OIM 11g R2 : AD Group Management

Similar Messages

• OIM 11g - Ldapsync Administrators Group

  Hi,
  i have in OID a Group 'Administrators'.
  I want to reconcilitate this group to oim. OIM has by default an internal group 'Administrators' for soa role.
  Is it possible to manage my 'administrators' group from oid in oim?

  I have had incremental reconciliation working fine on LDAP Sync straight to OID without OVD, both on 11.1.1.5.0 and 11.1.1.5.2. If your last change number is incrementing it is clear you are accessing the OID change log correctly. The question then is are you seeing reconciliation events, but with them not being matched to your users and updating them, or are you just not seeing reconciliation events at all? If you are not seeing reconciliation events I would suggests the change events are being ignored for one of the following reasons:
  1) You are modifying your entries in OID using the same OID account that LDAP Sync uses to access OID. As mentioned before in this thread LDAP Sync uses a modifierDNFilter that excludes all changes made by the OID account used for LDAP Sync (so it does not see its own changes).
  2) You have applied a targetDNFilter or your changelog adapter that is incorrect, and is excluding your changes
  If you are seeing events but no updates, are the attributes you are changed all correctly mapped in your reconciliation profile?

• Not able to add groups to the user ODSEE via OIM 11g R2

  Hi,
  I have created some groups in ODSEE and ran the recon job to sync these groups in OIM 11g R2.
  Groups are populated in OIM 11g R2 and while raising the request for ODSEE Application Instance I can see these groups.
  Now following are the issues I am facing :
  1. ODSEE groups are not getting displayed in Catalog ( I have ran the Entittlement-List job also)
  2. When I request for a group while creating the request, the group is not getting assigned to the user in ODSEE, wherein user is getting created in ODSEE successfully.
  Please help.
  Thanks

  Please let me know what could be the reason of not adding the groups to the user in ODSEE.
  I was able to add the groups successfully to user by assigning the groups while raising the request in OIM 11g R1.
  But the same is not working in OIM 11g R2, if I check the OIM logs it is calling the function ADDUSERTOGROUP but the groups are not getting assigned to user.
  Thanks

• Role management in OIM 11g.

  Hi All,
  I am working on OIM 11g PS1.
  In this I want to give some of the users in OIM ability to manage the roles in OIM and view and modify the role and role membership.
  For this the simplest way is to add the user to role 'Role Administrators'.
  Now when I login with user, then this user is able to modify the role, view hierarchy, view and modify membership rule, Data Object permissions but when clicks on 'Members' tab then it throws the error and does not show the members and same error comes when it tries to assign new users in role.
  The same behavior happens for the role owner as well. When the role owner of a role logs in and try to view the members of its own role the same things happens. I have pasted the error below:
  Please suggest if anyone else has come across this issue and is there any step that I may be missing in my configuration.
  The error that comes on GUI:
  "ADF_FACES-60097: For more information, please serr the server's error log for an entry beginning with: ADF_FACES-60096:Server Exception during PPR, #8"
  Error in Weblogic logs:
  "<Dec 1, 2011 10:34:48 AM EST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled excepti
  ons in phase INVOKE_APPLICATION 5
  javax.el.ELException: java.lang.NullPointerException
  at com.sun.el.parser.AstValue.invoke(Unknown Source)
  at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
  at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodExpression(UIXComponentBase.java:1300)
  at org.apache.myfaces.trinidad.component.UIXShowDetail.broadcast(UIXShowDetail.java:154)
  at oracle.adf.view.rich.component.rich.layout.RichShowDetailItem.broadcast(RichShowDetailItem.java:192)
  at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
  at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
  at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
  at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
  at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
  at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
  at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
  at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  Caused By: java.lang.NullPointerException
  at oracle.iam.consoles.rolemgmt.utils.PagingUtils.addPagedRoleMembersData(PagingUtils.java:199)
  at oracle.iam.consoles.rolemgmt.tf.details.RoleDetailsBean.initializeRoleMembers(RoleDetailsBean.java:652)
  at oracle.iam.consoles.rolemgmt.tf.details.RoleDetailsBean.loadRoleMembersTab(RoleDetailsBean.java:521)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.sun.el.parser.AstValue.invoke(Unknown Source)
  at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
  Thanks,
  Sneha

  Hi,
  I found the resolution for this, so I thought I would share it here with everyone.
  I role owners or any user in role "Role Administrators" were not able to view the members of the role though they had the authorization policies enabled and everything setup.
  To enable the view of role membership please follow the steps below:
  1. Login as XELSYSADM
  2. Goto Administration and search for the org which the users are assigned to
  3. Open the org details
  4. Click "Administrative Roles"
  5. Click "Assign"
  6. Choose either "ALL USERS" or your role which you created, set the permissions as you wish and click "Assign"
  This will really solve the issue.
  Thanks,
  Sneha.

• Issue with deleting a group using Request APIs in OIM 11g R1

  Hi,
  I am facing an issue with Request Based provisioning in OIM 11g R1.
  I am currently testing a scenario where i have imported a data set for 'Modify Provisioned Resource' and am able to add a group/entitlement to an already provisioned resource by using the following code :
          RequestBeneficiaryEntityAttribute childEntityAttribute= new RequestBeneficiaryEntityAttribute();
          childEntityAttribute.setName("AD User Group Details");
          childEntityAttribute.setType(TYPE.String);
          List<RequestBeneficiaryEntityAttribute> childEntityAttributeList=new ArrayList<RequestBeneficiaryEntityAttribute>();
          RequestBeneficiaryEntityAttribute attr = new RequestBeneficiaryEntityAttribute("Group Name", <group>,                                                                       RequestBeneficiaryEntityAttribute.TYPE.String);
          childEntityAttributeList.add(attr);
          childEntityAttribute.setChildAttributes(childEntityAttributeList);
          childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Add);
          beneficiaryEntityAttributeList = new ArrayList<RequestBeneficiaryEntityAttribute>();   
          beneficiaryEntityAttributeList.add(childEntityAttribute);
          beneficiarytEntity.setEntityData(beneficiaryEntityAttributeList);
  This works fine for adding a group but if i try to remove a group by changing the action to Delete in the same code, the request fails. The only change made is in the following line:
  childEntityAttribute.setAction(RequestBeneficiaryEntityAttribute.ACTION.Delete);
  Could you please suggest where can this possibly be wrong.
  Thanks for your time and help

  Hi BB,
  I am trying to follow up your response.
  You are suggestng to use prepopulate adapter for to populate respource object name, that means We have to just use an sql query from obj tabke to get the resource object name. right ?? it could be like below, what should I have entity-type value here ??
  <AttributeReference name="Field1" attr-ref="act_key"
  available-in-bulk="false" type="Long" length="20" widget="ENTITY" required="true"
  entity-type="????"/>
  <PrePopulationAdapter name="prepopulateResurceObject"
  classname="my.sample.package.prepopulateResurceObject" />
  </AttributeReference>
  <AttributeReference name="Field2" attr-ref="Field2" type="String" length="256" widget="lookup-query"
  available-in-bulk="true" required="true">
  <lookupQuery lookup-query="select lkv_encoded as Value,lkv_decoded as Description from lkv lkv,lku lku
  where lkv.lku_key=lku.lku_key and lku_type_string_key='Lookup.xxx.BO.Field2'
  and instr(lkv_encoded,concat('$Form data.Field1', '~'))>0" display-field="Description" save-field="Value" />
  </AttributeReference>
  Then I need think about the 'Lookup.xxx.BO.Field2' format.
  Could you please let me know if my understanding is correct?? What is the entity-type value of the first attribute reference value?
  Thanks for your all help.

• Weblogic Managed server not starting after installing OIM 11g

  Hi All,
  I have installed OIM 11g successfully and I am able to start the WL Admin Server. But when I try to start the Managed Server for OIM (oim_server1), the screen just disappears and do not generate any logs.
  I haven't used the WL JDK while installing, used seperate JDK. Does it create any problem in starting the managed Server.
  Please help in solving this..
  Thanks,
  anag

  Hi,
  How are you starting the managed server, is it like this?
  xlStartManagedServer.cmd oim_server1 <URL of admin server>
  ~ Ketan

• Manage OIM 11g System Properties via API

  Can someone please help me understand how to use the OIM 11g API to manage OIM System Properties. In the prior version I was able to use the tcPropertyOperationsIntf class, but it looks like this now only supports reading the attributes, but I need the ability to update and delete properties from the API.
  What is the proper API to use to implement this in an EventHandler class that extends tcBaseEvent?
  Thanks!

  Hey,
  Sorry to revive this pretty old thread, but it's still unanswered and I would be interested in having the answer to this question...
  Thanks,
  --jtellier                                                                                                                                                                                                                                                                                                                                       

• Reconcile user groups to OIM (11g)

  I would appreciate it if someone may let me know how to reconcile the organization and leadership structure information from an Oracle DB based identity vault into OIM (11g) to create organizational roles, for example, into the user group and user group membership tables, i.e. the UGP and USG table series. Many thanks.

  yesy, I have defines correct search value but its again and again throwing error. I change the search values too. But its not working.

• Is there an Oracle Identity Management (OIM) 11g certification?

  I wasn't able to find any Identity and Access Management (OIM 11g) certification. Is there any?

  There is not a certification track dedicated to that at this time.

• OIM 11g Roles/Groups

  Dear All,
  I noticed that 11g version has the ability for end-user to request Roles. What is the difference between Role and Group in OIM 11g?

  In 11g the new definition of an OIM Group = Role.
  -Kevin

• OIM 11g R2 Group Membership

  Hi All,
  In OIM 11g R2, when i try to manually add a user to a group (custom or OOTB), i do not see the "Assign" button active and with the absence of the assign button, i could not assign a new user to the group. But, I can see that the Create Rule option is active.
  Does this mean that the group membership in OIM 11g can only happen through Group membership rule satisfaction?
  Please help.
  Thanks,
  Srini

  You can manually add an user to a role in OIM 11gR2. Open identity console --> Click on Roles--> Search
  You will get all the roles listed. Select the role to which you want to add a member. Assign tab will be visible under the Members panel layout in the bottom frame.
  When you click on assign the request catalog opens with the selected target user and the role. You can change the target user or add another target user.
  Then click on submit.
  If this process is done through sysadmin login then directly the member is assigned to the role
  Else it will create a request and after approval is completed the member will be assigned to the role.

• Child form for Group Membership OID -OIM 11g

  Hi,
  Can we configure a custom child form to store OID group membership in OIM 11g? If Yes, what are the configuration changes to be considered.
  Thanks in advance

  Hi,
  Can we configure a custom child form to store OID group membership in OIM 11g? If Yes, what are the configuration changes to be considered.
  Thanks in advance

• API of Resource object managment - OIM 11g R2

  Hi All,
  I want to provision a resource (say 'AD User') from a post event handler (OIM 11g R2) during user creation.
  Please tell me the API to be used.
  In OIM 10g, we can use 'tcObjectOperationsIntf' interface to operate on resource objects. what API is its replace in OIM 11g R2?
  Thanks in Advance.

  Create a role and add a rule membership to that role using your custom attribute.
  Create an access policy to provision AD resource and use the role created above while creating access policy. There will be a schedule task with the name "Evaluate user access policies". Change its schedule to run for every 1 minute.
  Now, create a user who satisfies the above role membership and make sure this user got the role membership. Immediately after a minute, this new user should be provisioned to AD resource automatically.

• OIM-AD connector Issues in OIM 11g

  Hi
  We are trying to provision user from OIM 11G to AD using Administration Tab of Admin Console.
  As part of ADITResource configuration , follwoing fields are included.In the Enterprise manager OIM server log, we are getting the below error message.
  Error Message In Enterprise manager OIM server log -
  Module     OIMCP.ADCS
  Thread ID     [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'
  Message     com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks : createUser : Wrong Value Specified in Root Context of IT ResourceOr Organization DN_
  However, in Admin console Selfservice-->Task-->Provisioning -->Shows error as
  Response:Connection Error encountered
  Response Description:     Error encountered while connecting to target system
  We have sucessfully tested the connection using Diagnoistic Dashboard (XIMDD) & Ldap Browser.
  IT Resource Details-
  Parameter                               Value
  AD Sync installed (yes/no)                     no
  ADAM LockoutThreshold Value                5
  ADDisableAttr Lookup Definition                Lookup.ADProvisioning.DisableAttrLookup
  ADGroup LookUp Definition                     Lookup.ADReconciliation.GroupLookup
  Abandoned connection timeout                600
  Admin FQDN                               cn=administrator,cn=Users,dc=example,dc=com
  Admin Login                               administrator
  Admin Password                          ********
  Allow Password Provisioning                     yes
  AtMap ADGroup                          AtMap.ADGroup
  AtMap ADUser                               AtMap.AD
  AtMap Group                               AtMap.ADGroup
  Atmap ADOrg                               AtMap.ADOrg
  Backup Server URL                          [NONE]
  Connection pooling supported                false
  Connection wait timeout                     100
  Custom Attribute Name      
  CustomizedReconQuery      
  Inactive connection timeout                     600
  Initial pool size                               1
  Invert Display Name                          no
  LDAP Connection Timeout                     30000
  Last Modified Time Stamp                     0
  Last Modified Time Stamp Group                0
  Max pool size                               30
  Min pool size                               2
  Native connection pool class definition      
  OIM User UDF      
  Pool excluded fields      
  Pool preference                               Default
  Port Number                               389
  Remote Manager Prov Lookup                AtMap.AD.RemoteScriptlookUp
  Remote Manager Prov Script Path      
  ResourceConnection class definition           com.thortech.xl.integration.ActiveDirectory.ADResourceConnectionImpl
  Root Context                               dc=example,dc=com
  SSL Port Number                          636
  Server Address                               WIN-PEUB23TMMT4.example.com
  Target Locale: Country                     US
  Target Locale: Language                     en
  Target Locale: TimeZone                     GMT
  Target supports only one connection           false
  Timeout check interval                     100
  UPN Domain                               example.com
  Use Disable Attr                          false
  Use SSL                               false
  Validate connection on borrow                true
  isADAM                               no
  isUserDeleteLeafNode                          no
  For Organization we have selected ou=Test,dc=example,dc=com in our lookup defination
  Please suggest....
  Thanks

  It's not Key, it's the Scheduled Task attribute "IT Resource Name"
  Documentation: http://download.oracle.com/docs/cd/E11223_01/doc.910/e11197/using_conn.htm#CHDFBAAC
  Here is the documentation on the lookup format: http://download.oracle.com/docs/cd/E11223_01/doc.910/e11197/intro.htm#CHDHCCJD
  -Kevin

• OIM 11g: SAP HRMS User Recon gives error

  Hello,
  I am using the SAP ER (Employee Reconciliation) connector, version Version: 9.1.2.2. I have upgraded to bundle patch 3 (BP3).
  Connectivity to SAP works. I have run the manager recon, org recon and it brought in values.
  When I try to reconcile users (using limited reconciliation) from IDOCS, it finds the user, creates a reconciliation event but ignores it. On querying the recon event the reason given for not linking is "Data Validation Failed"
  [2011-03-09T11:00:53.088-08:00] [oim1] [NOTIFICATION] [IAM-5010000] [oracle.iam.reconciliation.impl] [tid: OIMQuartzScheduler_Worker-1] [userId: xelsysadm] [ecid: 0000IuRuoQM9d_w_wD0FyW1DTwVJ00000Q,0] [APP: oim#11.1.1.3.0] [dcid: c4ab19921fd287b5:377e40a5:12e9be68f89:-7ffa-0000000000000354] [arg: ignoreEvent Input Data : {Personnel Number=00011070, Street=1775 Milmont Dr, Postal Code=95035, Organization=Xellerate Users, Employee Type=Full-Time, Org Unit=10000037, Country=US, Middle Name=V, Cost Center=, User ID=00011070, City=Milpitas, Group=1, User Type=End-User, Manager ID=10000037, Status=Active, User Created From HRMS=1, Telephone Number=4081233339, District=Cnt#1, Position=00000026, Sub Group=FS, Last Name=Khan, First Name=Salman}] Generic Error/Information: ignoreEvent Input Data : {Personnel Number=00011070, Street=1775 Milmont Dr, Postal Code=95035, Organization=Xellerate Users, Employee Type=Full-Time, Org Unit=10000037, Country=US, Middle Name=V, Cost Center=, User ID=00011070, City=Milpitas, Group=1, User Type=End-User, Manager ID=10000037, Status=Active, User Created From HRMS=1, Telephone Number=4081233339, District=Cnt#1, Position=00000026, Sub Group=FS, Last Name=Khan, First Name=Salman}
  On Re-evaluating the event, I see a different error in the logs:
  [2011-03-09T13:47:38.646-08:00] [oim1] [ERROR] [IAM-5010006] [oracle.iam.reconciliation.impl] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000IuS_iIo9d_w_wD0FyW1DTxCO0001JD,0] [APP: oim#11.1.1.3.0] [dcid: c4ab19921fd287b5:75438372:12e9c1335ee:-7ffa-0000000000002728] The following exception occurred: {0}[[
  oracle.iam.reconciliation.exception.InvalidEventException: Invalid ManagerLogin : 10000037
  at oracle.iam.reconciliation.impl.UserHandler.getOrchestrationParams(UserHandler.java:713)
  at oracle.iam.reconciliation.impl.UserHandler.create(UserHandler.java:150)
  at oracle.iam.reconciliation.impl.UserHandler.applyRule(UserHandler.java:90)
  at oracle.iam.reconciliation.impl.UserHandler.process(UserHandler.java:65)
  at oracle.iam.reconciliation.impl.ActionEngine.processEvent(ActionEngine.java:193)
  at oracle.iam.reconciliation.impl.ActionEngine.processEvent(ActionEngine.java:155)
  at oracle.iam.reconciliation.impl.ActionEngine.execute(ActionEngine.java:92)
  at oracle.iam.reconciliation.impl.ActionTask.execute(ActionTask.java:73)
  at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
  at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
  at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy467.onMessage(Unknown Source)
  at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
  at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
  at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:328)
  at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
  at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
  at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3822)
  at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
  at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
  at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  "Invalid ManagerLogin : 10000037" 10000037 is the org number in the lookup and its corresponding personnel number 00016901 is not being picked up.
  There is a known bug that if a user with that personnel number (i.e 00016901) does not exist in OIM 11g then OIM will not insert the record (bug 9688099), so to work around this, I added that personnel number to a user in OIM (USR_UDF_PERSONNEL_NUMBER). Still the same.
  Has anyone seen a similar error? Any ideas on what I could be missing? Troubleshooting tips?
  Has anyone implemented this version of the connector?
  Regards,
  Sunny
  Edited by: Sunny on Mar 10, 2011 1:50 PM

  This turned out to be an Oracle bug.
  Bug 9539918 - BOTH MANAGER ID FIELD AND ORG UNIT FIELD IS DISPLAYED WITH ORG UNIT VALUE
  This has been fixed in9.1.2.4 version of the connector. Patch11656991
  Sunny
  Edited by: Sunny on Mar 15, 2011 1:47 PM