OIM 11g - ldap sync - Post Process event handler 'CREATE'  faillling

Hi Gurus,
We have ldap sync set up between OIM 11.1.1.5 and ODSEE 11g,
Post process event handler on user creation with is setting a attribute with random 16 digit character, This event handler is getting triggered and setting the attribute in OIM but in logs i can see "Modification failed because user 45118 is not synchronized to the LDAP directory." error and it is not updated in ODSEE.
This behaviour is only for trusted recon not for the User created through UI.
Not sure what exactly is happening..
Is it expected behavior??
Gurus help me out on this.

IF it fail because event handler unable to produce random number then verify below
is eventhandler code being executed in trusted recon verify in log.
There are two method execute and bulk execute in eventhandler. execute is being called from UI and bulk execute is being called for trusted recon.
either put code in bulk execute or update batch recon size something like that system property to 1. so, it will function as UI. Default value of batch is 500
--nayan                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

Similar Messages

  • OIM 11g: Access Denied searching usr_emp_no in post process event handler

    I am logging in as xelsysadm and creating a new user. I have populated a UDF called Manager Employee Number with a value of 12345 and I have a corresponding user with the Employee Number populated with that same value.
    When I create the user, my code searches for a corresponding user in OIM with that employee number. The problem is that i am getting an access denied error searching use_emp_no. Ironically, in a different post process event handler, I have access to decrypting the user's password.
    I tried searching by Employee Number rather than use_emp_no (which is what is returned with AttributeName.EMPLOYEE_NUMBER.getId()) but that did not find any users. It did seem to attempt the search though.
    Here is the code and the error:
    //get the manager object and retrieve the user login and user key of the manager
    mgrRetAttrs.add("USER_LOGIN");
    mgrRetAttrs.add("USER_KEY");
    List<User> mgrList = searchUsr(mgrEmpNo, mgrRetAttrs);
    logger.finest("Retrieved " + mgrList.size() + " managers with that employee number.");
    private List<User> searchUsr(String mgrEmpNo, Set<String> mgrRetAttrs) throws AccessDeniedException, UserSearchException{
    logger.finest("************Entering BBTMgrIDPostProcEventHandler#searchUser()***********");
    logger.finest("This is the manager emp no we are searching: " + mgrEmpNo);
    SearchCriteria srchCriteria =
    new SearchCriteria(AttributeName.EMPLOYEE_NUMBER.getId(), mgrEmpNo, SearchCriteria.Operator.EQUAL);
    logger.finest("This is the search criteria: " + srchCriteria.toString());
    logger.finest("Exiting BBTMgrIDPostProcEventHandler#searchUser()");
    return getUserManager().search(srchCriteria, mgrRetAttrs, null);
    private UserManager getUserManager() {
    logger.finest("Enter BBTMgrIDPostProcEventHandler#getUserManager()");
    if (this.userMgr == null) {
    this.userMgr = Platform.getService(UserManager.class);
    logger.finest("Exit BBTMgrIDPostProcEventHandler#getUserManager()");
    return this.userMgr;
    Entering BBTMgrIDPostProcEventHandler#execute()
    oracle.iam.platform.authz.exception.AccessDeniedException: You do not have permission to search the following user attributes: usr_emp_no.
    at oracle.iam.identity.usermgmt.impl.UserManagerImpl.search(UserManagerImpl.java:1699)
    at oracle.iam.identity.usermgmt.api.UserManagerEJB.searchx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
    at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
    at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at $Proxy328.searchx(Unknown Source)
    at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.__WL_invoke(Unknown Source)
    at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
    at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.searchx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
    at $Proxy196.searchx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
    at $Proxy318.searchx(Unknown Source)
    at oracle.iam.identity.usermgmt.api.UserManagerDelegate.search(Unknown Source)
    at com.oracle.iam.bbt.eventhandler.BBTFindMgrID.searchUsr(BBTFindMgrID.java:244)
    at com.oracle.iam.bbt.eventhandler.BBTFindMgrID.executeEvent(BBTFindMgrID.java:189)
    at com.oracle.iam.bbt.eventhandler.BBTFindMgrID.execute(BBTFindMgrID.java:114)
    at oracle.iam.platform.kernel.impl.OrchProcessData.runPostProcessEvents(OrchProcessData.java:1168)
    at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:710)
    at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
    at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:674)
    at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:705)
    at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
    at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
    at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
    at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at $Proxy331.onMessage(Unknown Source)
    at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
    at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
    at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:379)
    at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
    at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
    at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
    at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
    at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
    at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    Caused by: oracle.iam.identity.exception.SearchAttributeAccessDeniedException: You do not have permission to search the following user attributes: usr_emp_no.
    at oracle.iam.identity.usermgmt.impl.UserManagerImpl.search(UserManagerImpl.java:1696)
    ... 76 more
    Thanks,
    Ruth

    This is what fixed the problem:
    Instead of the following:
    //get the manager object and retrieve the user login and user key of the manager
    mgrRetAttrs.add("USER_LOGIN");
    mgrRetAttrs.add("USER_KEY");
    I needed to do this instead:
    mgrRetAttrs.add(UserManagerConstants.AttributeName.USER_LOGIN.getId());
    mgrRetAttrs.add(UserManagerConstants.AttributeName.USER_KEY.getId());
    Then I changed the searchCriteria back to the following:
    SearchCriteria srchCriteria =
    new SearchCriteria("Employee Number", "12345", SearchCriteria.Operator.EQUAL);
    This did the trick.
    Ruth

  • OIM 11.1.1.5: Post Process Event Handler, change password notification

    Hi,
    Products
    OIM 11.1.1.5 BP02
    OAM 11.1.1.5
    OID 11.1.1.5
    Problem
    I have written a post-process event handler which fires when a role is assigned to a user. The event handler calls a plugin which uses the UserManager API to generate and change the user's password.
    I've tested this by assigning a role to the user via the OIM web console. I can see my log messages indicating that the event handler has fired and that the password has been changed.
    However, I expected that when UserManager.changePassword completed, a notification email would then be sent to the user informing them of the new password, but no notification email has been sent.
    The email notifications have been set up correctly, because I have changed the same user's password via the OIM web console and successfully received a Reset Password email.
    So, my questions are:
    1) Am I right in thinking that when you call UserManager.changePassword(), an out-of-the-box ResetPassword email notification should be sent to the user?
    2) Has anyone got this working in 11.1.1.5?
    Some more detailed info
    In my plugin class I'm calling the following from both execute methods (EventResult and BulkEventResult):
    char newpasswd[] = new RandomPasswordGeneratorImpl().generatePassword(user);
    getUserManager().changePassword(userKey, newpasswd, false, null, true);
    logger.info(("Successfully changed password"));
    plugin.xml
         <oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
         <plugin
         pluginclass="oracle.iam.PostInsertPlugin"
         version="1.0"
         name="PostInsertPlugin">
         </plugin>
         </plugins>
         </oimplugins>
    $OIM_HOME/server/bin/weblogic.properties
              wls_servername = oim_server1
              app = OIMMetadata
              metadata_from_loc=/home/oracle/eventhandlers
              metadata_file=/metadata/roleuser/custom/EventHandlers.xml
    /home/oracle/eventhandlers/import/metadata/roleuser/custom/EventHandlers.xml
    <?xml version='1.0' encoding='utf-8'?>
    <eventhandlers
    xmlns="http://www.oracle.com/schema/oim/platform/kernel"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
    <action-handler
    class="oracle.iam.PostInsertPlugin"
    entity-type="RoleUser"
    operation="CREATE"
    name="PostInsertPlugin"
    stage="postprocess"
    order="1002"
    sync="TRUE"/>
    </eventhandlers>
    There are no errors in the OIM out and diagnostic logs apart from the following which occur at OIM startup:
    [2013-01-07T16:29:23.425+00:00] [oim_server1] [ERROR] [IAM-0080075] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '13' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 2e903d7ef060ab65:66b2de91:13c15d6d9ce:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] XML schema validation failed for XML /metadata/iam-features-OIMMigration/EventHandlers.xml and it will not be loaded by kernel.
    [2013-01-07T16:29:24.267+00:00] [oim_server1] [ERROR] [IAM-0080075] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '13' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 2e903d7ef060ab65:66b2de91:13c15d6d9ce:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] XML schema validation failed for XML /metadata/iam-features-callbacks/event_configuration/EventHandlers.xml and it will not be loaded by kernel.
    Thanks
    dty
    Edited by: oim_user on Jan 7, 2013 5:37 PM

    No notification will be sent if you changepassword using the method from usermanager api.
    You have to trigger the resetpassword event manullay in your code.
    Here is a sample code to create an event for reset password. Once you create event, invoke it from notification service - notify method.
    NotificationEvent event = new NotificationEvent();
    String[] receiverUserIds= {userLogin};
    event.setUserIds(receiverUserIds);
    event.setTemplateName("ResetPasswordNotification");
    event.setSender(null);
    HashMap<String, Object> resolvedData = new HashMap<String, Object>();
    resolvedData.put("userLoginId", userLogin);
    event.setParams(resolvedData);

  • Issues with Post Process Event Handler in oim11g

    Hi I am trying to trigger a post process event handler to set middle name but couldn't succeed.
    can you please point out the mistakes if there are any?
    This is the Java code.
    package oim.eventhandler;
    import java.io.Serializable;
    import java.util.HashMap;
    import oim.util.FROLogger;
    import oracle.iam.identity.usermgmt.vo.User;
    import oracle.iam.platform.context.ContextAware;
    import oracle.iam.platform.kernel.spi.PostProcessHandler;
    import oracle.iam.platform.kernel.vo.AbstractGenericOrchestration;
    import oracle.iam.platform.kernel.vo.BulkEventResult;
    import oracle.iam.platform.kernel.vo.BulkOrchestration;
    import oracle.iam.platform.kernel.vo.EventResult;
    import oracle.iam.platform.kernel.vo.Orchestration;
    public class setmiddlename implements PostProcessHandler {
         public void initialize(HashMap<String, String> arg0) {
              // TODO Auto-generated method stub
         public boolean cancel(long arg0, long arg1,
                   AbstractGenericOrchestration arg2) {
              // TODO Auto-generated method stub
              return false;
         public void compensate(long arg0, long arg1,
                   AbstractGenericOrchestration arg2) {
              // TODO Auto-generated method stub
         * public EventResult execute(long arg0, long arg1, Orchestration arg2) { //
         * TODO Auto-generated method stub return null; }
         public BulkEventResult execute(long arg0, long arg1, BulkOrchestration arg2) {
              // TODO Auto-generated method stub
              return null;
         public EventResult execute(long processId, long eventId,
                   Orchestration orchestration) {
              HashMap<String, Serializable> parameters = orchestration.getParameters();
              // If the middle name is empty set the first letter of the first name as the middle initial
              String middleName = getParamaterValue(parameters, "Middle Name");
              if (middleName.trim().length()>0) {
              String firstName = getParamaterValue(parameters, "First Name");
              middleName = firstName.substring(0,1);
              orchestration.addParameter("Middle Name", middleName);
              return new EventResult();
         private String getParamaterValue(HashMap<String, Serializable> parameters, String key) {
              String value = (parameters.get(key) instanceof ContextAware)
              ? (String) ((ContextAware) parameters.get(key)).getObjectValue()
              : (String) parameters.get(key);
              return value;
    ################ PostProcessEventHandlers.XML#############
    <eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
    <!-- Custom validation event handlers -->
    <!-- Custom preprocess event handlers -->
    <action-handler
    class="oim.eventhandler.setmiddlename"
    entity-type="User"
    operation="CREATE"
    name="setmiddlename"
    stage="postprocess"
    order="1000"
    sync="TRUE"/>
    </eventhandlers>
    ################ plugin.xml##############
    <?xml version="1.0" encoding="UTF-8"?>
    <oimplugins>
    <plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
    <plugin pluginclass="oim.eventhandler.setmiddlename" version="1.0" name="setmiddlename"/>
    </plugins>
    </oimplugins>
    ################ weblogic.properties##############
    wls_servername=oim_server1
    application_name=OIMMetadata
    metadata_from_loc=/data1/oim_install/Oracle/Middleware/Oracle_IDM1/server/temp/import/metadata/custom/PostProcess
    metadata_files=/metadata/custom/PostProcess/PostProcessEventHandlers.xml
    application_version=11.1.1.3.0
    And the PostProcessEventHandlers.zip contains lib\PostProcess.jar
    both PostProcessEventHandlers.zip and PostProcessEventHandlers.xml are placed in the "metadata_from_loc"
    The registration was successful and I could see the entries in the PLUGINS table
    ID: oim.eventhandler.setmiddlename
    TYPE:     oracle.iam.platform.kernel.spi.EventHandler
    VERSION:     1.0
    NAME:     setmiddlename
    ZIPID:     23
    and PLUGIN_METADATA does not contain any values
    PLUGIN_ZIP contains ZIPID as 23 and ZIP as (BLOB)
    Did I miss anything?
    what is the mistake that I am doing?
    Edited by: 883725 on Sep 9, 2011 2:30 AM
    Edited by: 883725 on Sep 9, 2011 2:31 AM

    I am getting this error when running weblogicDeleteMetadata.sh.
    I have set the OIM Home and Weblogic home. Though Import and export works absolutely fine.
    Any other way where I can connect directly to DB and delete the contents?
    +Please enter your username [weblogic] :weblogic+
    +Please enter your password [welcome1] :+
    +Please enter your server URL [t3://localhost:7001] :t3://localhost:10070+
    Connecting to t3://localhost:10070 with userid weblogic ...
    Successfully connected to Admin Server 'AdminServer' that belongs to domain 'IDM_domain'.
    Warning: An insecure protocol was used to connect to the
    server. To ensure on-the-wire security, the SSL port or
    Admin port should be used instead.
    Location changed to domainRuntime tree. This is a read-only tree with DomainMBean as the root.
    For more help, use help(domainRuntime)
    Problem invoking WLST - Traceback (innermost last):
    File "/data1/oim_install/Oracle/Middleware/Oracle_IDM1/server/bin/weblogicDeleteMetadata.py", line 21, in ?
    File "/data1/oim_install/Oracle/Middleware/oracle_common/common/wlst/mdsWLSTCommands.py", line 109, in deleteMetadata
    File "/data1/oim_install/Oracle/Middleware/oracle_common/common/wlst/mdsWLSTCommands.py", line 574, in executeAppRuntimeMBeanOperation
    File "/data1/oim_install/Oracle/Middleware/oracle_common/common/wlst/mdsWLSTCommands.py", line 713, in saveStackAndRaiseException
    WLSTException: MDS-00001: exception in Metadata Services layerMDS-91009: Operation "deleteMetadata" failure. Use dumpStack() to view the full stacktrace.

  • Post Process Event Handler ----Unique Constraint Violation--Create User

    Hi Evryone..
    I am creating the user using the create user request template and there is one level of approval for this.
    I have one pre process event handler which populates one field A and one post process event handler which updates some 3 fields in the user form .
    In request template itself we had placed value as "ABC" for field B and this field B will be overridden in the post process event handler with Value as "XYZ" .
    Now when i raise the request the user is getting created in OIM but the value XYZ is not getting replaced in the field B.
    Below are the errors which i got in the logs while executing post process event handler :
    <Mar 28, 2012 10:25:58 AM CDT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
    <Mar 28, 2012 10:25:59 AM CDT> <Warning> <org.eclipse.persistence.session.oim> <BEA-000000> <
    Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.1.3.v20110304-r9073): org.eclipse.persistence.exceptions.DatabaseException
    Internal Exception: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (DEV_OIM.UK_UAR_ATTR_NAME_VALUE) violated
    Error Code: 1
    Call: INSERT INTO USR_ATTRIBUTE_RESERVATIONS (UAR_RESERVATION_KEY, UAR_ATTRIBUTE_NAME, CREATED_BY, CREATED_ON, DATA_LEVEL, UAR_REQUEST_ID, UAR_RESERVED_VALUE, UPDATED_BY, UPDATED_ON) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
    bind => [10, User Login, null, null, null, 10, DUMMY14, null, null]
    Query: InsertObjectQuery([email protected]658269)
    Exception at usrIntf.updateUser IAM-3050128 : Cannot reserve user attribute User Login with value DUMMY14 in OIMDB. Corresponding request ID is 10.:User Login:DUMMY14:10
    I checked reservations table and there are no records in that table.
    Has any one faced this issue..if so how it can be resolved..

    Are you trying to update the User ID? As far as I know during create user requests, OIM reserves the user login as it goes through approval and you cannot update that directly I think. I haven't tried it but can you tell me which fields you are prepopulating and which are you updating? Are there any OOTB fields in this or UDF?
    -Bikash

  • Post Process Event Handler not getting user's CURRENT_STATE for a UDF field

    I have a post process event handler in OIM R2 BP04 , which runs on Trusted Reconciliation and it compares user's ("CURRENT_USER") state and ("NEW_USER_STATE") and based on that derives a business logic.
    The problem that i am  facing is that, it is not able to get the User's ("CURRENT_USER") state for a UDF(EMAIL_LIST) field and it is coming as null,and  hence is breaking the business logic.The same Event Handler is working on TEST and QA ( 4 node cluster)environments and is not working on PROD environment( 4 node cluster).
    The different thing that was done on was that during the initial recon the event Handler was not present  and after the initial load of the users i have manually executed the database sql query which have updated the "EMAIL_LIST field manually for all the users
    I think  that since during the initial recon as the  EMAIL_LIST was not populated and was  populated  through the SQL update for all the users, the orchestration inter event data does not contain email list, and so it is coming as null.
    But i am seeing the same behavior for new records as well, which are created and  then updated after event handler is registered.
    Please reply, if you have encountered something similar.
    Thnx
    Akshat

    Yes i need the old state, which is
                        Identity[] oldUserStatesIdntArr =
                            (Identity[])(Identity[])interEventData.get("CURRENT_USER");

  • Error in post process event handler

    We should write a post process event handler that updates the manager field. So, I used the following code to update the manager field when a user gets created:
    Code:
    public EventResult execute(long processId, long eventId,
    Orchestration orchestration) {
    System.out.println("Test for Event Handler");
    try
    String userKey = getUserKey(processId, orchestration);
    System.out.println("USERKEY1"+userKey);
    UserManager userMgmt = Platform.getService(UserManager.class);
    System.out.println("USERMANAGEMENT"+userMgmt);
    System.out.println(userMgmt.modify(new User(userKey)));
    userMgmt.modify("usr_mgr_key","28",new User(userKey));
    System.out.println("USERKEY2"+userKey);
    } catch (ValidationFailedException e) {
    System.out.println("Exception1");
    } catch (AccessDeniedException e) {
    System.out.println("Exception2");} catch (UserModifyException e) {
    System.out.println("Exception3");} catch (NoSuchUserException e) {
    System.out.println("Exception4");} catch (SearchKeyNotUniqueException e) {
    return new EventResult();
    private String getUserKey (long processID, Orchestration orchestration) {
    String userKey;
    String entityType = orchestration.getTarget().getType();
    EventResult result;
    result = new EventResult();
    System.out.println("Entity Type"+entityType);
    System.out.println("Process ID"+processID);
    if (!orchestration.getOperation().equals("CREATE")) {
    userKey = orchestration.getTarget().getEntityId();
    System.out.println("UserKEY0"+userKey);
    } else {
    OrchestrationEngine orchEngine = Platform.getService(OrchestrationEngine.class);
    userKey = (String) orchEngine.getActionResult(processID);
    System.out.println("UserKEY-1"+userKey);
    return userKey;
    It compiles fine and when we try to create a user, the user gets created successfully. But, the expected behaviour of upadting the manager field with the user key '28' is not happening. My approach above - is it right or is there any other method that will make it work?
    The output message I see is:
    Test for Event Handler
    Entity TypeUser
    Process ID140343
    UserKEY-1613
    USERKEY1613
    USERMANAGEMENToracle.iam.identity.usermgmt.api.UserManagerDelegate@75ecf9ed
    <27-Feb-2012 10:56:41 o'clock GMT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
    oracle.iam.identity.usermgmt.vo.UserManagerResult@14da2ada
    <27-Feb-2012 10:56:44 o'clock GMT> <Error> <oracle.iam.identity.usermgmt.impl> <IAM-3051212> <An error occurred while searching for users - : [usr_mgr_key].>
    Exception4
    Thanks
    Krish

    i hope wrong coding.
    Use this code.
    UserManager userMgmt = oimClient.getService(UserManager.class);
    //Attribute you want to modify
    HashMap<String, Object> atrrMap= new HashMap<String, Object>();
    atrrMap.put("usr_manager_key", Long.valueOf("1")); //user will upadated with manager key 1 (xelsysadm) make sure usr_key 1 (manager) exist in OIM.
    //get the user to whom you want to modify
    User user = userMgmt.getDetails("usr_key", "41", null);
    user = new User(String.valueOf(user.getId()), atrrMap);
    UserManagerResult result = userMgmt.modify("usr_key", String.valueOf("41"), user);
    //UserManagerResult str = userMgmt.modify("usr_mgr_key","111",new User("41"));
    System.out.println("UserUpdate.process() "+result.getStatus());
    Also don't use UserManager class, As it will go for looping.
    Use
    EntityManager entityManager = Platform.getService(EntityManager.class);
    entityManager.modifyEntity(orchestrationTarget.getType(), userKey, mapAttrs);
    Also I am assuming you want to use Associate manager With user use case.
    Thanks,
    Kuldeep

  • Ldap sync failure with post process event handler

    Hi All
    we are using OIM 11.1.1.5 and OID 11.1.1.5 and i have ldap sync. Now the issue, is i have two postprocess eventhandlers for diff functionality which will work in trusted recon and update few custom fields. Now when i do the trusted recon my eventhandlers are working fyn but ldap sync is not working, users are not getting created in OID.
    When I look in to the issue i came to know that ldap sync was not working because one of my eventhandler which will update custom date fields( lyk dob, role start date).
    and the same ldap sync is working with another event hanlder(at this point i unregistered eventhandler which updates the custom date fields)
    anyone help me out regarding this issue???
    Regards
    $sid

    WOuld you mind updating, How the issue was resolved?

  • OIM Post process event handler when a role is assigned or reovked to User

    Hi All,
    I have written a custom postprocess eventhandler which populates the list of roles assigned to the user in OIM in a Custom UDF. The code is working fine if I have it triggered on any User Profile Modification. See below:
    +<?xml version='1.0' encoding='utf-8'?>+
    +<eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">+
    +<action-handler class="oracle.oim.extensions.postprocess.updateFTBRolesinUDF" entity-type="User" operation="MODIFY" name="updateFTBRolesinUDF" stage="postprocess" order="1000" sync="TRUE"/>+
    +</eventhandlers>+
    However, as per my requirement I want this eventhandler to be triggered on role assignment/revoke but If I change the EventHandlers.xml as below, it doesn't work:
    +<?xml version='1.0' encoding='utf-8'?>+
    +<eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernelorchestration-handlers.xsd">+
    +<action-handler class="oracle.oim.extensions.postprocess.updateFTBRolesinUDF" entity-type="Role" operation="ANY" name="updateFTBRolesinUDF" stage="postprocess" order="FIRST" sync="TRUE"/>+
    +</eventhandlers>+
    I tried changing the order to First, 1001, 9999 but nothing worked.
    Any idea/pointers for fixing the issue.
    Regards,
    Sunny

    Hi All,
    With the entity-type='RoleUser', the BulkEventResult execute() was getting executed. So, I moved all my code inside it and with this change, now I am getting the below exception when I have trying to update the user profile:
    RoleUser+
    oracle.iam.platform.entitymgr.NoSuchEntityException: RoleUser+
    at oracle.iam.platform.entitymgr.impl.EntityManagerConfigImpl.exists(EntityManagerConfigImpl.java:952)+
    at oracle.iam.platform.entitymgr.impl.EntityManagerConfigImpl.getDataProvider(EntityManagerConfigImpl.java:277)+
    at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.getEntityCapability(EntityManagerImpl.java:185)+
    at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.getEntityCapability(EntityManagerImpl.java:179)+
    at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.modifyEntity(EntityManagerImpl.java:364)+
    at oracle.oim.extensions.postprocess.RoleProcessor.executeEvent(RoleProcessor.java:129)+
    at oracle.oim.extensions.postprocess.RoleProcessor.execute(RoleProcessor.java:108)+
    at oracle.iam.platform.kernel.impl.OrchProcessData.runPostProcessEvents(OrchProcessData.java:1167)+
    at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:711)+
    at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)+
    at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImp+
    If I change the entity-type to 'User', the EventResult execute is called.
    Please help.
    Regards,
    Sunny

  • OIM 11g LDAP sync from different LDAP containers

    Hi,
    I have been setting up OIM 11g R2 (11.1.2) to use LDAP Sync to OID.
    As of now the sync works (both ways) for this container:
    cn=users,cn=oracleAccounts,dc=mycompany,dc=com (configured while doing the OIM config)
    Would it be possible to sync users in other containers as well? For example:
    cn=users,cn=otherAccounts,dc=mycompany,dc=com
    cn=users,cn=moreAccounts,dc=Otherstuff,dc=com
    By editing the file LDAPContainerRules.xml I can setup where the users are created when I create them through IDM.
    But that will not make the sync work for those containers.
    Any ideas where I should start to accomplish the above?
    Thanks & Regards,
    Henrik

    Okay, I think I have found an answer to how to sync users from different OU:s in my OID to different OIM organizations.
    Hopefully this will help others.
    We can use a PostProcess Event handler like this:
    1. Implement the method --> public BulkEventResult execute()
    This is used during recon actions.
    2. Get the user hashmap with attributes and set the "act_key" value with the OIM organizations ID.
    You also needs to build the logic to fetch the users "LDAP DN", which is also fetched from the map.
    From that attribute we can decide which Organization to put the user in.
    This is the best solution we have found yet..
    Docs & tips:
    http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#CCHFBGAA
    http://fusionsecurity.blogspot.se/2011/09/oim-11g-event-handler-example.html (thank you Daniel Gralewski)
    Regards,
    Henrik

  • OIM 11g LDAP Sync Features

    Folks,
    I`ve been researching the LDAP sync option in OIM 11g and I have some questions.
    1. Is it true that once enabled, the user does not exist in OIM DB but only in LDAP?
    2. Can we define rules such that only a certain set of users are in LDAP and some are only in OIM?
    3. Can we define rules for Roles that only certain roles in OIM exist in LDAP but not all? I`d like to keep the business roles only in OIM.
    4. I currently have 3 connectors for AD, eDir and OID with OIM 10g and I am researching the option to remove these connectors and use the LDAP sync with OVD. Can this be achieved? What would be the challenges if I were to replace the connectors with LDAP sync?
    Regards,
    AZ

    Well for the connectors in 10g I plan to export them and then import in 11g. The versions are certified.
    For LDAP sync with multiple directories, I've heard of using OVD. So the Directory Server IT Resource would point to OVD and multiple containers in OVD would be mapped to each of the individual directories. OVD adapters would define connection to these directories.
    I have to see if this is feasible keeping in mind the workflows that have been customized in 10g, I don't think every workflow customization can be done in LDAP sync as well. Plus we would lose track of which attributes are provisioned to which LDAP. This is a user-ldap entry mapping, there would be no accounts in resource profile.

  • OID resource goes to Disabled Status after running the post process event handler

    Hi,
    We have an event handler on post update operation. The event handler using the user manager API to do some modification. We are using the "Lock()" function of User Manager API to lock the user based on attribute value. After running the event handler though the user gets locked as expected, it also disables the OID resource after that. We have other resources along with OID but they are not affected with event handler. Only the OID user is triggering the disable operation on locking the user on event handler. We have used the OID 11g Connector for implementation.
    If you manually lock the user in user interface it's not going to disable status.
    How we can stop to disable the OID User Account.
    Thanks

    No.If you lock the user in Console it's not going disable status.
    Thanks

  • OIM 11.1.1.5.0 - Pre process event handler

    Hi everyone, I'm trying to configure a preprocess event handler to automate email and user login when I click on "create user".
    I mean when I want to create a new user, I just want to fill the first name, the last name, the organization and the type and this preprocess will fill automatically the email and the user login fields. I don't know if it's possible or not with an event handler ?
    Thanks
    Thibault

    If you want this event handler only for manual user creation using UI then you can go with pre-process event handler. The advantage you get is, no need of refereshment. once user created email and user login field will be visible. But in case of post process you have to refresh it manaually. Yes, you have to use post process event handler if the same field you want to populate on Trusted recon as well. Beacause, Pre- process doesn't work with Trusted recon.
    Hope above will help you to decide for pre or post to use.
    Now, for registering plugin. Don't put jar in the zip, you have to place .class in case of event handler. jar we use for scheduled task. place your class file like below and zip
    lib/*package structure folder*/EmailLoginAuto.class
    ie lib/com/test/eventhandler/EmailLoginAuto.class
    for importing eventhandler.xml put it anywhere in your directory structure
    ex: /tmp/db/eventhandler.xml
    and update the from_location as /tmp in weblogic.properties
    --nayan                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  • Migrate Post to Pre-Processing Event Handler

    Hi All,
    I am moving logic from a post-processing event handler to a pre-processing one.The Post-Processing logic used the EntityManager to save the attribute, is this applicable for a Pre-Process?
    Thank You
    Ron

    In a pre-process handler add the value back into the orchestration, e.g. orchestration.addParameter(<attribute>, <value>);

  • Pre-processing versus Post-processing Event Handlers

    After looking through the documentation, and a lot of forum posts, I'm still a little unclear as to where custom user modification updates most typically go... if I want to create a customer handler to say transform some data on a user after input on the main OIM form... should that go in the pre or post processing event handler? Or a more basic questions, which transactions or type of events would go in pre-processing, and which would go into post-processing?

    As far as I understand, there is no hard and fast rule as to what goes into pre and what goes into post. If you are doing a trusted recon then there is no pre will 11g and you have only post but if you are doing it from the OIM profile page then you can have either one and would depend upon your use case and requirement.
    Generally post should cover most of your scenarios from the UI unless you have access policies based on event handler derived attributes. If that's the case then you will have to fine tune the ordering of the event handler so that access policy is the last to be triggered.
    -Bikash

Maybe you are looking for

  • How to create a report in EM from scratch level ?

    Hi, Can anybody help me on this ? The report I want to create in EM is about where the user selects a target from a drop down and it shows the CPU utilization or memory Utilization for that respective target. Is it possible to create such kind of ? I

  • Centralized Database and Application Control

    Hi, I am looking for idea to centralized control software to manage (start/stop/display status) oracle database, oracle application or other component on unix box, it become harder to manage database (i.e. which command, where is database location/se

  • Block purchasing of articles, but allow replenishment

    Hi SAP Gurus I need to block somo articles for purchasing, but allow the replenishment of them. I try to handle this using the OMS4 transaction, but the purchasing option generates an Error Message when a is B in transpor order (UB) and purchasing fo

  • How can I set comments to show all the time?

    I need to have the comment bubbles show on the spreadsheet all the time.  But they are in the background, only showing the little yellow tag on the cells with comments.  The "Hide Comments" in View is not marked.

  • IBM's Lotus Domino Web Access compatibility with Mozilla Firefox 4.0.1

    Why I couldn't retrieved my emails when using the Lotus Domino Web Access? Currently I'm using DWA Release 6.5.6