creation through a recon. Next, you'll need to identify on the user profile when this happens because you'll need to integrate it into your access policy. I would suggest a user defined field as a checkbox. In your group membership rule that adds the user to a group for OID provisioning, add an AND rule into it that requires the checkbox = 0. When the reconciliation insert happens, trigger a task that updates the UDF on the user profile to make the checkbox = 1. Now when the user is reconciled and the Reconciliation Insert event happens, it will update the User Profile, and the user will no longer qualify for the OID access policy. If you have it configured to revoke if no longer applies, OID will get revoked.
-Kevin

Similar Messages

Child form for Group Membership OID -OIM 11g

Hi,
Can we configure a custom child form to store OID group membership in OIM 11g? If Yes, what are the configuration changes to be considered.
Thanks in advance

Hi,
Can we configure a custom child form to store OID group membership in OIM 11g? If Yes, what are the configuration changes to be considered.
Thanks in advance

OIM 11g - Reconciliation of Target Resource Status

Hi,
We're working with OIM 11.1.1.5.2 and connectors DBUM 9.1.0.4 and MSAD 9.1.1.7.
Provisioning and reconciliation seem to be working correctly, but we found that the status of the resource is not getting reconciled on OIM console.
For example, if we provision an user with an Oracle Database account, and then lock the account on the database, when we run reconciliation the event is generated and finished with "update succeded", we go to the UD_DB_ORA_U table and find that the field UD_DB_ORA_U_LOCK has a "LOCKED" value, then if we check the logs we can see that the connector is correctly mapping the resource status with the OIM object status:
prepareTargetUsersRecordInOIMFormat : record value : LOCKED
prepareTargetUsersRecordInOIMFormat : map : {OPEN=Enabled, 1=Disabled, YES=Disabled, 0=Enabled, EXPIRED & LOCKED=Disabled, NO=Enabled, LOCKED=Disabled}
prepareTargetUsersRecordInOIMFormat : roValue : TEMPORARY_TABLESPACE_QUOTA
prepareTargetUsersRecordInOIMFormat : Temp RO value : null
prepareTargetUsersRecordInOIMFormat : reconData : [{Default Tablespace=27~USERS, Authentication Type=PASSWORD, Password=Dummy, Default Tablespace=27~USERS, Authentication Type=PASSWORD, Password=Dummy, Default Tablespace Quota=, Profile Name=27~USUARIOS, IT Resource=Oracle, User Name=USPRUEBA65, Temporary Tablespace=27~TEMP, Account Status=LOCKED, Status=Disabled, Global DN=, Privilege List=[], Role List=[{Role Admin Option=NO, Role Name=}], Temporary Tablespace Quota=}]
prepareTargetUsersRecordInOIMFormat:: FINISHED
But, even though the reconciliation has succeded the administrative console shows the account on "Enabled" status, and when I check the OIU table i can see that the OIM object status is still enabled.
I found some threads related to this issue, the most similar was this one: Reconciliation for the deleted user accounts on Target Resource but everything there do not seem to be of much help because all tasks described are already done by the connector installation (at least in msad and dbum connectors).
This problem is happening both for Active Directory and Oracle Database Users, maybe we're missing something but based on the documentation for both connectors we thought it was an OOTB functionality. Is there some system property or connector parameter we need to configure to make this work?
Thanks.
Edited by: fmc on Jul 26, 2012 12:53 PM

Hi Pallavi,
Well, you were right after all, we were mixing 2 totally different problems here and it got us confused.
The problem with the DBUM connector was exactly what you said, a bug in the connector, just needed to modify the connector task object to status mapping. We were checking the Reconciliation Update Received task on AD and we thought it would be the same, and it was obviously not. Well, in this case teh recon event was being generated but nothing happened, after we changed the process task it worked like a charm.
On the other hand, the problem with the AD reconciliation was that our search filter on the recon job was configured to ommit accounts with the disabled status (!(userAccountControl=66050)), it was certainly a silly problem, never thought we had that in the filter (it's a huge filter and we didn't pay attention to that clause the first time around) but everything is working now, thanks!

Transformation during LDAP Sync reconciliation in OIM 11g

Does anyone know if the use of transformations is supported in LDAP Sync reconciliation in OIM 11g?
The reconciliation of LDAP User records is defined in /db/LDAPUser in the OIM metadata. The default version of this file has entries to specify OneToOne transformations, e.g.
<Transformation name="OneToOne">
<Parameter name="givenname" fieldname="givenname"/>
</Transformation>
For one of my attributes I wish to perform a custom transformation, and have implemented a transformation method as a GC provider (i.e. developed a Java class implementing the TransformationProvider interface and defined this Transformation in an xml file in the metadata path /db/GTC/ProviderDefinitions. I have uploaded a new version of LDAPUser that references my custom transformation provider for one of the LDAP attributes.
When I try and perform an LDAP Sync user reconciliation, my custom class does not seem to be getting called when I generate a reconciliation event for the affected attribute. I also do not see any logs indicating a failure to load my provider. I have also turned up all the relevant log levels I can identify, and can see no record of OIM doing anything related to transformationat all (e.g. even calling the standard OneToOne transformation provider).
I am suspicious that although LDAPUser has transformation entries, this may be misleading and transformation is not being performed at all for LDAP Sync.
Does anyone else have experience of using transformation providers during LDAP Sync reconciliation?

Thanks for your reply Nishith
I need some suggestion from you.I have installed OID 11.1.1.6.0 and OIAM 11G R2(not configured ).
while performing the OIM configuration can I use Enable Ldap sync or I need to finish the OIM configuration first and then do the ldap sync.
Regards
sri

OIM Trusted Reconciliation with OID

Hi all,
1. i am facing the problem with trusted reconciliation , i mapped AttrName.Recon.OID.Map with OOTB values , and in Reconciliation manager the Event is created with No Match Found,
2. In provisioning i am using the Entity Adapter to generate the User ID is this causing the error ?.
3. when i run Trusted Recon ii am getting the following error
DEBUG,06 Apr 2011 16:49:48,655,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isDescription - Value: Cannot save: Bad SQL operation FATAL REJECT, raw value 2.
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isRemedy - Value:
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isDetail - Value:
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcErrorList/addError entered.
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/doRollback entered.
ERROR,06 Apr 2011 16:49:48,656,[XELLERATE.DATABASE],Class/Method: tcDataBase/rollbackTransaction encounter some problems: Rollback Executed From
java.lang.Exception: Rollback Executed From
at com.thortech.xl.dataaccess.tcDataBase.rollbackTransaction(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.rollback(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.doRollback(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.createUserRecord(Unknown Source)
at com.thortech.xl.ejb.databeansimpl.tcRCEBean.createUserRecord(Unknown Source)
at com.thortech.xl.ejb.beans.tcRCE_4tknfu_EOImpl.createUserRecord(tcRCE_4tknfu_EOImpl.java:615)
at com.thortech.xl.ejb.beans.tcRCE_4tknfu_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.activation.ActivatableServerRef.invoke(ActivatableServerRef.java:85)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
INFO,06 Apr 2011 16:49:48,656,[XELLERATE.DATABASE],Class/Method: tcDataBase/setTransaction: ##########setTransaction getting called from: #######
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/doRollback left.
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/save left.
DEBUG,06 Apr 2011 16:49:48,657,[XELLERATE.SERVER],Class/Method: tcRCE/createUserRecord left.
DEBUG,06 Apr 2011 16:49:48,825,[XELLERATE.SERVER],Class/Method: tcErrorList/getErrors entered.
DEBUG,06 Apr 2011 16:49:48,825,[XELLERATE.SERVER],Class/Method: tcErrorList/getErrors left.
DEBUG,06 Apr 2011 16:49:48,887,[XELLERATE.SERVER],Class/Method: tcErrorList/ getRejections entered.
DEBUG,06 Apr 2011 16:49:48,887,[XELLERATE.SERVER],Class/Method: tcErrorList/ getRejections left.
DEBUG,06 Apr 2011 16:49:48,997,[XELLERATE.SERVER],Class/Method: tcDataBase/readEncryptedStatement entered.
DEBUG,06 Apr 2011 16:49:48,998,[XELLERATE.SERVER],Class/Method: tcDataBase/readPartialStatement entered.
Thank you.

Hi Khanh,
[This is not good for my use case. I don't want the users from OID to be created in OIM]
Remember this Ldap Sync we use when we want all users in OID -OIM to be in Synch. Otherwise you should have disabled Ldap Sync and used OID 11g Connector.
So if you want to link users in OIM using OID process form/resouce, then its must to use OID 11g Connector.
~J

OIM 11g OID connector install error

Hi,
I'm trying to install the OID connector (OID_904140.zip) for OIM 11g (11.1.1.5), but it fails and I get this error message on my screen:
"A system error occurred.
Contact the Oracle Identity Manager System Administrator."
I have unzipped the OID_904140.zip into /home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/
..and the ldap.jar and ldapbp.jar to the subfolder targetsystems-lib/OID_904140/
I can load it, but when I press install something fails. The log tells me this:
[2012-06-08T05:37:24.153-07:00] [oim_server1] [NOTIFICATION] [IAM-5010000] [oracle.iam.reconciliation.impl.config] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 88d26e01c38a3469:747267b6:137cc114f1d:-8000-0000000000000123,0] [APP: oim#11.1.1.3.0] Generic Information: Unable to delete, as profile does not exist : /db/OID User moving forward ...
[2012-06-08T05:37:24.157-07:00] [oim_server1] [NOTIFICATION] [IAM-5012124] [oracle.iam.reconciliation.impl.config] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 88d26e01c38a3469:747267b6:137cc114f1d:-8000-0000000000000123,0] [APP: oim#11.1.1.3.0] Failed to load profile from MDS /db/OID User. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/OID User".
[2012-06-08T05:37:24.157-07:00] [oim_server1] [NOTIFICATION] [IAM-5012124] [oracle.iam.reconciliation.impl.config] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 88d26e01c38a3469:747267b6:137cc114f1d:-8000-0000000000000123,0] [APP: oim#11.1.1.3.0] Failed to load profile from MDS /db/OID User_backup. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/OID User_backup".
[2012-06-08T05:37:24.165-07:00] [oim_server1] [NOTIFICATION] [IAM-5012122] [oracle.iam.reconciliation.impl.config] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 88d26e01c38a3469:747267b6:137cc114f1d:-8000-0000000000000123,0] [APP: oim#11.1.1.3.0] Reading configurations from the database for object name OID User
[2012-06-08T05:37:24.212-07:00] [oim_server1] [NOTIFICATION] [IAM-5010000] [oracle.iam.reconciliation.impl.config] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 88d26e01c38a3469:747267b6:137cc114f1d:-8000-0000000000000123,0] [APP: oim#11.1.1.3.0] Generic Information: tos not null
[2012-06-08T05:37:24.326-07:00] [oim_server1] [ERROR] [] [XELLERATE.WEBAPP] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 88d26e01c38a3469:747267b6:137cc114f1d:-8000-0000000000000123,0] [APP: oim#11.1.1.3.0] Class/Method: tcActionBase/execute encounter some problems: EJB Exception: ; nested exception is: [[
java.lang.NoSuchMethodError: org/eclipse/persistence/queries/SQLCall.setParameters(Ljava/util/Vector;)V; nested exception is: java.rmi.RemoteException: EJB Exception: ; nested exception is:
java.lang.NoSuchMethodError: org/eclipse/persistence/queries/SQLCall.setParameters(Ljava/util/Vector;)V javax.ejb.EJBException: EJB Exception: ; nested exception is:
java.lang.NoSuchMethodError: org/eclipse/persistence/queries/SQLCall.setParameters(Ljava/util/Vector;)V; nested exception is: java.rmi.RemoteException: EJB Exception: ; nested exception is:
java.lang.NoSuchMethodError: org/eclipse/persistence/queries/SQLCall.setParameters(Ljava/util/Vector;)V
java.rmi.RemoteException: EJB Exception: ; nested exception is:
java.lang.NoSuchMethodError: org/eclipse/persistence/queries/SQLCall.setParameters(Ljava/util/Vector;)V
at weblogic.ejb.container.internal.EJBRuntimeUtils.throwRemoteException(EJBRuntimeUtils.java:108)
at weblogic.ejb.container.internal.BaseRemoteObject.handleSystemException(BaseRemoteObject.java:857)
at weblogic.ejb.container.internal.BaseRemoteObject.handleSystemException(BaseRemoteObject.java:809)
at weblogic.ejb.container.internal.BaseRemoteObject.postInvoke1(BaseRemoteObject.java:518)
This looks interesting to me, but I can't really make sense of it:
Failed to load profile from MDS /db/OID User_backup. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/OID User_backup".
Any ideas, what has gone wrong?
Thanks and regards,
Henrik
Edited by: user1154522 on Jun 8, 2012 6:50 AM

Hi Henrik,
Trying to help:
1-Go and take a look into CIH table into OIM Schema.
1.2-If OID is there, chech: CIH_STATUS column.
1.3-If it's recorded into this table. Try to follow OIM Connector Unistall guide and do it again.
Link: http://docs.oracle.com/cd/E28271_01/doc.1111/e14308/conn_mgmt.htm#CIHBDFEB
section: 6.9.3 Setting Up the Uninstall Connector Utility
I hope this helps,
Thiago Leoncio.

Lookup.USR_PROCESS_TRIGGERS not working with trusted reconciliation oim 11g

Hi,
I am facing one issue while running the trusted incremental reconciliation in OIM 11g.
In the bulkEvent of the event handler I am checking if the operation is MODIFY then I am comparing some attributes and based of that result I am performing some action.
Now the issue is that if the first name or last name of the users gets changed in OIM due to trusted reconciliation then the Change First Name or Change Last Name Process task should get execute on the resources provisioned to the user. This is not happening in my case.
I tried modifying the first name of the user via UI and then the Change First Name Process task got executed.
Please let me know if I need to do some thing extra to get this working.
Thanks

Hi,
Try creating a custom adapter and attach the adapter to the process task which you have created. This adapter should read the user profile value and populate in the AD provisioning form. Then test the flow for one attribute. As I am suspecting that there would be an issue with OOTB adapter.
Regards
Sai

Trusted Reconciliation in OIM 11g

Hi
I have written custom scheduler task in OIM 11g which will retrieve values from database and call recon API's to create users in OIM.
Database Table contains the following sample values
FIRSTNAME:RECON
LASTNAME:USER1
USERLOGIN:RUSER1
ORGANIZATION:Xellerate Users
EMPLOYEE-TYPE:Full-Time
I created Resource Object with the above recon attributes and mapped these attributes to OIM User Attributes and made userlogin as key attribute.
I created Recon Rule as USER LOGIN equals userlogin and action rule as No Matches Found -> Create User
Now I ran the job from UI and status is showing as Data Recieved only. It is not creating users.
Below are the logs for the same.
*<Jul 20, 2011 7:47:55 AM EDT> <Error> <oracle.iam.reconciliation.impl> <IAM-5010000> <Generic Error/Information: {0}*
oracle.iam.platform.utils.SuperRuntimeException: java.sql.SQLIntegrityConstraintViolationException: ORA-02291: integrity constraint (OIM11GDB.FK_RECON_EVENTS_USR) violated - parent key not found
ORA-06512: at "OIM11GDB.OIM_SP_RECONBLKUSERCRUD", line 759
ORA-06512: at "OIM11GDB.OIM_SP_RECONBLKUSRMLSWRAPPER", line 71
ORA-06512: at line 1
     at oracle.iam.reconciliation.dao.DBCall.execute(DBCall.java:24)
     at oracle.iam.reconciliation.dao.ReconActionDao.processSPCall(ReconActionDao.java:1316)
     at oracle.iam.reconciliation.dao.ReconActionDao.executeBulkUserMatchCRUD(ReconActionDao.java:686)
     at oracle.iam.reconciliation.impl.UserHandler.executeBulkCUD(UserHandler.java:568)
     at oracle.iam.reconciliation.impl.BaseEntityTypeHandler.process(BaseEntityTypeHandler.java:34)
     at oracle.iam.reconciliation.impl.ActionEngine.processBatch(ActionEngine.java:129)
     at oracle.iam.reconciliation.impl.ActionEngine.execute(ActionEngine.java:90)
     at oracle.iam.reconciliation.impl.ActionTask.execute(ActionTask.java:73)
     at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
     at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
     at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
     at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
     at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
     at $Proxy364.onMessage(Unknown Source)
     at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
     at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
     at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:328)
     at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
     at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
     at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3822)
     at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
     at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
     at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Pls Help.

Hi Rajiv,
Please see my comments below.
Where is Design Console Access attributes ?I think no need to set value for this attribute as the default value will be End-User only. Correct me if I am wrong.
Have you created Recon Rule properly ?yes
Have you created Reconciliation Profile ?yes
Call teh API porcessReconciliationEvent after createReconciliationEvent API.Is it mandatory to call processReconciliationEvent after createReconciliationEvent? The reason why I am asking is when I wrote scheduler for target recon I didn't used processReconciliationEvent.
Thanks

Self registration error in OIM-OID-OAM 11g

Hi,
We are using OIM,OID,OAM 11G,in clustering mode.We are facing a problem on self registration process.
For every alternate self registration request,system is throwing an error.After the self register user request has got approveod,I have checked the request status in 'advanced' panel its saying ; " IAM-3051103:The create operation on user entity failed in action stage.:"
This is really a big mysterious thing to me,1st self registration was successful,2nd was throwing an error , again 3rd was success ,4th was failure , 5th was success and 6th was failure.
Below is the corresponding error message in log file for the failed request.
<Mar 21, 2011 2:22:30 PM CDT> <Error> <oracle.iam.identity.usermgmt.impl.handlers.create> <IAM-3051103> <The create operation on user entity failed in action stage.
oracle.iam.platform.entitymgr.MissingRequiredAttributeException: [act_key]
     at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.checkRequired(EntityManagerImpl.java:1448)
     at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:261)
     at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:237)
     at oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserActionHandler.execute(CreateUserActionHandler.java:141)
     at oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserActionHandler.execute(CreateUserActionHandler.java:68)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
     at $Proxy235.execute(Unknown Source)
     at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1028)
     at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:637)
     at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:220)
     at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
     at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
     at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
     at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
     at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
     at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
     at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
     at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
     at $Proxy428.onMessage(Unknown Source)
     at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
     at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
     at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:327)
     at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
     at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
     at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
     at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
     at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
     at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 21, 2011 2:22:30 PM CDT> <Error> <oracle.iam.platform.entitymgr.provider.ldap> <IAM-0042004> <An error occurred while un-reserving the user in LDAP, and the corresponding error is - java.lang.NullPointerException>
<Mar 21, 2011 2:22:30 PM CDT> <Warning> <oracle.iam.identity.usermgmt.impl.handlers.create> <BEA-000000> <null>
Any help would be really appreciated.
Thanks.

Hi,
I am assuming in clustered environment you are having two instances running.
It must be an issue with a single server,,because the problem is intermittent.
To see which server is causing problem....just perform the following steps:
1) Stop server1 and keep running server2..and fire new registration request...
2) stop server 2..and keep running server1.....and fire new registration request.
Using above, atleast you can see which server is causing the problem...
Regards,
J
Edited by: J_IDM on Mar 21, 2011 10:52 PM

Reconciliation of "change password on next logon" from AD fails in OIM 11g

Hello,
We have a use case on our OIM 11g project where we create a user in Active Directory and check *"User must change password at next logon"* box in AD.
We have setup AD as Trusted and Target resource (using connector 9.1.1.7), where users coming from AD will be created in OIM and password changes in OIM will be sent to AD. Also we use the password synchronization module (9.1.1.5) to synchronize the passwords from AD to OIM when they are changed in AD.
What we noticed is the "User must change password at next logon" is synchronized to the "AD Resource", but unlike the regular attributes it is not accessible normally because it's a system attribute.
What we expect is the user logging in to OIM will be prompted to change the password, but nothing happens when the newly reconciled user logs in (i.e. normal self-service page is shown). Same thing applies when we set the flag on an existing user also.
Did anyone get this working properly?
P.S. In a previous version it used to be the opposite where the user was constantly prompted for the password, even though it was changed in AD already, after changing the password using Alt+Crtl+Delete the user was still prompted to change when logging in to OIM. Oracle suggested we upgrade to 11.1.1.5.1 (most recent patch set) but now the reverse happens - we never get change password prompt now.
Thanks,
-JP
Edited by: JacekP on Oct 17, 2011 8:10 AM

Yeah, you're right, unfortunately we have dual authorative password model, where a user can change the password from OIM when he is accessing a OIM through a web interface or from his Windows machine through the domain controller. We need the use case to work fully both ways ideally.
A plan-B solution is to use a directory synchronization mechanism outside of OIM that would connect OID and AD, but we would prefer not to.

OIM 11g : Flat-File Reconciliation using GTC Connector : Urgent

Hi,
Can you pls. help in creating an GTC for flatfile reconciliation.
I am using OIM 11g version, and i am struck when i create a try to insert a record into OIM.
Provided a flatfile in the below format:
#GTC Trusted Source
login,firstName,lastName,eMail,organization
TESTACC,TESTFN,TESTLN,[email protected],Xellerate Users
and while creating GTC did the below settings:
Name FFRecon
Reconciliation check box [selected]
Transport Provider Shared Drive
Format Provider CSV
Trusted Source Reconciliation check box [selected]
Staging Directory (Parent identity data) C:\stage\External Files
Archiving Directory C:\stage\External Files\archive
File Prefix identities
specified Delimiter ,
File Encoding UTF8
Source Date Format yyyy/MM/dd hh:mm:ss z
Reconcile Deletion of Multivalued Attribute Data check box [cleared]
Reconciliation Type Full
Performed the mapping of data in the below format
login -> User Login
firstName -> First Name
lastName -> Last Name
eMail -> Email
organization -> Organization
password -> Password Generator
Also did the configuration on the OIM design console end.
I have taken guidance from the OIM release 9.1.0,
http://st-curriculum.oracle.com/obe/fmw/oim/10.1.4/oim/obe12_using_gtc_for_reconciliation/using_the_gtc.htm
Now when i run the GTC connector, the job moves to running state and remains there for a long duration. The account is also not gettting created on the OIM end.
Pls. let me is there any issue in configuration.
It would be greatful, if you can provide the steps for the same.
Also let me know any details required from my end.
Regards,
Karan

Thanks for your quick response.
We have tried the option, of creating a new GTC, but that too didn't helped in solving the issue.
When we schedule the job, it moves to RUNNING state for a long duration and the below error is encountered. Can you pls provide some suggestion on the below error.
Regards,
Karan
==================================================================================
Caused by: oracle.iam.reconciliation.exception.ReconciliationException: Matching rule where clause is null
     at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.getMatchingRule(ReconOperationsServiceImpl.java:476)
     at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:376)
     ... 48 more
[2011-01-18T23:00:23.696+05:30] [oim_server1] [WARNING] [] [XELLERATE.GC.FRAMEWORKRECONCILIATION] [tid: OIMQuartzScheduler_Worker-6] [userId: xelsysadm] [ecid: 0000IqQ6XOI4mniNd6T4i51DDSFi00000k,0] [APP: oim#11.1.1.3.0] [dcid: 8319cc259f6c13fc:4b9b7450:12d9a0d8ae4:-7ffd-0000000000000040] Though Reconciliation Scheduled task has encountered an error, Reconciliation Transport providers have been "ended" smoothly. Any provider operation that occurs during that "end" or "clean-up" phase would have been executed e.g. Data archival. In case you want that data to be a part of next Reconciliation execution, restore it from Staging. Provider logs must be containing details about storage entities that would have been archived
[2011-01-18T23:00:23.696+05:30] [oim_server1] [WARNING] [] [XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT] [tid: OIMQuartzScheduler_Worker-6] [userId: xelsysadm] [ecid: 0000IqQ6XOI4mniNd6T4i51DDSFi00000k,0] [APP: oim#11.1.1.3.0] [dcid: 8319cc259f6c13fc:4b9b7450:12d9a0d8ae4:-7ffd-0000000000000040] FILE SUCCESSFULLY ARCHIVED : C:\Sudhan\Project Related\COE\Installation\Flatfile\Stage\identities20110112.txt
[2011-01-18T23:00:25.259+05:30] [oim_server1] [NOTIFICATION] [IAM-1020005] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-6] [userId: xelsysadm] [ecid: 0000IqQ6XOI4mniNd6T4i51DDSFi00000k,0] [APP: oim#11.1.1.3.0] [dcid: 8319cc259f6c13fc:4b9b7450:12d9a0d8ae4:-7ffd-0000000000000040] [arg: QuartzJobListener.jobWasExecuted Description null FullName DEFAULT.FFRECONLT_GTC Name FFRECONLT_GTC] Job Listener, Job was executed QuartzJobListener.jobWasExecuted Description null FullName DEFAULT.FFRECONLT_GTC Name FFRECONLT_GTC
[2011-01-18T23:04:11.618+05:30] [oim_server1] [NOTIFICATION] [IAM-1020004] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-7] [userId: xelsysadm] [ecid: 0000IqQ6Y4F4mniNd6T4i51DDSFi00000l,0] [APP: oim#11.1.1.3.0] [dcid: 8319cc259f6c13fc:4b9b7450:12d9a0d8ae4:-7ffd-0000000000000041] [arg: Description null FullName DEFAULT.Issue Audit Messages Task Name Issue Audit Messages Task] Job Listener, Job to be executed Description null FullName DEFAULT.Issue Audit Messages Task Name Issue Audit Messages Task
[2011-01-18T23:04:12.290+05:30] [oim_server1] [NOTIFICATION] [IAM-1020014] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-7] [userId: xelsysadm] [ecid: 0000IqQ6Y4F4mniNd6T4i51DDSFi00000l,0] [APP: oim#11.1.1.3.0] [dcid: 8319cc259f6c13fc:4b9b7450:12d9a0d8ae4:-7ffd-0000000000000041] [arg: Method details: executeJob] Method details Method details: executeJob
Edited by: user8674642 on Jan 18, 2011 11:06 AM

OIM 11g R2 - Trusted User Recon 'Reconciliation Insert Received' not trigge

Hi,
We have recently upgrade OIM 10g to 11g R2. One thing which we use to depend on in 10g was the 'Reconciliation Insert Received' to trigger of other tasks. This does not seem to work in OIM 11g R2? Is there a way to fix this?

This turned out to be an Oracle bug.
Bug 9539918 - BOTH MANAGER ID FIELD AND ORG UNIT FIELD IS DISPLAYED WITH ORG UNIT VALUE
This has been fixed in9.1.2.4 version of the connector. Patch11656991
Sunny
Edited by: Sunny on Mar 15, 2011 1:47 PM

SAP Employee Reconciliation ConnectorRelease 9.1.2.2 --OIM 11g R2 support

Hi All
We want to reconcile SAP HRMS users to OIM 11g R2 . Does SAP Employee Reconciliation ConnectorRelease 9.1.2.2 support for OIM 11g R2.
In Connector Documentation ---Certified Components it shows support for
Oracle Identity Manager 11g release 1 (11.1.1)
Thanks
Darshan

I have some problem 9.1.2.2 which is bug actually. It is batter if you use OIM SAP Employee Reconciliation Connector Version 9.1.2.5 Patch 12710600. which is the last patch of SAP Employee Reconciliation Connector.
Thanks
Tamim Khan

OIM 11g R1: LDAPsync or OID Connector or both?

Hello,
at the moment we have ldapsync configured for user/roles provisioning/recon to OID.
We have the requirement to manage two OIDs (test and prod) with one OIM systems. Both OIDs have the same users and roles! LDAPsync is a 1:1 mapping and not possible to manage two destinations.
Now we are thinking about a OID connectors.
Here my questions:
1. Is it possible to use ldapsync and OID connector together? Does make this sense?
2. If using OID connector for role assignment and provisioning, is it possible to use the same role name for an application in both systems (e.g. role: xyz in prod and role: xyz in test?)
3. We have OAM-OID-OIM integration. Here is ldapsync required, isnt it?
4. Can i use OID connector alone without ldapsync. How does the user lifecycel (provisioning, reconicilation of user password) works?
Many thanks in advance!

any ideas?

AD Trusted Reconciliation Issue in OIM 11g R2

Hi,
I am trying to reconcile the users from AD(Trusted Source) to OIM 11g R2.
I gave object class as User. and User ID in search filter but by default ObjectCategory is getting added in my search filter.
so my search query ends up something like..
(&(ObjectCategory=Person)(&(objectclass=User)(uid=*******))) which is not correct for my AD.
If I give any object class other than User I get following error:
+oracle.iam.connectors.icfcommon.exceptions.IntegrationException: The value for a key [IntOrgPerson Configuration Lookup] is not defined in the provided map.+
Though I have given this value in Lookup.Configuration.ActiveDirectory.Trusted ....
How can I update or remove this ObjectCategory field from my query.
Regards,
Abhi
Edited by: 918619 on Jan 21, 2013 4:11 AM

Orch[725719:CREATE]oracle.iam.platform.kernel.EventFailedException: IAM-3051103:The create operation on user entity failed in action stage.: at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createEventFailedException(UserManagerUtils.java:278) at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createEventFailedException(UserManagerUtils.java:303) at oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserActionHandler.execute(CreateUserActionHandler.java:182) at oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserActionHandler.execute(CreateUserActionHandler.java:64) at sun.reflect.GeneratedMethodAccessor2302.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy$1.process(EventHandlerDynamicProxy.java:30) at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13) at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128) at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22) at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:26) at $Proxy254.execute(Unknown Source) at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1115) at oracle.iam.platform.kernel.impl.OrchProcessData.access$500(OrchProcessData.java:84) at oracle.iam.platform.kernel.impl.OrchProcessData$8.processWithoutResult(OrchProcessData.java:719) at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9) at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13) at oracle.iam.platform.tx.OIMTransactionCa

OID OIM 11g reconciliation

Similar Messages

Maybe you are looking for