OID plug-in capabilities!!

Hi OID team,
As we can not replace or load our corporate users/passwords in to OID (which is required to use SSO in 9iAS), we decided to implement when_compare_replace plug-in procedure to authenticate a user depending on the cookie (which will be set by our corporate single login server).Basically this plug-in looks for attname 'userpassword' and returns the success code depending on the cookie).
Before we take this path, can we get some clarifications on the plug-in implementation features?
1) Can we check for a cookie's existence in a plugin procedure?Can we set a new cookie to the user session?
(something like:
cookie OWACOOKIE.COOKIE;
cookie := OWACOOKIE.get('myCookie');
IF cookie.numvals = 0 THEN
2) Can we redirect the user to our Login Server from the plug-in procedure?
OWA_UTIL.redirect_url('https://www.loginserver.com');
basically can we get user environment variables?
I posted couple of messages regarding this before, but never got an answer for them. Can somebody please give some advice on this (at least the OID team)...
thanks a lot in advance.
-vijay bujula

Vijay,
Could you clarify what the need actually is. Are you trying to delegate authentication to a 3rd party SSO environment or are you trying to get the Oracle SSO/OID environment to authenticate against the third party repository?

Similar Messages

PROBLEMS INTEGRATING OID PLUG-IN FRAMEWORK SOLUTION WITH SSO SERVER

I wrote a OID plug-in to authenticated against an external
password store as suggested in chapter 27 of the Oracle Internet
Directory Administer's Guide., release 9.0.2.
The function works if I run an ldap-bind from the command, the password
is checked against the external password store, and copied into the OID.
The function doesn't work from the SSO server, It will authenticate against
the password contained in the OID rather than the password contained in the
external password store, if there is a difference.
I think the reason for this is probably that SSO uses indirect (proxy)
access to the password store instead of Direct Authentication, as
described in chapter 11 of the OID administrators guide.
Does anyone know if it is possible to change the
authentication method of the SSO server from
indirect to direct?
Thanks,

-cont.
orclPluginName=OID_WSL_PLUGIN
orclPluginType=operational
orclPluginTiming=when
orclPluginLDAPOperation=ldapcompare
orclPluginEnable=1
orclPluginSubscriberDNList=cn=users,dc=localhost,dc=com;dc=localhost,dc=com;o=localhost,dc=com;
orclPluginVersion=1.0.1
orclPluginIsReplace=1
cn=when_compare_replace
orclPluginKind=PLSQL
Using the ldapadd command-line tool:
ldapadd –p 4031 –h localhost –D cn=orcladmin –w security007 –v –f when_compare_replace.ldif
and restart the Oracle Internet Directory server and AS too.
4)and tested the plugin with login requests to the OID server and made some calls using ldapcompare tool like:
ldapcompare -p 4031 -h localhost -D cn=orcladmin -w security9 -b "cn=userA,cn=users,dc=localhost,dc=com"
-a title -v manager
but the log table was never filled with the parameter values.
Does this framework stuff ever work? Is it possible to replace the password comparison of OID?????
Is my ldif file correct? Is it the way it should deploy/register? Can you tell my were i am wrong? any help is greatly appreciated...

OID Plug-in for pre_modify on attributes

Hello - I am wondering if some one has written (PL/SQL type procedure) a OID plug-in to achieve the following:
if the value of attribute ATTR1 is changed then before changing copy the old value to an other attribute ATTR2.
So far what I understood we need to write a plug-in of kind "when_operation" for ldapmodify operation with pre_modify procedure signature syntax i.e.
CREATE OR REPLACE PACKAGE LDAP_PLUGIN_LDAP_VALUE AS
PROCEDURE pre_modify
(ldapplugincontext IN ODS.plugincontext,
dn IN VARCHAR2,
mods IN ODS.modlist,
rc OUT INTEGER,
errormsg OUT VARCHAR2);
Can some one please share the such a code if they have done this in the past.
Thank you,

Can at least some one point me to the direction on what API we should be using to create such a plug-in? Any link to the documentation of the API is appreciated. What i can tell we have three choices;
standard LDAP PL/SQL APIs
Oracle Internet Directory provides the Plug-in LDAP API
DBMS_LDAP API
Where can I find the information on these API and what we should be using to achieve our goal that is
if the value of attribute ATTR1 is changed then before changing copy the old value to an other attribute ATTR2.
Thanks,

OID Plug-in Framework

Looking for some information or someone who has written a plug-in that allows you to be authenticated through an external credential store.
Any help you could provide is appreciated.
Thanks
-jim

-cont.
orclPluginName=OID_WSL_PLUGIN
orclPluginType=operational
orclPluginTiming=when
orclPluginLDAPOperation=ldapcompare
orclPluginEnable=1
orclPluginSubscriberDNList=cn=users,dc=localhost,dc=com;dc=localhost,dc=com;o=localhost,dc=com;
orclPluginVersion=1.0.1
orclPluginIsReplace=1
cn=when_compare_replace
orclPluginKind=PLSQL
Using the ldapadd command-line tool:
ldapadd –p 4031 –h localhost –D cn=orcladmin –w security007 –v –f when_compare_replace.ldif
and restart the Oracle Internet Directory server and AS too.
4)and tested the plugin with login requests to the OID server and made some calls using ldapcompare tool like:
ldapcompare -p 4031 -h localhost -D cn=orcladmin -w security9 -b "cn=userA,cn=users,dc=localhost,dc=com"
-a title -v manager
but the log table was never filled with the parameter values.
Does this framework stuff ever work? Is it possible to replace the password comparison of OID?????
Is my ldif file correct? Is it the way it should deploy/register? Can you tell my were i am wrong? any help is greatly appreciated...

About multiple identity plug-in in SES11.1.2.2

hi Experts,
I have a question on identity plug-in for ses11.1.2.2, if multiple identity plug-in are activited/started, does this mean SES will check the identity from all these identity plug-in? for example:
Can I have this senario: user1 belongs to AD, user2 belongs to OID? both user1 and user2 can log in with SES when AD and OID plug-in are activied.
Best regards

hi sbuchta,
I want to double confirm your answer.
If this is the requirement:
1. Customer has an AD as backend authentication system.
2. Customer is using WCC(UCM) which uses that AD as authentication provider.
3. Customer uses SES to search UCM and NTFS(NTFS has ACL enabled)
In this scenario, the only option is to use fed search solution(1 SES instance for searching NTFS with AD plugin, another SES instance for searching UCM with StellentIdentityPlugin)?
Best regards

Crawled the UCM through SES but unable to search on Search screen. I have to use OID as identity management. How to configure SES for this??

I have crawled the UCM through SES, but when I try to search on the Search screen nothing is searched.
followed the following document - http://www.oracle.com/technetwork/search/oses/stellent-white-paper-178229.pdf
But at the end I need to configure the identity management for OID not for Content Server. I have activated the OID plug-in in SES, but nothing is searched in both the foloowing cases:
1) When I login with a OID user
2) When i do not login, even the public data is not displayed.
What could be the problem??

Thanks for the reply. Authorization was use source ACL, and I tried logging in as every user that had access to the content and could not bring up anything.
However, this is no longer an issue as we are not going to be using this content database. We are going to be using the new Beehive collaboration instead. I don't know if there will be a different plugin for SES or what, but it should be interesting.
Jennifer

Error while setting up the ContentDB as the source for OSES

Hello Experts,
I am tring to create the ContentDB as the source to Oracle SES.
1. while creating the Identity plug-in for Oracle Internet Directory, I am passing the following information:
Host name: hostname of the OID
Port: 389 (non SSL)
Use SSL: false
realm name: name of the realm
User name: orcladmin
password: password of orcladmin
I am getting the error in log as follows:
invalid credentials for entity user orcladmin
OID plugin activation failure
caught plugin exception: [LDAP: error code 49 - Invalid Credentials]
am I making any mistake in format of passing credentials or is there any prerequisit for activating the OID plug-in.
2. As per the doc of setting up the Content DB as the source to OSES:
http://download-west.oracle.com/docs/cd/B32393_01/doc/search.1018/b32259/sources.htm#CIAIHJEJ
the refers:
The administrator account used by the Oracle Content Database source must have the ContentAdministrator role on the site that is being crawled and indexed.
where and how this role can be assigned exactly.
Thanks
Krris

Hello Raford,
Thank you very much for the reply..
Issue got resolved...it was due to the syntax I was following while providing realm credential:
I was giving:
realm name: realm_name
correct syntax is:
realm name: cn=realm_name, dn=com
Thanks
Krrish

Trouble with Add-CMDeploymentType and -ScriptInstaller type

We have a Configuration Manager 2012 SP1 setup and I’m trying to populate the system with all our applications by using PowerShell only. I can create device collections, device collection query rules, applications, application deployment
types (if msi, appv 4.6 or appv 5), content distributions and deployments. But for some reason I can’t get the Add-CMDeploymentType cmdlet to work with the –ScriptInstaller parameter.
Example:
Add-CMDeploymentType -ApplicationName "Testapp" -ScriptInstaller -ManualSpecifyDeploymentType -DeploymentTypeName "Acme Testapp 10.4.5 - SCRIPT" -InstallationProgram "install_testapp.cmd" -DetectDeploymentTypeByCustomScript
-ScriptType PowerShell -ScriptContent "test-path 'c:\windows'" -AdministratorComment "APP00001" -RunIntallationProgramAs32BitProcessOn64BitClient $false -InstallationBehaviorType InstallForSystem -ContentLocation "\\afs\ltu.se\package\application\APP00001"
-RunScriptAs32bitProcessOn64bitClient $false -LogonRequirementType OnlyWhenNoUserLoggedOn
By stripping out everything not necessary I know that it is the –ScriptContent parameter that generates the error “WARNING: Select a correct parameter set.”. I have tried both VBScript and Powershell script types but no matter the value
of the ScriptContent I get this error. According to the documentation ScriptContent is of type string.
I find it a bit odd that you can just use scripts for detection methods but I don’t mind if I can get it to work. APPV and MSI works just fine but about 66% of our applications use script based installations.
As a last resort I could probably do it the same way as on configuration manager 2007 with WMI and Packages but I’d rather move everything over to the application model as we do the migration.

I sat all day with google and tried out code and at the and I was successful in putting together someting that actually worked. The sample script creates both the application and the deployment type at the same time. I would rather use a prebuilt application
and just add the deployment type but that is work for another day. Hope you find it usefull.
I did find a good reference here
http://blogs.technet.com/b/chrad/archive/2012/09/12/configmgr-2012-pcm-walking-through-pcm-plug-in-capabilities.aspx but I could not get the DetectionMethod to work in my code. But I got it working with both VBScript and PowerShell detection scripts and
I'm fine for now with that.
-------------ExampleCode---------------
#Anders Hannus 2013-03-14
#Some code from:
http://blog.lechar.nl/2012/04/03/creating-an-sccm-2012-application-with-powershell/
#Load assemblies
[Reflection.Assembly]::LoadFile("D:\Microsoft Configuration Manager\AdminConsole\bin\Microsoft.ConfigurationManagement.ApplicationManagement.dll") | out-null
[Reflection.Assembly]::LoadFile("D:\Microsoft Configuration Manager\AdminConsole\bin\Microsoft.ConfigurationManagement.ApplicationManagement.MsiInstaller.dll") | out-null
$wminamespace = "Root\SMS\Site_S02"
$sccmserver = hostname
#Application info. Normaly read from LDAP database but hardcoded in this example.
$LTUappMaker = "LTU"        #Maker of application
$LTUappName = "testapp"        #Name of application
$LTUappVersion = "1.0"        #Version of application
$LTUpackageName = "install_ltukerberos_ltu.cmd"  #Command to install application
$description = "Registry keys so that Windows can find the KRB servers for Realm LTU.SE" #Description of what the program is/does.
$displayname = "TEST testapp 1.0"     #Diplayname, created from LTUappMaker, LTUappName and LTUappVersion but might be adjusted.
$app = "APP00001"         #Application id in our database
$source = "\\server\sccmsource\$app" #Source directory for application.
$LTUappCheckPath = "C:\Windows\notepad.exe" #file/folder to detect if application is installed.
write-host "Creating Application $displayname"
#Get scopeid
$identificationClass = [WMICLASS]"\\$($sccmserver)\$($wminamespace):SMS_Identification"
$cls = Get-WmiObject SMS_Identification -namespace $wminamespace -ComputerName $sccmserver -list
$tmp = $identificationClass.GetSiteID().SiteID
$scopeid = "ScopeId_$($tmp.Substring(1,$tmp.Length -2))"
#Create an unique id for the application and the deployment type
$newApplicationID = "Application_" + [guid]::NewGuid().ToString()
$newDeploymentTypeID = "DeploymentType_" + [guid]::NewGuid().ToString()
#Create SCCM 2012 object id for application and deploymenttype
$newApplicationID = New-Object Microsoft.ConfigurationManagement.ApplicationManagement.ObjectID($scopeid,$newApplicationID)
$newDeploymentTypeID = New-Object Microsoft.ConfigurationManagement.ApplicationManagement.ObjectID($scopeid,$newDeploymentTypeID)
#Create objects neccessary for the creation of the application
$newApplication = New-Object Microsoft.ConfigurationManagement.ApplicationManagement.Application($newApplicationID)
$newDeploymentType = New-Object Microsoft.ConfigurationManagement.ApplicationManagement.DeploymentType($newDeploymentTypeID,"Script")
#Setting Display Info
$newDisplayInfo = New-Object Microsoft.ConfigurationManagement.ApplicationManagement.AppDisplayInfo
$newDisplayInfo.Title = $displayname
$newDisplayInfo.Language = "sv-SE"
$newDisplayInfo.Description = $description
$newApplication.DisplayInfo.Add($newDisplayInfo)
#Setting default Language must be set and displayinfo must exist
$newApplication.DisplayInfo.DefaultLanguage = $newDisplayInfo.Language
$newApplication.Title = $displayname
$newApplication.Version = 1.0
$newApplication.Publisher = $LTUappMaker
$newApplication.SoftwareVersion = $LTUappVersion
$newApplication.Description = $app
#Add all content to the application
$newApplicationContent = [Microsoft.ConfigurationManagement.ApplicationManagement.ContentImporter]::CreateContentFromFolder($source)
$newApplicationContent.OnSlowNetwork = "Download"
#Deployment Type Script installer will be used
$newDeploymentType.Title = "$displayname - Script Installer"
$newDeploymentType.Version = 1.0
$newDeploymentType.Installer.InstallCommandLine = $LTUpackageName
$newDeploymentType.Installer.UninstallCommandLine = $LTUpackageName.replace("install","uninstall")
$newDeploymentType.Installer.Contents.Add($newApplicationContent)
#Detectionmethod
$testscript = "if (test-path ""$LTUappCheckPath"") {write-host ""The application is installed.""}"
$newDeploymentType.Installer.DetectionMethod = "Script"
$newDetectionScript = New-Object Microsoft.ConfigurationManagement.ApplicationManagement.Script
$newDetectionScript.Language = "PowerShell"
$newDetectionScript.Text = $testscript
$newDeploymentType.Installer.DetectionScript = $newDetectionScript
#Add the DeploymentType to the Application
$newApplication.DeploymentTypes.Add($newDeploymentType)
#Serialize the object to an xml file and stuff it into SCCM
$newApplicationXML = [Microsoft.ConfigurationManagement.ApplicationManagement.Serialization.SccmSerializer]::SerializeToSTring($newApplication,$true)
$applicationClass = [WMICLASS]"\\$($sccmserver)\$($wminamespace):SMS_Application"
$newApplication = $applicationClass.createInstance()
$newApplication.SDMPackageXML = $newApplicationXML
$tmp = $newApplication.Put()
#Reload the application to get the data
$newApplication.Get()
HI,
after trying during a long time, I always get the same error when executing line:
$newDeploymentType = New-Object Microsoft.ConfigurationManagement.ApplicationManagement.DeploymentType($newDeploymentTypeID,"Script")
I have change to "MSI" installer and get the same error.
Any help please.
New-Object : Exception calling ".ctor" with "2" argument(s): "Invalid deployment technology id: Script"
At C:\borrar\borrar.ps1:38 char:22
+ $newDeploymentType = New-Object Microsoft.ConfigurationManagement.ApplicationMa ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
SCCM 2012 SP1 CU3 thanks

OCS + authentication external LDAP

Is there anyone with experiences to use OCS in combination
with external authentication against an SunONE LDAP server?
I don't want to synchro the two LDAPs. I just want to use the usernames & passwords of the external LDAP.
Can you explain to me which procedures must I follow?
Is is necessary to create all the users of the external LDAP exists in the OID of OCS?
If not how does this work? For example how do I grant email/files rights to a user which is not in the OCS OID?
If the users must exists in the OID, which components must I configure within OCS? Must I write a pl/sql package for authentication to the external LDAP?
Thanks in advantage!

Hi Elvis!
What you need to do is to configure an OID plug-in that can be used to authenticate the users against the SUN LDAP. There are some examples in the OID admin guide.
The users must exist in the OID.
The users need to be administered in the OID as the CS needs the entries in the users tree as well as the emailservercontainer tree.
cu
Andreas

Custom user table

Hello,
I'm a newbie to Oracle Portal and I'm currently working on a conference project. We already have database from last year. There we have user table and other tables. I have already created custom login portlet for users to login but I used portal SSO package. Here comes the tricky part: How can I link portal user table and my user table, so I would know the details of a user when he logs in.
The best solution would be if I could use my table instead of PORTAL30_SSO.WWSEC_PERSON table.
Can anybody help me please !?!
Tnx in advance.
Mitja.

To handle using DIP, refer to the Oracle Identity Manager, Application Developers Guide. That gives recommendations on the ldap-ntfy package.
Handling the operation using OID plug-in will have performance impact on the ldap operations performed on OID.

How to populate custom USER table with data from Oracle Internet Directory?

Hi all,
We have a Users table in our internal forms application.
I want to populate this USERS table each time users are added in Oracle Internet Directory.
Likewise for modification and deletion.
How to go about doing this ?
I know that it involves Oracle Directory Provisioning Integration Service and we might have to use LDAP_NTFY plsql proc to implement this.
Am I on the right track ? Can anyone point me to the exact steps to go about synching up the USERS table from Oracle Internet Directory ?
Thanks,
Sam

To handle using DIP, refer to the Oracle Identity Manager, Application Developers Guide. That gives recommendations on the ldap-ntfy package.
Handling the operation using OID plug-in will have performance impact on the ldap operations performed on OID.

EBS-Interconnect Integration problem - Need Urgent Help

Hi,
I am facing problem while trying to connect Oracle Interconnect with Oracle ESB using BEPL Plug-in feature.
I was actually going though one document on ESB-Interconnect integration and follow all the steps. It did create an entry to ESB console but not able to import Interconnect's BPEL Plug-in Application to ESB console (What I was expecting to get after completing ESB-Interconnect integration).
All step that I have covered are given below. Can someone help me ASAP. This is kind of a show stopper issue for me.
For more information you can email at [email protected] or call me at +1 412 296 2094.
Bunch of thanks in adance.
Note - I am not able to print OUTPUT section in this post, So anyone need that I can send in different Email.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1. Open Command Prompt
CD to the folder where admin_client.jar is located
2. Deploy "IcAdapter"
java -Djava.util.logging.config.file=logging.properties -jar admin_client.jar deployer:oc4j:opmn://localhost:6004/home oc4jadmin welcome1 -deploy -file c:\product\10.1.3.1\OracleAS_1\integration\esb\lib\icAdapter.rar -deploymentName ICAdapter
3. Deploy "icwsilplugin"
with log:
java -Djava.util.logging.config.file=logging.properties -jar admin_client.jar deployer:oc4j:opmn://localhost:6004/home oc4jadmin welcome1 -deploy -file c:\product\10.1.3.1\OracleAS_1\integration\esb\lib\icwsilplugin.ear -deploymentName icwsilplugin -parent default
4. Bind "icwsilplugin"
java -Djava.util.logging.config.file=logging.properties -jar admin_client.jar deployer:oc4j:opmn://localhost:6004/home oc4jadmin welcome1 -bindWebApp -appName icwsilplugin -webModuleName icwsilplugin -webSiteName default-web-site -contextRoot /ic
5. Shutdown and restart the ESB server
6. Run the "regadapters.bat/sh script" from ORACLE_HOME\integration\esb\bin (for this case its c:\product\10.1.3.1\OracleAS_1\integration\esb\bin) directory.
7. Start Interconnect database and repository.
8. Change "oc4j-ra.xml" located in "<esb_home>\j2ee\home\application-deployments\default\IcAdapter (for this case - c:\product\10.1.3.1\OracleAS_1\j2ee\home\application-deployments\default\IcAdapter)" with following details:
<?xml version="1.0"?>
<oc4j-connector-factories xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.oracle.com/technology/oracleas/schema/oc4j-connector-factories-10_0.xsd" schema-major-version="10" schema-minor-version="0" >
<imported-shared-libraries>
<import-shared-library name="oracle.bpel.common"/>
<import-shared-library name="oracle.xml"/>
</imported-shared-libraries>
<connector-factory location="eis/ICAdapter" connector-name="Interconnect Adapter">
<config-property name="applicationName" value="BPELPM"/>
<config-property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/>
<config-property name="connectionString" value="jdbc:oracle:thin:@ASC-587CDFCE:1521:ORCL"/>
<config-property name="userName" value="ichub"/>
<config-property name="password" value="tcsalc0a"/>
<config-property name="repoName" value="InterConnectRepository"/>
<connection-pooling use="none"></connection-pooling>
<security-config use="none"></security-config>
</connector-factory>
</oc4j-connector-factories>
9. Add <code-source path=”<IC_HOME>\integration\interconnect\lib\oai.jar"/> to the "Server.xml" file located in <ESB_HOME>\j2ee\home\config (for this case - c:\product\10.1.3.1\OracleAS_1\j2ee\home\config)
Given "<code-source path="C:\oracle\AS101202MID\integration\interconnect\lib\oai.jar"/>" in place of <code-source path="C:\oracle\mid\integration\interconnect\lib\oai.jar"/>
10. Restarted the ESB server to see desired output in ESB console.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
===========
OUPUT Details
===========
Expected Output:
================
A tree structure look like as below -
- adapters
applications
- InterConnect
- eis_ICAdapter_BPELPM
Implemented_Procedures
Invoked_Procedures
- Published_Events
Customer_AddCustomer
- Subscribed_Events
Customer_NewCustomer
legacy
Output that I am getting:
=========================
A tree structure look like as below -
- adapters
applications
InterConnect
- legacy
mvs08
Regards,
--Kaushik

I see what you are saying. Actually, I have already thought about that Option (Creating an AQ in between so that Oracle Interconnect can write to and EBS can read from for a particular message). Thanks for reminding me about this.
I was just trying to see Oracle Interconnect's BPEL Plug-in capabilities. I will try to run "regadapters.bat / sh" few more time to see if it works this time.
Unfortunately, I don't know dutch but you can always send me what you wrote. I will try to translate the same using some translator.
Thanks a lot for your help.
--Kaushik

DIP (Directory Integration Platform)

What user does DIP actually make modifications with? I'm trying to limit the actions of an OID plug-in so that it is only invoked after (post_modify) DIP makes the modification (i.e. when the synchronized database is modified).
Likewise, it would be useful to know how to make a plug-in fire only when someone besides DIP has made the modification.
Basically this user would be in the Plug-In Management -> "PLUG-IN NAME HERE" -> Optional Properties tab -> Plug-In Request Group.

DIP performs the operations as the profile. The identity used will be orclodipagentname=<profilename>,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory

OID multiple plug in with AD issue

Hi folks,
I have a problem here, I have two AD directories a1.domain1.com and a2.domain2.com
I don't have problem configuring external authentication against multiple domains by [http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15995/odip_config_integration.htm#CACCDHFE|http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15995/odip_config_integration.htm#CACCDHFE] . Then, I can see, in the plug-in managment, four plug_in enabled
oidexplg_compare_ad_domain1
oidexplg_compare_ad_domain2
oidexplg_bind_ad_domain1
oidexplg_bind_ad_domain2
However, when I try to login on SSO (oiddas) I can login with a user from domain1 but not with a user from domain2. And, If I set disabled oidexplg_compare_ad_domain1 I can login to domain2 and not to domain1.
I can't do to work both authentication at the same time!!
Does anybody has this happened? some configuration o something?
Thanks in advance.
Sergio.

I solved this problem. You have to provision the differents MSAD domains to different OUs in OID.

OIM-OID provisionning issue with external plug in with AD

Hi OIM/OID Guru's,
We are using OIM with OID connector and having external authentication plug-in feature of OID with AD. Here we are using OID for user profile storage and doing password validation by using external plugin through AD however we have been
facing one issue which is mentioned below :-
Whenever we are creating any user in through OIM and found that user is provisioned to the OID target source but populating wrong value of attribute orclSourceObjectDN in OID process form:-
orclSourceObjectDN = cn=OIDTEST3,CN=Users,DC=oracle-test,DC=oracle,DC=com
correct value should be orclSourceObjectDN =cn=OIDTEST3,CN=Users,DC=oracle,DC=com
we don't have any container in OID with DC=oracle-test however not sure how the process form is picking up this value?
However could you please put more light why it is appending wrong DN in OIM process form? Where should i check for this from OIM side?

Hi Dear,
thanks for your reply and we are using OIM 9.x version. Checked Root DN value as you suggested (see below snap shot for oid resource definition):-
Admin Id     cn=username
Admin Password     *******
Group Reconciliation Time Stamp
Last Target Delete Recon TimeStamp
Last Target Recon TimeStamp
Last Trusted Delete Recon TimeStamp
Last Trusted Recon TimeStamp
Port     6060
Prov Attribute Lookup Code     AttrName.Prov.Map.OID
Prov Group Attribute Lookup Code     AttrName.Group.Prov.Map.OID
Prov Role Attribute Lookup Code     AttrName.Role.Prov.Map.OID
Role Reconciliation Time Stamp
Root DN     DC=oracle,DC=com
SSL     false
Server Address     My server name
Use XL Org Structure     false

OID plug-in capabilities!!

Similar Messages

Maybe you are looking for