OIM 11g attaching an adapter to the delete user process

Similar Messages

• Error U9KP7Q94 when logged in with the deleted user after its recreation...

  Hi All,
  How to get default screen for the deleted user when we recreate the same user with same name?
  i have deleted the user for ex. 'XYZ' (from the catalog user group managemet) and when again i am trying to browse the obiee with the same user i.e. XYZ (after passing the authentication using some LDAP) then i am getting the error like 'Error U9KP7Q94'.
  can anyone help me in this..
  thanks
  Edited by: user10946827 on Apr 26, 2009 4:32 AM

  I don't really see your problem. Do you have any error message ?
  You may have may be a security problem.
  Have you see in the catalog manager if you have the right / grant for the user on the report.
  You can log as administrator / go to the catalog manager / shared folder / catalog root / users /
  - on your user / in the items properties, set the owner ship to the administrator
  - go to the security icon of the directory user
  - give the access to the administrator
  and then you have access to the directory
  To see the grant of each file, you must do the same manipulation (become the owner, change the security, ...)
  Success
  Nico

• Can We Trash the Deleted Users Folder?

  At HD>Users, there's a Deleted Users folder. My 'home' account is 'Dave' and the Deleted User is 'Dave'. I don't recall ever messing with Accounts. Anywho, this folder is 1.33 GB! Can I safely trash it?
  Thx!

  Well, upon reading it a third time (LOL), it seems Apple has a rather circuitous way of splainin' things...
  "...This document describes steps for doing so in Mac OS X 10.0 to 10.1.5...."
  But then, "...With Mac OS X 10.2 or later, deleted users' folders are handled differently....Admin users may leave them for reference or simply drag them to the Trash, as desired. The steps below are not necessary..."
  I went ahead and trashed it; saved over 2GB.
  Thx!

• How to call OID delete user process task from AD process definition

  Hi All,
  I wanted to call OID delete user process task from AD process def. I have created a process task in AD Process def which will be integrated with OID Delete User adapter. How can i map OID related attributes to the adapter api?
  Expected inputs for OID delete api :
  root DN
  orgDN
  admin pwd
  server
  attr lookupcode
  XLOrgFlag
  sProcessInsKey
  UserID
  PDataOrg
  port
  AdminID
  SSLFlag
  here i cannot map some like : sProcessInsKey
  any pointers would be appreciated.
  Regards,
  Ashok

  OID delete user process task from AD process defWhy don't use call Revoke Resource API ?
  http://otndnld.oracle.co.jp/document/products/id_mgmt/idm_904/doc_cd/javadocs/operations/Thor/API/Operations/tcUserOperationsIntf.html#revokeObject%28long,%20long%29
  Use getObject API
  Iterate through resultset.
  If RONAME == OID User then call revokeObject

• How to increas the max user process number in Solaris 11?

  Hey
  Could anyone told me how to increas the max user process number in Solaris 11? I tried below as described in https://blogs.oracle.com/hasham/entry/solaris_10_increasing_number_of , but it cannot work.
  set pidmax=60000
  set maxusers = 4096
  set maxuprc = 50000
  set max_nprocs = 50000
  Thanks!
  Edited by: 966272 on Oct 18, 2012 7:38 AM

  Perhaps you should work your original forum post:
  Oracle 11g installation fail on Solaris 11 64bit - ORA-00443
  through to a resolution before you complicate things that likely don't apply.
  You make an assumption in that other post about exceeding various maximums. That may be true or it may not be true. Since the installation of a database program seems to be your actual expectation, go work that forum thread instead.

• Reconciliation for the deleted user accounts on Target Resource

  Hi,
  I am trying to run reconciliation on a DB Table as the target resource. It is linking the user accounts that are present in the target resource.
  But for the user accounts that are deleted on the target resource Reconciliation is not showing any action on the IdM user accounts under resource profile. The resource object link still shows the status "Provisioned".
  Ideally when the users are deleted on the target resource User's profile, Does it require any customizations to make the resource assignment status to "revoked" instead of "Provisioned".
  Any response would be of great help.
  Thanks in advance.

  See there could be two possibilities only:
  *1) User Status Recovery via trusted Reconciliation*
  Associated field in OIM responsible for it - Status field of OIM User Profile -> Check Process Definition for Xellerate User or any Trusted resource in "Reconciliation Field Mappings" section
  Valid values are : Active, Disabled and Deleted
  *2) Account Status Recovery via target Reconciliation*
  Associated field in OIM responsible for it - OIM_OBJECT_STATUS field from Process Data Field -> Check Process Definition for Your custom resource of DB App Table in "Reconciliation Field Mappings" section
  Valid values are : Enabled, Disabled and Revoked
  So you are trying to achieve the second part.
  Hope its clear.
  Thanks
  Sunny

• OIM 11g: How to remove rule requiring unique user email addresses

  Use the OIM 11g Administrative and User Console to update a user's email address to be the same as another user's address and on save you get error message:
  "The user with the attribute Email and value [email protected] already exists"
  In OIM 9.1 we used to be allowed duplicate email addresses.
  OIM 11g wants them to be unique (refer OIM 11g User Guide table 11-2 in section "11.2 User Entity Definition" which shows the email attribute properties with unique:yes).
  How do you change this to "unique:no"?
  The OIM 11g Admin Guide section "14 Configuring User Attributes" describes the User.xml file in MDS but doesn't mention unique properties.
  The System Properties accessed via System Management->System Configuration doesn't show anything that looks like an option to enforce email address uniqueness.
  Thanks

  OIM 11g does not allow duplicate email addresses. We asked Oracle about this and they responded that the feature (duplicate email addresses) was "removed from OIM 11g due to sending mail notifications, security and other related
  concerns". We think we can live with this restriction and did not make an enhancement request.
  The user guide does show that email address is unique:
  http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14316/usr_mangmnt.htm#BGBDCDCH
  but there's no way to override the rule.

• OIM 11g R2 PS1 - custom challenge question by user

  Hello.. we have a requirement to let end user create their own challenge question? OOTB I don't see any option to let users enter thier own password challenge question during the time of challenge question registration.
  While I was going through the OIM documentation I came across this property PCQ.USE_DEF_QUES for which the documentations says:
  http://docs.oracle.com/cd/E21764_01/doc.1111/e14308/system_props.htm
  For customers who have customized their UI to allow end-users to set their own challenge questions, this property determines whether the user must select challenge questions from a predefined list in the Web Application, or if users are required to provide their own questions.
  Note: Functionality that allows end-users to set their own challenge questions is not supported in the standard out-of-the-box user interface.
  Any ideas or suggestions on how or where to do the customization for this requirement?

  Check the for duplicacy in OBJ_KEY column of the process defination. If duplicate values exit then set them to 'null'  and commit. Restart OIM if required

• "OIM Database Application Connector" is Recon the same user many times!

  Hey,
  I am facing an interesting issue that my OIM Database Application Connector is reconning (Creating) the same user many times.
  I have created/configured the "OIM DB Application Connector" which should Recon the new user in to OIM when ever new user created in the database via portal. I scheduled the connector every 15 min. The connector is working as expected and creating new OIM user if any new user has created in the DB table.
  Issue here is: I have created one user in the table which has reconed to OIM and I can see the entry in design console Recon Manager table. After 15 min when connecotr is run it is picking up the same user. So it is picking the same user every time it runs!!!. It stops picking the user after some time, but dont have exact time when it stop picking the user. But I could see min 25+ times same user and all the time the status is EVENT LINKED. Any idea please why it is happening. My matching criteria is Time Stamp Attribute: "Updated_By_Sysate" & Unique Attribute = "User_ID".
  My Env:
  OIM Version: 9101
  Server : Weblogic
  DB : SQL Server 2005 (Source DB)
  Any idea please?
  thanks
  kln

  1) Yes, you should add in your resource object all fields that are defined in xel_data_source parameters of config.xml file.
  2) Correct. You have to create a user defined field in your form designer and map it to a column in your process definition (reconciliation field mapping tab).
  3) Reconciliation rule is the rule that OIM use to link Database users and OIM users. You need to create a recon rule using an attribute who has the same value in both systems. Also, you need to define this rule in your config.xml file (see how to configure reconcile tasks in connector documentation). So, this attribute used in your recon rule must be required because it will be used to create or link users. You can define any other fields as required, but if one of these required fields are not filled, you will receive a "Required Data Missing" error in your reconciliation manager event.
  4) Reconciliation is used to update OIM with changes made directly in your database table. To update your database table based on OIM changes, you must modify an user attribute in your UD_DBAPP user's form.
  Regards.

• How to read User ID from the request Form and pre populating in the AD User process form before provisioning

  I am trying to read the user Id from the submitted AD User request form( Catalogue AD User form. I need User Id,firstname and lastname inorder to prepopulate the common name as in this format - lastname,firstname (userid)  for the user to be provisioned in Active Directory.
  So after filling the AD User request form with User Id and Organization and submitting the request, I am trying to
  prepopulate the common name in the process form before the provisioning.
  The prepopulate adopter for the common name is configured to read the firstname, lastname and userid. firstname and
  lastname variables are mapped to User definition and user Id is mapped to Process Data. In this setup I am not getting the
  User Id value from process data, it is empty.
  Is this a bug with OIM 11g R2 or I need to do it differently in order to read the user Id that user has entered in the
  request form for populating the common name?
  Thanks

  Ghulam Yassen wrote:
  How to get USER_ID and IP_AddressWhy exactly do you need this data and what do you plan to do with it?
  The data is not reliable and trustworthy. IP addresses can easily be spoofed (a few seconds if you know what to do and how to do it). Also, IP addresses are not static. Users also do not use the same network device to access the database - different devices will have different IP addresses.
  The o/s user on the client is supplied by the client driver. This can also be spoofed.
  The user can also use a virtualised device - which means that recording the IP and o/s user seen from the server side, is pretty much useless and meaningless.
  So if this data is intended to be used for auditing for example - it would be pretty suspect data to use for that purpose.

• ADCS Delete user process task

  I am very sorry to ask this question to you, But I am helpless here,
  Dev team has implemented Provisioning/DeProvisioning process for AD. If user terminated, OIm first disable the user's AD account and after 21 days, its deletes the AD account. I am not able to find, how and when "ADCS delete user" task has been invoked by oim. Can any one please help me to find it out.
  Thanks.

  There should be a schedule task which runs daily and check for the Termination Date for all these users, if its > 21 days then it must have been manually inserting this task in the user's AD resource profile

• OIM 11g Post Create Adapter not invoked

  I want to create a postprocess adapter for user creation. I registered my plugin and uploaded the metadata.
  However it is not getting invoked. On checking the logs for oracle.iam.platform.kernel.impl I can see only the out of box metadata xmls being read, but my xml path does not show up in the logs
  If I run this against MDS database
  select path_contentid,path_name,path_fullname,path_doc_elem_name from mds_paths where path_doc_elem_name ='eventhandlers' order by path_fullname asc
  It does show my metadata entry.
  Any idea on what is wrong here?
  Edited by: user13720159 on Jan 18, 2012 3:57 AM

  All the files that I used for the plugin including the metadata is attached here
  [https://sites.google.com/site/oracleforumzone/post-adapter-all-files.zip?attredirects=0&d=1|https://sites.google.com/site/oracleforumzone/post-adapter-all-files.zip?attredirects=0&d=1]
  I registered the plugin using java code, which is this [https://sites.google.com/site/oracleforumzone/Register.java?attredirects=0&d=1|Register Code]
  After that I ran the weblogicImportMetadata.bat file to load the metadata
  Running this
  select path_contentid,path_name,path_fullname,path_doc_elem_name from mds_paths where path_doc_elem_name ='eventhandlers' order by path_fullname asc
  (First I had 1 entry for /metadata/user/UserPostAdapter/EventHandlers.xml     then I tried again so 2 entries)
  gives me the following:
  86     EventHandlers.xml     /metadata/iam-features-OIMMigration/EventHandlers.xml     eventhandlers
  176     EventHandlers.xml     /metadata/iam-features-OIMMigration/EventHandlers.xml     eventhandlers
  173     EventHandlers.xml     /metadata/iam-features-Scheduler/EventHandlers.xml     eventhandlers
  83     EventHandlers.xml     /metadata/iam-features-Scheduler/EventHandlers.xml     eventhandlers
  203     EventHandlers.xml     /metadata/iam-features-accesspolicy/event-definition/EventHandlers.xml     eventhandlers
  113     EventHandlers.xml     /metadata/iam-features-accesspolicy/event-definition/EventHandlers.xml     eventhandlers
  92     EventHandlers.xml     /metadata/iam-features-asyncwsclient/EventHandlers.xml     eventhandlers
  182     EventHandlers.xml     /metadata/iam-features-asyncwsclient/EventHandlers.xml     eventhandlers
  106     EventHandlers.xml     /metadata/iam-features-autoroles/event-definition/EventHandlers.xml     eventhandlers
  196     EventHandlers.xml     /metadata/iam-features-autoroles/event-definition/EventHandlers.xml     eventhandlers
  114     EventHandlers.xml     /metadata/iam-features-callbacks/event_configuration/EventHandlers.xml     eventhandlers
  204     EventHandlers.xml     /metadata/iam-features-callbacks/event_configuration/EventHandlers.xml     eventhandlers
  205     EventHandlers.xml     /metadata/iam-features-configservice/event-definition/EventHandlers.xml     eventhandlers
  115     EventHandlers.xml     /metadata/iam-features-configservice/event-definition/EventHandlers.xml     eventhandlers
  195     EventHandlers.xml     /metadata/iam-features-identity/event-definition/EventHandlers.xml     eventhandlers
  105     EventHandlers.xml     /metadata/iam-features-identity/event-definition/EventHandlers.xml     eventhandlers
  88     EventHandlers.xml     /metadata/iam-features-notification/EventHandlers.xml     eventhandlers
  178     EventHandlers.xml     /metadata/iam-features-notification/EventHandlers.xml     eventhandlers
  110     EventHandlers.xml     /metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml     eventhandlers
  200     EventHandlers.xml     /metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml     eventhandlers
  211     EventHandlers.xml     /metadata/iam-features-reconciliation/event-definition/EventHandlers.xml     eventhandlers
  121     EventHandlers.xml     /metadata/iam-features-reconciliation/event-definition/EventHandlers.xml     eventhandlers
  104     EventHandlers.xml     /metadata/iam-features-request/event-definition/EventHandlers.xml     eventhandlers
  194     EventHandlers.xml     /metadata/iam-features-request/event-definition/EventHandlers.xml     eventhandlers
  120     EventHandlers.xml     /metadata/iam-features-requestactions/event-definition/EventHandlers.xml     eventhandlers
  210     EventHandlers.xml     /metadata/iam-features-requestactions/event-definition/EventHandlers.xml     eventhandlers
  109     EventHandlers.xml     /metadata/iam-features-selfservice/event-definition/EventHandlers.xml     eventhandlers
  199     EventHandlers.xml     /metadata/iam-features-selfservice/event-definition/EventHandlers.xml     eventhandlers
  153     EventHandlers.xml     /metadata/iam-features-sod/EventHandlers.xml     eventhandlers
  63     EventHandlers.xml     /metadata/iam-features-sod/EventHandlers.xml     eventhandlers
  100     EventHandlers.xml     /metadata/iam-features-system-configuration/EventHandlers.xml     eventhandlers
  190     EventHandlers.xml     /metadata/iam-features-system-configuration/EventHandlers.xml     eventhandlers
  79     EventHandlers.xml     /metadata/iam-features-tasklist/EventHandlers.xml     eventhandlers
  169     EventHandlers.xml     /metadata/iam-features-tasklist/EventHandlers.xml     eventhandlers
  186     EventHandlers.xml     /metadata/iam-features-templatefeature/EventHandlers.xml     eventhandlers
  96     EventHandlers.xml     /metadata/iam-features-templatefeature/EventHandlers.xml     eventhandlers
  162     EventHandlers.xml     /metadata/iam-features-transUI/EventHandlers.xml     eventhandlers
  72     EventHandlers.xml     /metadata/iam-features-transUI/EventHandlers.xml     eventhandlers
  432     EventHandlers.xml     /metadata/user/UserPostAdapter/EventHandlers.xml     eventhandlers
  433     EventHandlers.xml     /metadata/user/UserPostAdapter/EventHandlers.xml     eventhandlers

• OIM 11g - Set a default password when a user is created

  Hi everybody,
  I'm trying to set a default password when I create a user manually but I've got some errors.
  I firstly created a pre-process event handler to generate automatically a login and an email for a user who is created and it worked fine. But now I'm trying to generate a default password (like "ChangeIt" for example) that the user will have to change the first time.
  This is the code I wrote :
  public EventResult execute(long processId, long eventId, Orchestration orchestration) {
  String methodName = "EventREsult execute";
  System.out.println("###### " + className + " - method " + methodName + " - STARTED");
  HashMap<String, Serializable> parameters = orchestration.getParameters();
  System.out.println("###### OK1");
  String firstName = (String)parameters.get(UserManagerConstants.AttributeName.FIRSTNAME.getId());
  System.out.println("###### OK2");
  String lastName = (String)parameters.get(UserManagerConstants.AttributeName.LASTNAME.getId());
  System.out.println("###### OK3");
  String userKey = (String)parameters.get(UserManagerConstants.AttributeName.USER_KEY.getId());
  System.out.println("###### OK4");
  String userLogin = firstName + lastName;
  parameters.put(UserManagerConstants.AttributeName.USER_LOGIN.getId(), userLogin);
  System.out.println("###### OK5");
  parameters.put(UserManagerConstants.AttributeName.EMAIL.getId(), firstName + "." + lastName + "@test.test");
  System.out.println("###### OK6");
  parameters.put(UserManagerConstants.AttributeName.PASSWORD.getId(), "ChangeIt");
  System.out.println("###### " + className + " - method " + methodName + " - ENDED");
  return new EventResult();
  And When I try to create a user, I've got the error : "An error occured. Null input buffer"
  This is what I have in the console :
  <10 mai 2012 16 h 44 CEST> <Error> <oracle.iam.identity.usermgmt.impl> <IAM-3050030> <Exception lors de la rÚalisation de l'opÚration.
  java.lang.IllegalArgumentException: Null input buffer
  at javax.crypto.Cipher.doFinal(DashoA13*..)
  at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.decrypt(tcDefaultDBEncryptionImpl.java:219)
  at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:122)
  at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:200)
  at oracle.iam.platform.utils.crypto.CryptoUtil.getDecryptedPassword(CryptoUtil.java:136)
  at oracle.iam.transUI.impl.handlers.user.UpdateUsrPwdFields.updateUserPwdFields(UpdateUsrPwd
  Fields.java:124)
  at oracle.iam.transUI.impl.handlers.user.UpdateUsrPwdFields.execute(UpdateUsrPwdFields.java:
  71)
  at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:
  898)
  <10 mai 2012 16 h 44 CEST> <Error> <oracle.iam.identitytaskflow.logging> <BEA-000000> <IAM-3060023>
  I know this is something due to the password parameter but I don't understand what is expected for this one ...
  If you someone could help me with this it would be really helpful !
  Thanks,
  Thibault

  Hi, Thanks for your quick answer !
  So it solved half of the problem ! Now I've got an other error : decrypt failed
  And this is the beginning of the error in the console :
  <10 mai 2012 18 h 14 CEST> <Error> <XELLERATE.ACCOUNTMANAGEMENT> <BEA-000000> <Class/Method: tcDefau
  ltDBEncryptionImpl/decrypt encounter some problems: Input length must be multiple of 16 when decrypting with padded cipher
  javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with pad
  ded cipher
  at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
  at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
  at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
  at javax.crypto.Cipher.doFinal(DashoA13*..)
  at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.decrypt(tcDefaultDBEncryptionImpl.java:2
  19)
  at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:122)
  at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:200)
  at oracle.iam.platform.utils.crypto.CryptoUtil.getDecryptedPassword(CryptoUtil.java:136)
  at oracle.iam.transUI.impl.handlers.user.UpdateUsrPwdFields.updateUserPwdFields(UpdateUsrPwd
  Fields.java:124)
  at oracle.iam.transUI.impl.handlers.user.UpdateUsrPwdFields.execute(UpdateUsrPwdFields.java:
  71)
  at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:
  898)
  What does it means ? My password must be encrypted or something like this ?
  Thanks if you can help me with this !!
  Thibault

• Not able to add groups to the user ODSEE via OIM 11g R2

  Hi,
  I have created some groups in ODSEE and ran the recon job to sync these groups in OIM 11g R2.
  Groups are populated in OIM 11g R2 and while raising the request for ODSEE Application Instance I can see these groups.
  Now following are the issues I am facing :
  1. ODSEE groups are not getting displayed in Catalog ( I have ran the Entittlement-List job also)
  2. When I request for a group while creating the request, the group is not getting assigned to the user in ODSEE, wherein user is getting created in ODSEE successfully.
  Please help.
  Thanks

  Please let me know what could be the reason of not adding the groups to the user in ODSEE.
  I was able to add the groups successfully to user by assigning the groups while raising the request in OIM 11g R1.
  But the same is not working in OIM 11g R2, if I check the OIM logs it is calling the function ADDUSERTOGROUP but the groups are not getting assigned to user.
  Thanks

• How to pass the value from DB in Approval Policy Rule OIM 11g R2

  Hi,
  I need to get the value of rule condition in Approval policy from DB.
  Please let me know how to achieve this. I am using OIM 11g R2.
  Thanks

  How to passing the textbox value within the jsp page
  without using javascript or reload the page.No, jsp executes on the remoter server, the text box is on a client machine, you need to send information to the server over the network, http does this with a request, which will reload the page.....................