OID provisioning via OIM
OID provisioning from OIM
i have deployed and configured OID connector but users not provisioned to OID. it gives INVALID_NAMING_ERROR. what could be the possible reason.
please check and reply :
View IT Resource Details and Parameters
IT Resource Name OID IT Resource
IT Resource Type OID Server
Port 389
Use XL Org Structure false
Last Trusted Delete Recon TimeStamp
CustomizedReconQuery
SSL false
Server Address 10.76.118.72
Recon Attribute Lookup Code AttrName.Recon.Map.OID
Root DN dc=ad,dc=infosys,dc=com
Admin Id cn=orcladmin,cn=Users,dc=ad,dc=infosys,dc=com
Last Target Recon TimeStamp
Last Target Delete Recon TimeStamp
Last Trusted Recon TimeStamp
Admin Password *********
Prov Attribute Lookup Code AttrName.Prov.Map.OID
Similar Messages
-
It's posible the OID role Provisioning With OIM?
Hi experts,
I'm installing and configuring the OIM connector for OID. However I've found on the installation guide the next 'warnings':
- Reconciliation of roles is supported only for ODSEE and Novell eDirecotory target systems.
- Provisioning of roles is supported only for ODSEE and Novell eDirecotory target systems.
then my question is: how can I provision OID roles to any user using OIM??? If I can't do role provisioning to OID, I cant see so much utility for this connector.
My request its to provisioning roles that I've created on OID, using OIM interface.
Has anyone done this?
Thanks for you time.
regards.
Edited by: Daniel Cermeño on Sep 10, 2012 4:39 PMHi Leoncio and Gyanprakash,
Tanks for your response, thats make me feel more quiet.
I have still one question about this. In the installation and configuration guide says:
- If you are using the default connector configuration, for every group in the target system, create a corresponding organizational unit (with the same group name) in Oracle Identity Manager. This ensures that all groups from the target system are reconciled into their newly created organizational units, respectively.
- You can also configure the connector to reconcile the groups under one organization.
Then, when I run the reconciliation of OID groups in OIM. I obtain one organization with one resource representing my OID group. Or, if I prefer, I obtaion one organization with many resource that represents all my OID groups. However, I dont find how to provision this resources to my OIM users, cause I need that one user be part of one o more groups. If I put the user in the organization that represent my OID group, how I can provision more groups?
Furthermore, the reconciliations of OID groups creates resources/organizations, but in my understending this no create OIM roles isn't?
I'm sorry for my ignorance. This maybe is a trivial question, but I hope you can clarify this concepts to me.
Thanks for your time.
regards.
Edited by: Daniel Cermeño on Sep 11, 2012 8:08 AM -
Queuing/Retrying 'Rejected' status OID Process Tasks: OIM-OID provisioning
Hello Gurus,
I have already up and running environment with OIM, OID connector pack and OID as the target system. So when a user data (for e.g. a UDF) is being provisioned from OIM to OID target system; if a process task comes back with 'rejected' status due to target unavailability/OID down; then is there any settings that we can configure within OIM design console that queues up and retries these 'rejected' tasks related to each individual user?
Is there any setting within any of the OID lookups such that we can set a retry count for such process tasks?
The goal is without human intervention all these 'rejected' process tasks should run successfully and be set to 'completed' status. If the target system is unavailable then there should be a way to run all these failed tasks - is my assumption.
Is it by anyway related to 'Offline Provisioning'?
Please provide some guidelines.
Thanks,
- oidm.
Edited by: oidm on Mar 16, 2010 10:34 PMBut it'll only allow us to 'retry' those specific tasks for a limited number of times and limited period of time. And will this task be retried only if its 'rejected' or it'll be retried for whatever number of times we specified?
What if the target system doesn't come up for the whole day? Can we specify some value for the same in 'Duration' fields?
So all in all if we talk about retrying the failed/rejected tasks we just have these options in hand as far as task 'status' is concerned?
Thanks,
- oidm. -
OIM OID PROVISIONING-RECONCILIATION
hi
i m using OIM with OID for provisioning and reconciliation
while i reconcile from OID to OIM changes are reflected in OIM user profile
while provisioning from OIM to OID ,when i make some changes in user profile, it does not get reflected in process form. i need to make the changes again in process form ,then only it gets reflected in OID.
the process becomes very cumbersome. how this can be resolved ?Well for that you need to configure proper Change Field type process tasks which will actually transfer information from User Profile to process form.
Refer look up USR_PROCESS_TRIGGERS for more details. You might also have a look at similar threads like following.
Re: Password Update Task for OID Process form
Thanks
Sunny -
Hi everyone,
I want to provisioning to AD.
I create a Application Instance and I create form.
Then I go details of a user, and a go Accounts tab and I enter "Request Account".
Then I search catalog screent and add to cart then complete the operation ?
This is enough for provisioning ?
What is the meaning of "entitlement" ?
Do I have to execute Entitlement List scheduled job?
Do I have to do provisioning via "Entitlement"(in users detail screen)?
Thanks.
Best Regards.I create a Application Instance and I create form.
Then I go details of a user, and a go Accounts tab and I enter "Request Account".
Then I search catalog screent and add to cart then complete the operation ?
yes this is fine. hope you have populated form data at this place
This is enough for provisioning ?
Yes this is enough for provisioning.
What is the meaning of "entitlement" ?
entitlement holds the target system multivalued attribute like role,group, responsibility. In earlier version of OIM for viewing group/role you have to go to process form->child form which was quite tedius. Now you have the entitlement tab which hold all the child table data together( ie: role, group..etc)
Do I have to execute Entitlement List scheduled job?
yes, To link entitlements to the application instance we have to run this job. after running job you can go to sysadmin->appinstance-> search appinstance->Click the Entitlements tab, and verify that the entitlements are displayed or not.Even the entitlements are available in catalog after running this job. so, you can request it from catalog directly
Do I have to do provisioning via "Entitlement"(in users detail screen)?
yes for multivalued attribute you can request via 'Entitlement' tab. -
Updating custom boolean attribute in Active Directory via OIM
The adapters delivered with the AD connector support updating standard attributes (string) and multi-value attributes, but I can't seem to figure out how to update a custom Boolean attribute in AD via OIM. The delivered Boolean fields all appear to have custom adapters (ie Account Locked, Password Never Expires, etc.)
I've tried using the delievered adpADCSCHANGEATTRIBUTE adapter, but it fails (as expected) with:
+com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks : updateDetails : Attributes cannot update:[LDAP: error code 21 - 00000057: LdapErr: DSID-0C090B73, comment: Error in attribute conversion operation, data 0, v1772 ]+
Suggestions?No I don't have custom boolean attributes in AD. But I added custom attributes of other types.
When you say custom, do you mean it did not come with the out of the box AD connector, but exists in the Active Directory of your organization?
There are a few attributes in AD which look like they are boolean when you see the AD console but are actually different. Look at the link for details.
[http://support.microsoft.com/kb/305144]
Look at this post for context.
AD Provisioning - Password never expires & User must chg pwd at next logon
Thanks,
M -
we have the ldapsync setup on OIM11.1.1.5.4 via libOVD and the trusted source is OID 11.1.1.5.0
The reconciliations for the create/update to pull users from OID work except the password is randomly generated once the user creayed in the OIM which is not the same in the OID.
we want the same password in OIM as the OID's via LDAPSYNC recon. However Oracle support told that is not possible and pointed the doc http://docs.oracle.com/cd/E21764_01/doc.1111/e14309/reconsched.htm#sthref431
Question, if you have had the same requirement , how have you resolved this?we have the ldapsync setup on OIM11.1.1.5.4 via libOVD and the trusted source is OID 11.1.1.5.0
The reconciliations for the create/update to pull users from OID work except the password is randomly generated once the user creayed in the OIM which is not the same in the OID.
we want the same password in OIM as the OID's via LDAPSYNC recon. However Oracle support told that is not possible and pointed the doc http://docs.oracle.com/cd/E21764_01/doc.1111/e14309/reconsched.htm#sthref431
Question, if you have had the same requirement , how have you resolved this? -
Target Invocation Exception when provisioning from OIM to People Soft
Hi All,
I am facing an error while provisioning from OIM to PSFT. In OIM error logs I get the following error :
.0] [dcid: 214014dca901f288:-1705897b:139aeade537:-7ffd-00000000000266ac] ================= Start Stack Trace =======================
[2012-09-13T16:55:07.115-04:00] [dev-oim_oim_server01] [ERROR] [] [OIMCP.PSFTUM] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000Jb1QD7cBT8q5ONK6yd1GJNkN000UYj,0] [APP: oim#11.1.1.3.0] [dcid: 214014dca901f288:-1705897b:139aeade537:-7ffd-00000000000266ac] oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : invoke
[2012-09-13T16:55:07.116-04:00] [dev-oim_oim_server01] [ERROR] [] [OIMCP.PSFTUM] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000Jb1QD7cBT8q5ONK6yd1GJNkN000UYj,0] [APP: oim#11.1.1.3.0] [dcid: 214014dca901f288:-1705897b:139aeade537:-7ffd-00000000000266ac] InvocationTargetException occurred
[2012-09-13T16:55:07.117-04:00] [dev-oim_oim_server01] [ERROR] [] [OIMCP.PSFTUM] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000Jb1QD7cBT8q5ONK6yd1GJNkN000UYj,0] [APP: oim#11.1.1.3.0] [dcid: 214014dca901f288:-1705897b:139aeade537:-7ffd-00000000000266ac] Description : null
[2012-09-13T16:55:07.117-04:00] [dev-oim_oim_server01] [ERROR] [] [OIMCP.PSFTUM] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000Jb1QD7cBT8q5ONK6yd1GJNkN000UYj,0] [APP: oim#11.1.1.3.0] [dcid: 214014dca901f288:-1705897b:139aeade537:-7ffd-00000000000266ac] java.lang.reflect.InvocationTargetException[[
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager.invoke(Unknown Source)
at oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager.createUser(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisionManager.createUser(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpPSFTUMCREATEUSER.CREATEUSER(adpPSFTUMCREATEUSER.java:115)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpPSFTUMCREATEUSER.implementation(adpPSFTUMCREATEUSER.java:60)
at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2936)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:554)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:850)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1163)
at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:508)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:153)
at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:234)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2905)
at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:2978)
at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:523)
at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:177)
at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:563)
at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:303)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2905)
at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:283)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.provisionObject(tcUserOperationsBean.java:2813)
at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.provisionObject(tcUserOperationsBean.java:2615)
at Thor.API.Operations.tcUserOperationsIntfEJB.provisionObjectx(Unknown Source)
at sun.reflect.GeneratedMethodAccessor2471.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy303.provisionObjectx(Unknown Source)
at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl.provisionObjectx(tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl.java:2808)
at sun.reflect.GeneratedMethodAccessor2470.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:84)
at $Proxy165.provisionObjectx(Unknown Source)
at sun.reflect.GeneratedMethodAccessor2469.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy302.provisionObjectx(Unknown Source)
at Thor.API.Operations.tcUserOperationsIntfDelegate.provisionObject(Unknown Source)
at oracle.iam.requestactions.eventhandlers.ProvisionResource.provisionObject(ProvisionResource.java:281)
at oracle.iam.requestactions.eventhandlers.ProvisionResource.execute(ProvisionResource.java:209)
at oracle.iam.requestactions.eventhandlers.ProvisionResource.execute(ProvisionResource.java:96)
at sun.reflect.GeneratedMethodAccessor2116.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
at $Proxy236.execute(Unknown Source)
at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1035)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
at sun.reflect.GeneratedMethodAccessor1761.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy326.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:327)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: bea.jolt.ApplicationException: TPESVCFAIL - application level service failure
at bea.jolt.JoltRemoteService.decodeCALL(JoltRemoteService.java:452)
at bea.jolt.JoltRemoteService.call(JoltRemoteService.java:345)
at bea.jolt.JoltRemoteService.call(JoltRemoteService.java:267)
at psft.pt8.net.NetReqRepSvc.sendRequest(NetReqRepSvc.java:613)
at psft.pt8.net.NetService.requestService(NetService.java:153)
at psft.pt8.net.NetReqRepSvc.requestService(NetReqRepSvc.java:350)
at psft.pt8.joa.JOAService.joaRequestService(JOAService.java:60)
at psft.pt8.joa.CISvc.invokeMethod(CISvc.java:117)
at psft.pt8.joa.CI.invokeMethod(CI.java:282)
at PeopleSoft.Generated.CompIntfc.UserProfile.setPassword(UserProfile.java:361)
... 119 more
[2012-09-13T16:55:07.119-04:00] [dev-oim_oim_server01] [ERROR] [] [OIMCP.PSFTUM] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000Jb1QD7cBT8q5ONK6yd1GJNkN000UYj,0] [APP: oim#11.1.1.3.0] [dcid: 214014dca901f288:-1705897b:139aeade537:-7ffd-00000000000266ac] ================= End Stack Trace =======================
[2012-09-13T16:55:07.122-04:00] [dev-oim_oim_server01] [ERROR] [] [OIMCP.PSFTUM] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000Jb1QD7cBT8q5ONK6yd1GJNkN000UYj,0] [APP: oim#11.1.1.3.0] [dcid: 214014dca901f288:-1705897b:139aeade537:-7ffd-00000000000266ac] ================= Start Stack Trace =======================
[2012-09-13T16:55:07.123-04:00] [dev-oim_oim_server01] [ERROR] [] [OIMCP.PSFTUM] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000Jb1QD7cBT8q5ONK6yd1GJNkN000UYj,0] [APP: oim#11.1.1.3.0] [dcid: 214014dca901f288:-1705897b:139aeade537:-7ffd-00000000000266ac] oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : createUser
[2012-09-13T16:55:07.124-04:00] [dev-oim_oim_server01] [ERROR] [] [OIMCP.PSFTUM] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000Jb1QD7cBT8q5ONK6yd1GJNkN000UYj,0] [APP: oim#11.1.1.3.0] [dcid: 214014dca901f288:-1705897b:139aeade537:-7ffd-00000000000266ac] Exception occurred
[2012-09-13T16:55:07.125-04:00] [dev-oim_oim_server01] [ERROR] [] [OIMCP.PSFTUM] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000Jb1QD7cBT8q5ONK6yd1GJNkN000UYj,0] [APP: oim#11.1.1.3.0] [dcid: 214014dca901f288:-1705897b:139aeade537:-7ffd-00000000000266ac] Description :
[2012-09-13T16:55:07.125-04:00] [dev-oim_oim_server01] [ERROR] [] [OIMCP.PSFTUM] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000Jb1QD7cBT8q5ONK6yd1GJNkN000UYj,0] [APP: oim#11.1.1.3.0] [dcid: 214014dca901f288:-1705897b:139aeade537:-7ffd-00000000000266ac] oracle.iam.connectors.common.ConnectorException: [[
at oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager.invoke(Unknown Source)
at oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager.createUser(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisionManager.createUser(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
From PSFT jolt logs we see the folloing error :
UStreamId=013523_22586.158, Token=PSFT_EP/2012-09-06-21.35.23.887462/OIMUM/ENG owAAAAQDAgEBAAAAvAIAAAAAAAAsAAAABABTaGRyAk4Aawg4AC4AMQAwABSJ/euKJi2vwYeA5MWPoFQixOa+JmMAAAAFAFNkYXRhV3icHYlLDkBQEATLIxYWbkIY/wMgFj4J1g7gig6n86bTVUnPC0ShCwL5c/hLdhZWbjUe2ZhJD04mLh5GDmqjoMTI5MGzFU1bTkUjmpzTKx21vgY/W9ULMQ==
PSAPPSRV.22586 (159) [09/07/12 01:35:28 OIMUM@corwloimhd01 PSBusComp](1) (NET.346): Failed to execute PSBusComp request
PSAPPSRV.22586 (159) [09/07/12 01:35:28 OIMUM@corwloimhd01](2) Service PSBusComp failed
PSAPPSRV.21114 (242) [09/07/12 02:16:10 GetCertificate](3) Returning context. ID=OIMUM, Lang=ENG, UStreamId=021610_21114.242, Token=PSFT_EP/2012-09-06-22.16.10.689063/OIMUM/ENG
Any one has an idea on how to resolve this- I understand you ran schedule task, but did it bring all the valid values in the lookup ?
- In addition to it, are you supplying all the values i n the form while doing so ?
- If you are doing auto-provisioning , do it manually and see.
Thanks
Sunny -
Collection assign issue in OID provisioning environment
Hy Tom,
I am interested in LDAP with OID PROVISIONING in portal 10g application.
we create a register procedure.
however. i got an error message as ORA-06502: PL/SQL: numeric or value error: NULL index table key value.
After debuging, we found that issue result assign null value .
when we assign as
user_vals(counter2) := entry.attr(counter1).attrval(counter2);
It seems that that we can not assign entry.attr(counter1).attrval(counter2) to other var two time in procedure.
It is server configuration issue or code issue.
Thanks
Newweber
*********************** Code
PROCEDURE pre_add ( ldapplugincontext IN ODS.plugincontext,
dn IN VARCHAR2,
entry IN ODS.entryobj,
rc OUT INTEGER,
errormsg OUT VARCHAR2
IS
ret INTEGER;
l_portal_user wwsec_person.USER_NAME%type;
l_first_name wwsec_person.FIRST_NAME%type;
l_last_name wwsec_person.LAST_NAME%type;
l_email wwsec_person.EMAIL%type;
l_work_phone wwsec_person.WORK_PHONE%type;
l_mobile wwsec_person.MOBILE_PHONE%type;
counter1 pls_integer;
counter2 pls_integer;
retval pls_integer := -1;
s integer;
user_session DBMS_LDAP.session;
user_dn varchar(256);
user_array DBMS_LDAP.mod_array;
user_vals DBMS_LDAP.string_collection;
user_binvals DBMS_LDAP.blob_collection;
indx number := 1;
BEGIN
l_portal_user :=null;
l_first_name :=null;
l_last_name :=null;
l_email :=null;
l_work_phone :=null;
l_mobile :=null;
l_description :=null;
rc := 0;
errormsg :=null;
-- Create a mod_array
user_array := dbms_ldap.create_mod_array(entry.binattr.count + entry.attr.count);
-- Create a user_dn
user_dn := substr(dn,1,instr(dn,',',1,1))||'cn=users,dc=e-hms,dc=net';
FOR l_counter1 IN 1..entry.attr.COUNT LOOP
FOR l_counter2 IN 1..entry.attr(l_counter1).attrval.COUNT LOOP
ckerror('second loop get value--'|| entry.attr(l_counter1).attrname || '[' || l_counter1 || ']' ||'.val[' || l_counter2 || '] = ' ||entry.attr(l_counter1).attrval(l_counter2));
if entry.attr(l_counter1).attrval(l_counter2) is null then
ckerror('handle null attribule ');
else
-- get value
ckerror('get value2'||entry.attr(l_counter1).attrname);
IF entry.attr(l_counter1).attrname ='givenname' then
l_first_name :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('givename/firstname--'||l_first_name);
elsif entry.attr(l_counter1).attrname ='sn' then
l_last_name :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('sn/lastname--'||l_last_name);
elsif entry.attr(l_counter1).attrname ='mail' then
l_email := entry.attr(l_counter1).attrval(l_counter2);
ckerror(' email--'||l_email);
elsif entry.attr(l_counter1).attrname ='mobile' then
l_mobile :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('mobile--'||l_mobile);
elsif entry.attr(l_counter1).attrname ='telephonenumber' then
l_work_phone :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('work telphone--'||l_work_phone);
elsif entry.attr(l_counter1).attrname ='cn' then
l_portal_user :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('cn/username--'||l_portal_user);
elsif entry.attr(l_counter1).attrname ='description' then
l_description :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('description--'||l_description );
else
ckerror('handle other entry name--'|| entry.attr(l_counter1).attrname);
ckerror('handle other entry--'||entry.attr(l_counter1).attrval(l_counter2) );
end if;
end if;
ckerror('end compare at second loop');
ckerror('NULL ASSIGN ISSUE FOR 72 --'||entry.attr(counter1).attrval(counter2));
user_vals(counter2) := entry.attr(counter1).attrval(counter2);
END LOOP;
ckerror('end first loop');
--- put ldap
dbms_ldap.populate_mod_array(user_array,DBMS_LDAP.MOD_ADD, entry.attr(counter1).attrname,user_vals);
user_vals.delete;
END LOOP;
processs other (l_firstname...) vars in SQL sataement
EXCEPTION
WHEN OTHERS THEN
ckerror( 'Exception in PRE_ADD plugin. Error code is ' || TO_CHAR(SQLCODE));
ckerror( ' ' || Sqlerrm);
rc := 909;
errormsg := 'Error code:'|| rc||' exception: pre_add data';
END;Hy Tom,
I am interested in LDAP with OID PROVISIONING in portal 10g application.
we create a register procedure.
however. i got an error message as ORA-06502: PL/SQL: numeric or value error: NULL index table key value.
After debuging, we found that issue result assign null value .
when we assign as
user_vals(counter2) := entry.attr(counter1).attrval(counter2);
It seems that that we can not assign entry.attr(counter1).attrval(counter2) to other var two time in procedure.
It is server configuration issue or code issue.
Thanks
Newweber
*********************** Code
PROCEDURE pre_add ( ldapplugincontext IN ODS.plugincontext,
dn IN VARCHAR2,
entry IN ODS.entryobj,
rc OUT INTEGER,
errormsg OUT VARCHAR2
IS
ret INTEGER;
l_portal_user wwsec_person.USER_NAME%type;
l_first_name wwsec_person.FIRST_NAME%type;
l_last_name wwsec_person.LAST_NAME%type;
l_email wwsec_person.EMAIL%type;
l_work_phone wwsec_person.WORK_PHONE%type;
l_mobile wwsec_person.MOBILE_PHONE%type;
counter1 pls_integer;
counter2 pls_integer;
retval pls_integer := -1;
s integer;
user_session DBMS_LDAP.session;
user_dn varchar(256);
user_array DBMS_LDAP.mod_array;
user_vals DBMS_LDAP.string_collection;
user_binvals DBMS_LDAP.blob_collection;
indx number := 1;
BEGIN
l_portal_user :=null;
l_first_name :=null;
l_last_name :=null;
l_email :=null;
l_work_phone :=null;
l_mobile :=null;
l_description :=null;
rc := 0;
errormsg :=null;
-- Create a mod_array
user_array := dbms_ldap.create_mod_array(entry.binattr.count + entry.attr.count);
-- Create a user_dn
user_dn := substr(dn,1,instr(dn,',',1,1))||'cn=users,dc=e-hms,dc=net';
FOR l_counter1 IN 1..entry.attr.COUNT LOOP
FOR l_counter2 IN 1..entry.attr(l_counter1).attrval.COUNT LOOP
ckerror('second loop get value--'|| entry.attr(l_counter1).attrname || '[' || l_counter1 || ']' ||'.val[' || l_counter2 || '] = ' ||entry.attr(l_counter1).attrval(l_counter2));
if entry.attr(l_counter1).attrval(l_counter2) is null then
ckerror('handle null attribule ');
else
-- get value
ckerror('get value2'||entry.attr(l_counter1).attrname);
IF entry.attr(l_counter1).attrname ='givenname' then
l_first_name :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('givename/firstname--'||l_first_name);
elsif entry.attr(l_counter1).attrname ='sn' then
l_last_name :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('sn/lastname--'||l_last_name);
elsif entry.attr(l_counter1).attrname ='mail' then
l_email := entry.attr(l_counter1).attrval(l_counter2);
ckerror(' email--'||l_email);
elsif entry.attr(l_counter1).attrname ='mobile' then
l_mobile :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('mobile--'||l_mobile);
elsif entry.attr(l_counter1).attrname ='telephonenumber' then
l_work_phone :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('work telphone--'||l_work_phone);
elsif entry.attr(l_counter1).attrname ='cn' then
l_portal_user :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('cn/username--'||l_portal_user);
elsif entry.attr(l_counter1).attrname ='description' then
l_description :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('description--'||l_description );
else
ckerror('handle other entry name--'|| entry.attr(l_counter1).attrname);
ckerror('handle other entry--'||entry.attr(l_counter1).attrval(l_counter2) );
end if;
end if;
ckerror('end compare at second loop');
ckerror('NULL ASSIGN ISSUE FOR 72 --'||entry.attr(counter1).attrval(counter2));
user_vals(counter2) := entry.attr(counter1).attrval(counter2);
END LOOP;
ckerror('end first loop');
--- put ldap
dbms_ldap.populate_mod_array(user_array,DBMS_LDAP.MOD_ADD, entry.attr(counter1).attrname,user_vals);
user_vals.delete;
END LOOP;
processs other (l_firstname...) vars in SQL sataement
EXCEPTION
WHEN OTHERS THEN
ckerror( 'Exception in PRE_ADD plugin. Error code is ' || TO_CHAR(SQLCODE));
ckerror( ' ' || Sqlerrm);
rc := 909;
errormsg := 'Error code:'|| rc||' exception: pre_add data';
END; -
We have been given the task of migrating our existing identity management systems to OIM (Oracle Identity Manager).
Part of our existing system uses OID (Oracle Internet Directory). All users have an entry in OID. Some of our systems use OID for authentication.
We also use OID to hold users' entitlements/privileges that control access to our applications. We use OID groups (represented by entries based on groupOfUniqueNames and orclGroup objects) to do this. For example we might have an application called 'Finance' with three levels of access represented by OID groups e.g. 'finance_enquiry', 'finance_updater', 'finance_superuser'. Those groups would all belong to a parent group called 'finance_application'. To access the application the user needs to be a member of 'finance_application' group or one of its child groups. Access to features of the application are controlled by membership of the 3 child groups. We have an application that maintains groups, group membership, and user entitlements in OID.
As part of the migration project we want to move maintenance of groups and group membership from our own application into OIM. The above scenario seems quite basic.
My main question is how would this be done in OIM? Do our current OID groups become OIM Groups? Do they become entries in some lookup table in OIM? Are there any case studies or other documentation that describes this kind of requirement?
I've looked at the OIM Connector for OID documentation but it doesn't describe typical scenarios. It assumes that you know what you are doing.
We also want to give users the ability to request entitlements, and to provide an approval process. So we could have a user who approves/rejects entitlement requests to access to the applications they control. But that's a another topic.
Cheers,
EricPeachEye wrote:
We have been given the task of migrating our existing identity management systems to OIM (Oracle Identity Manager).
As part of the migration project we want to move maintenance of groups and group membership from our own application into OIM. The above > scenario seems quite basic.You're about to find out otherwise.
>
My main question is how would this be done in OIM? Do our current OID groups become OIM Groups? Do they become entries in some lookup table > in OIM? Are there any case studies or other documentation that describes this kind of requirement?You'll need a custom connector and lots of OIM tweaks. Your groups will stay in OID, OIM will replace the current application you use to maintain them. That's one way of doing it, no impact to OID schema is the benefit of this way, there are other ways. -
Documentation(how to) for provisioning AD --OIM-- DB
Hello all,
Where i can find some "how to" about provisioning AD<--OIM-->DB? I need to install this resource , but i don't know how ? I didn't find (more difficult to me) a kind of "how to" about OIM-->DB provisioning.
Thanks a lot.I was told that there is going to be (or potentially just has been) an OIM 9.1 training in Munich this spring.
The core problem is that it is simply not possible to train someone on something as complex as OIM in just a few days so the basic bootcamp training has to focus on the basic principles and shield the user from all the evil details. The issue with this approach is that when the user gets back to the implementation project they are now seen as experts that should be able to resolve anything as they have attended the training.
Find reconciliation in the fact that you now have a very marketable skill :)
If OIM implementation was easy you would have to find a new job -
The method to provision the OIM System Date to a target System
Hi,
I want to provision the OIM System Date(date format : "YYYY-MM-DD HH:MI:SS") to a target System(DB Type:Oracle).
The Column type in The target System is Date Type.
I use the process adapter and assign the System Date to the Process Data - Date Type Column - in the target System.
it doesn't work.
How do i do?????
please help me- That's simple. You have already created this date type variable in your process form. Now pass it in whichever format it is. In your code for creation in oracle, do a date conversion as required using custom code. This would work if you have written your code and you are not using DBApp Tables connector. Do it as follows:
SimpleDateFormat input = new SimpleDateFormat("OIM_DATE_FORMAT");
SimpleDateFormat output = new SimpleDateFormat("ORACLE_DB_DATE_FORMAT");
Date date = input.parse("Pass form date over here");
return output.format(date); // Pass this value to Oracle
- If its DBApp Table connector then connector must take care of this by itself.
Thanks
Sunny -
How to install OID connector using OIM API in 11g?
Hi All,
We are using OID connector in OIM 11g environment. It is a simple process to install OID connector by unzipping the connector zip file to ConnectorDefaultDirectory and goto Admin console and load the connector.
However, we are looking for API methods to simulate "load the connector " step in GUI.
Please help.
Thanks
Mahendra.Hey Mahendra,
I am not aware of this API to do the 'Deployment Manager' load task. But III try to help you using another way:
1-You can use ICF API to do this task(creating it specifically to OID). Using ICF: http://www.groenenberg.nu/Oracle_Doc/AS_11.1.1.5/doc.1111/e14309/icf.htm#BABFDJHJ
2- And following this example that my buddy did for Open DS: http://itnaf.org/2011/12/30/developing-icf-connectors/
Another helpful doc: http://docs.oracle.com/cd/E14571_01/doc.1111/e14309.pdf
I hope this helps,
Thiago Leoncio. -
OID, OVD, OIF, OIM, OAM version
Hey guys, I wanted to know if there is some commands that would give me the versions of OID, OVD, OIF, OIM, OAM
Weblogic version can be found by connecting to the console at the bottom of the page: e.g:
"WebLogic Server Version: 10.3.3.0
Copyright © 1996,2010, Oracle and/or its affiliates. All rights reserved."
However, for specific product, I'm not sure if there is a way to know the version. Is there a version.property file or a command that can help me ?)
In case of OID, OVD:
- opmnctl services version
- odsm version
In case of OIF:
- opmnctl services version
- oif version
In case of OAM:
- version of identity server
- version of access server
- version of webgate
In case of OIM:
- version of OIM
Thank you for your help.for OID-Step1-Make Sure DB is up and running
Run: prompt> tnsping <connect string>
Step2-Make sure OID processes are up
Prompt>$ORACLE_HOME/bin/oidctl connect=<servicename from tnsnames.ora> status
-Once u run above comnd u could see processes and ver
for OIA-Once u complete installations Open rbacx.log for versin info
thnks
vishwa
orcl -
Portal role/ group provisioning via CUP
HI Gurus,
We are planing to perform portal role (EP 7 )provisioning via CUP. Is there any config guide available for this which we can follow.
Thanks
AniThis guide might be of help:
http://www.sdn.sap.com/irj/bpx/go/portal/prtroot/docs/library/uuid/502a14db-6261-2c10-22b5-95117ab0e5ed
Regards,
Luis
Maybe you are looking for
-
How to remove sql statement in spool output?
Hi Gurus, If my spool query is like this set feedback off set verify off set trimspool on set heading off spool c:\test\test.csv select * FROM test; spool offI am getting my csv file as like this: SELECT * FROM test1 SSO shsrgh
-
Hi, I have a problem with functions removeDatabase and truncateClass, now I want to clear all data in a database with a small cost and I found these two APIs can meet my needs, but it awalys give me com.sleepycat.je.rep.DatabasePreemptedException whe
-
Unable to view captivate 8 preview project in internet explorer
unable to view captivate 8 preview>project in internet explorer. I get 404 web page can't be found. I haven't built an extensive layout. I just changed the title text and subtitle text to preview in a browser. It doesn't want to show any result.
-
Some Brazillian certificates are not accepted by Firefox
Some certificates from Brazillian Government sites are not accepted by Firefox
-
Update 4.3.3 failed and ipad not working
Hi All Just downloaded the update. When it tried to update the Ipad 2, it failed with an error msg. and now the Ipad just displays the USB Itunes icon and is not usable. This happened the first time I updated and had to bring to a shop. Is this somet