OIM 11g: Target account attribute value enforcement/policy

We have some requirements around enforcing certain attribute values on our target platforms. For example, if we provision a field "Approval Limit=$100", and on a recon that value has been changed to "Approval Limit=$5000", then appropriate action should be taken (i.e. change it back to $100, notify somebody, etc.)
This type of feature was available on some other IDM products I've worked with, but there does not seem to be anything built in to OIM to support this.
My initial thoughts were to write task adapters against the Recon Insert/Update Received events and perform these types of checks and corrections there.
Has anyone else run into this requirement in OIM? How did you solve it?

There are three ways to handle such scenarios:
Process Task: Attach a task on Reconciliation Task
Event Handler/Entity Adapter
Schedule Task

Similar Messages

  • OIM 11g target recon not performing full recon for OID resource

    Hi
    I noticed that full target recon is not being performed on OID because every time I run the recon only few same records that were recently updated gets reconciled but not all. I tried updating the timestamp attribute to 0 and also tried removing that attribute from recon parameters in OIM.
    I also tried creating new Reconcilliation Profile but no luck.
    My oim version is 11.1.1.5 and OID is also 11g. Please help.

    Hi
    I just saw the diagnostic log:
    oracle.iam.reconciliation.exception.InvalidDataFormatException: Invalid data - 20120726000000z against Date format yyyy/MM/dd HH:mm:ss z for key Start Date
         at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.convertReconFieldsToOIMFields(ReconOperationsServiceImpl.java:1437)
         at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:361)
         at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:346)
         at Thor.API.Operations.tcReconciliationOperationsIntfEJB.ignoreEventx(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
         at java.lang.reflect.Method.invoke(Method.java:611)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
         at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
         at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy773.ignoreEventx(Unknown Source)
         at Thor.API.Operations.tcReconciliationOperationsIntfEJB_troehf_tcReconciliationOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
         at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
         at Thor.API.Operations.tcReconciliationOperationsIntfEJB_troehf_tcReconciliationOperationsIntfRemoteImpl.ignoreEventx(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
         at java.lang.reflect.Method.invoke(Method.java:611)
         at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
         at $Proxy168.ignoreEventx(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
         at java.lang.reflect.Method.invoke(Method.java:611)
         at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
         at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
         at $Proxy770.ignoreEventx(Unknown Source)
         at Thor.API.Operations.tcReconciliationOperationsIntfDelegate.ignoreEvent(Unknown Source)
         at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation.reconcileUser(Unknown Source)
         at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation.processRecord(Unknown Source)
         at com.thortech.xl.integration.OID.util.tcUtilLDAPOperations.pagingReconSearch(Unknown Source)
         at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation.doReconSearch(Unknown Source)
         at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation.processChange(Unknown Source)
         at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation.execute(Unknown Source)
         at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:384)
         at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:145)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
         at java.lang.reflect.Method.invoke(Method.java:611)
         at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
         at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
         at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
    Caused by: java.text.ParseException: Unparseable date: "20120726000000z"
         at java.text.DateFormat.parse(DateFormat.java:348)
         at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.convertReconFieldsToOIMFields(ReconOperationsServiceImpl.java:1433)
         ... 56 more

  • OIM 11g R1 - Validating Password against Password Policy

    Hi,
    May I know how I can validate a password against a password policy specific to a particular resource object.Thanks.

    See this,
    http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/appinstance.htm#CHDEHJJJ
    For 11gR1, see this,
    http://docs.oracle.com/cd/E17904_01/doc.1111/e14308/oim_admin.htm
    After creating the policy, add this policy to the resource object by using the Password Policy Rule Tab.
    I hope this helps
    Edited by: Shashi kiran on Apr 19, 2013 3:36 PM

  • How to assign approvaal policy for a request template in OIM 11g

    When I request for resource in OIM 11g, It's always going for Default approval of xelsysadm.
    I want this Request level approval must go to "Beneficiary Manager approval". While requesting I am selecting request template (which I created) for Provision resource as Request type.I have already set "Beneficiary Manager approval" as request level approval for this request template.
    I have created one approval policy, How can I assign this approval Policy to request template so that When i submit this request , it should go to my Manager approval.
    Regards,
    J

    Hi Rajiv,
    I do not need approval of Operational level. I want to stop the approval process after request level approval.
    Here you are saying to create a new approval policy and set as AUTO Approval as true. There are some default approval policies which comes with OIM 11g and one of the approval policy is trigeering the Operaional level approval. So I think I do not need to create new approval policy and I can use exsting approval policy and modify as you suggested selecting AUTO APPROVAL and create approval rule as request template=="XYZ".
    I am not sure which default approval policy trigeering the Operational approval now. Can you pls tell me that?
    Can you pls confirm that, there is only way to restrict Opertional Approval by selecting "AUTO APPROVAL" true and put the approval rule as request template=="XYZ"
    Thanks Rajiv for your help all the time.

  • Trusted Reconciliation in OIM 11g

    Hi
    I have written custom scheduler task in OIM 11g which will retrieve values from database and call recon API's to create users in OIM.
    Database Table contains the following sample values
    FIRSTNAME:RECON
    LASTNAME:USER1
    USERLOGIN:RUSER1
    ORGANIZATION:Xellerate Users
    EMPLOYEE-TYPE:Full-Time
    I created Resource Object with the above recon attributes and mapped these attributes to OIM User Attributes and made userlogin as key attribute.
    I created Recon Rule as USER LOGIN equals userlogin and action rule as No Matches Found -> Create User
    Now I ran the job from UI and status is showing as Data Recieved only. It is not creating users.
    Below are the logs for the same.
    *<Jul 20, 2011 7:47:55 AM EDT> <Error> <oracle.iam.reconciliation.impl> <IAM-5010000> <Generic Error/Information: {0}*
    oracle.iam.platform.utils.SuperRuntimeException: java.sql.SQLIntegrityConstraintViolationException: ORA-02291: integrity constraint (OIM11GDB.FK_RECON_EVENTS_USR) violated - parent key not found
    ORA-06512: at "OIM11GDB.OIM_SP_RECONBLKUSERCRUD", line 759
    ORA-06512: at "OIM11GDB.OIM_SP_RECONBLKUSRMLSWRAPPER", line 71
    ORA-06512: at line 1
         at oracle.iam.reconciliation.dao.DBCall.execute(DBCall.java:24)
         at oracle.iam.reconciliation.dao.ReconActionDao.processSPCall(ReconActionDao.java:1316)
         at oracle.iam.reconciliation.dao.ReconActionDao.executeBulkUserMatchCRUD(ReconActionDao.java:686)
         at oracle.iam.reconciliation.impl.UserHandler.executeBulkCUD(UserHandler.java:568)
         at oracle.iam.reconciliation.impl.BaseEntityTypeHandler.process(BaseEntityTypeHandler.java:34)
         at oracle.iam.reconciliation.impl.ActionEngine.processBatch(ActionEngine.java:129)
         at oracle.iam.reconciliation.impl.ActionEngine.execute(ActionEngine.java:90)
         at oracle.iam.reconciliation.impl.ActionTask.execute(ActionTask.java:73)
         at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
         at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
         at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy364.onMessage(Unknown Source)
         at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
         at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
         at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:328)
         at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
         at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
         at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3822)
         at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
         at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
         at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Pls Help.

    Hi Rajiv,
    Please see my comments below.
    Where is Design Console Access attributes ?I think no need to set value for this attribute as the default value will be End-User only. Correct me if I am wrong.
    Have you created Recon Rule properly ?yes
    Have you created Reconciliation Profile ?yes
    Call teh API porcessReconciliationEvent after createReconciliationEvent API.Is it mandatory to call processReconciliationEvent after createReconciliationEvent? The reason why I am asking is when I wrote scheduler for target recon I didn't used processReconciliationEvent.
    Thanks

  • Provision a Resource Object to Organization automatically in OIM 11g

    Hi All,
    How to provision a resource Object to Organizations automatically in OIM 11g.
    Can we use Access Policy for this , if not , is there any other way to solve this.
    Regards
    Edited by: 903745 on 31 May, 2012 1:40 AM

    Are you referring to creating an resource object (e.g. group) on the Organization itself (as opposed to users in that Organization) ? If so this can be done from a post-process event handler on the Organization object.

  • How to pass the value from DB in Approval Policy Rule OIM 11g R2

    Hi,
    I need to get the value of rule condition in Approval policy from DB.
    Please let me know how to achieve this. I am using OIM 11g R2.
    Thanks

    How to passing the textbox value within the jsp page
    without using javascript or reload the page.No, jsp executes on the remoter server, the text box is on a client machine, you need to send information to the server over the network, http does this with a request, which will reload the page.....................

  • Lookup codekey value in Request dataset in OIM 11g

    Hi,
    Below is my Attribute reference in Request dataset in OIM 11g.
    Could you please suggest what could be the possible Lookup code key values in lookup 'Lookup.AccountingControl.Roles'
    I tried giving CodeKey values as "ACCOUNTING CONTROL~" then Decode value as "Administrator" , However it does not give any value.
    So I think what I am giving as Codekey value is wrong based on below lookup query.
    What could be the correct value for CodeKey ? Thanks!!
    <AttributeReference name = "Role Name" attr-ref = "Role Name" type = "String" length = "256" widget = "lookup-query"
    available-in-bulk = "true"
    required = "true"
    primary = "true">
    <lookupQuery
    lookup-query = "select lkv_encoded as Value,lkv_decoded as
    Description from lkv lkv,lku lku where lkv.lku_key=lku.lku_key and
    lku_type_string_key='Lookup.AccountingControl.Roles' and instr(lkv_encoded,concat('ACCOUNTING CONTROL','~'))>0"
    display-field = "Description"
    save-field = "Value"/>
    </AttributeReference>

    Yes..You were right.
    You resolved one of my issue. I have marked it as answered giving 10 pts ;-)
    I think I have already raised another forum question where I needed to pass this Accounting Control as dynamic and this is one Resource Obkect selected from previous page.
    You asked me to use Prepopulate adapter to get the Resource Object name.
    I have still some questions to solve that issue.I will put that question there. It would be great yo answer it.

  • Problem with Acess policy based Provisioning using DBConnecor in OIM 11g R2

    Hi,
    I am doing Access policy based Provisioning using DB Connector 9.1.0.5.0 in OIM 11g r2.
    it is throwing ITResource Instance with key 0 does not exist. but there no option to select it resource in Process form via Acesspolicy.
    in Application instance form there is a form in that it-resource field is available with default value 0. i am trying to update this value it is not updating . at the time of triggering access policy i am getting following error.
    [XELLERATE.SERVER] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000JdMSEGQApIGqywYfMG1GU6ud000002,0] [APP: oim#11.1.2.0.0] Class/Method: APIUtils/createApplicationInstance encounter some problems: ITResource Instance with key 0 does not exist.[[
    oracle.iam.provisioning.exception.ITResourceNotFoundException: ITResource Instance with key 0 does not exist.
         at oracle.iam.provisioning.util.ApplicationInstanceUtil.validateITResource(ApplicationInstanceUtil.java:119)
         at oracle.iam.provisioning.impl.ApplicationInstanceServiceImpl.addApplicationInstance(ApplicationInstanceServiceImpl.java:70)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
         at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
         at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy455.addApplicationInstance(Unknown Source)
         at oracle.iam.provisioning.api.ApplicationInstanceServiceEJB.addApplicationInstancex(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
         at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
         at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    its urgent requirement.
    Thanks,
    Edited by: 853559 on Oct 12, 2012 2:25 PM

    You can re-visit access policy It will have the Process form where you can provide the access policy and save it. Access policy is already created so you can modify access policy and open the process form select IT Resource and save it.
    Another way to write pre-pop adapter for populating IT Resource on the process form. But I am sure you can provide it resource via access policy.
    ---nayan

  • OIM 11g - Reconciliation of Target Resource Status

    Hi,
    We're working with OIM 11.1.1.5.2 and connectors DBUM 9.1.0.4 and MSAD 9.1.1.7.
    Provisioning and reconciliation seem to be working correctly, but we found that the status of the resource is not getting reconciled on OIM console.
    For example, if we provision an user with an Oracle Database account, and then lock the account on the database, when we run reconciliation the event is generated and finished with "update succeded", we go to the UD_DB_ORA_U table and find that the field UD_DB_ORA_U_LOCK has a "LOCKED" value, then if we check the logs we can see that the connector is correctly mapping the resource status with the OIM object status:
    prepareTargetUsersRecordInOIMFormat : record value : LOCKED
    prepareTargetUsersRecordInOIMFormat : map : {OPEN=Enabled, 1=Disabled, YES=Disabled, 0=Enabled, EXPIRED & LOCKED=Disabled, NO=Enabled, LOCKED=Disabled}
    prepareTargetUsersRecordInOIMFormat : roValue : TEMPORARY_TABLESPACE_QUOTA
    prepareTargetUsersRecordInOIMFormat : Temp RO value : null
    prepareTargetUsersRecordInOIMFormat : reconData : [{Default Tablespace=27~USERS, Authentication Type=PASSWORD, Password=Dummy, Default Tablespace=27~USERS, Authentication Type=PASSWORD, Password=Dummy, Default Tablespace Quota=, Profile Name=27~USUARIOS, IT Resource=Oracle, User Name=USPRUEBA65, Temporary Tablespace=27~TEMP, Account Status=LOCKED, Status=Disabled, Global DN=, Privilege List=[], Role List=[{Role Admin Option=NO, Role Name=}], Temporary Tablespace Quota=}]
    prepareTargetUsersRecordInOIMFormat:: FINISHED
    But, even though the reconciliation has succeded the administrative console shows the account on "Enabled" status, and when I check the OIU table i can see that the OIM object status is still enabled.
    I found some threads related to this issue, the most similar was this one: Reconciliation for the deleted user accounts on Target Resource but everything there do not seem to be of much help because all tasks described are already done by the connector installation (at least in msad and dbum connectors).
    This problem is happening both for Active Directory and Oracle Database Users, maybe we're missing something but based on the documentation for both connectors we thought it was an OOTB functionality. Is there some system property or connector parameter we need to configure to make this work?
    Thanks.
    Edited by: fmc on Jul 26, 2012 12:53 PM

    Hi Pallavi,
    Well, you were right after all, we were mixing 2 totally different problems here and it got us confused.
    The problem with the DBUM connector was exactly what you said, a bug in the connector, just needed to modify the connector task object to status mapping. We were checking the Reconciliation Update Received task on AD and we thought it would be the same, and it was obviously not. Well, in this case teh recon event was being generated but nothing happened, after we changed the process task it worked like a charm.
    On the other hand, the problem with the AD reconciliation was that our search filter on the recon job was configured to ommit accounts with the disabled status (!(userAccountControl=66050)), it was certainly a silly problem, never thought we had that in the filter (it's a huge filter and we didn't pay attention to that clause the first time around) but everything is working now, thanks!

  • Retrieve field value lookup OIM 11g

    Hello! I have a problem to get the value of an attribute lookup, for example, to use this syntax OIM 9
    Lookup Query = select from lkv_decoded lkv, lku WHERE lkv.lku_key = lku.lku_key and lkv_encoded = *'$Form date$. $USR_UDF_DEPARTMENT$'* and lku_type_string_key = 'Lookup.Position_new'.
    What is the syntax used in the OIM 11g? ('$Form Data$.$USR_UDF_DEPARTMENTS$)
    Help me !
    Thanks
    Edited by: 825715 on Feb 10, 2011 8:48 AM

    So,
    I have a form with an LOVs attribute, how to get the value selected in this LOVs and put in a query? (Dependent Lookup)

  • Exchange attributes -OIM 11g R2

    Hi,
    I am on OIM 11g R2
    I am trying to configure Exchange connector (latest version) with connector server installed. Now in our env we populate multiple values for proxyAddresses -as SMTP, smtp, sid. How do we handle this in Exchange connector?
    Also, I can see that there many primary exchange resource related attributes (like msExchUserAccountControl, msExchMailboxGuid) which are not mentioned any where in Exchange connector. How do we handle them?
    Thanks

    For proxyAddress as it is multiple attribute, best way in OIM is via child table. But there is issue with ICF exchange v11.1.1 connector where it is not able to update the proxyaddress. I already have bug filled for it. Not sure about the other attributes you mentioned. The are single valued so you can try extending the connector to include them as per connector doc and check the behavior.
    My response is based on my exp with ICF and OIM11G R1. Since the connector version is same for R2, thus the reponse.
    -Bikash

  • OIM 11g R2 - Invoking Modify Operation on a disbled account

    Hi,
    In OIM 11g R2, we noticed that OIM is allowing to perform modify operation on an account which is in disabled state.Is there any way to prevent this?.We are planning to write a validator code to perform this check but we have multiple connectors,so the changes are substantial.Thanks in advance.

    Hi,
    Sounds like I hit the same issue with OIM 9.x
    I tried to update the corresponding process form version of an existing user in OIM db, still the new field is not available in UI.
    Referred to SQL update http://rajivdewan.blogspot.fi/2013/08/fvc-form-version-control-utility.html
    That's cool! After updating the process form version in db, existing user's process form displays new attribute.
    Br,
    Jakob
    Message was edited by: JakobDaavid

  • Error while creating authorisation policy using OIM 11g API

    Hi,
    We have a requirement to create ‘Authorization Policies’ (assign Data Constraints, Permissions & Assignments) using OIM 11g API’s.  I am using ‘oracle.iam.authzpolicydefn.api.PolicyDefinitionService & oracle.iam.authzpolicydefn.vo.AuthzPolicy’.  But when I am trying to attach Entity/Feature (User Management) to authorisation policy, it is throwing exception.  Below is the code snippet which I am trying to implement.
    Line1: PolicyDefinitionService policyService = oimClient.getService(PolicyDefinitionService.class);
    Line2: AuthzPolicy authPolicy = new AuthzPolicy();
    Line3: authPolicy.setName("Test Authz Policy");
    Line4: authPolicy.setDisplayName("Test Authz Policy Dsp Name");
    Line5: authPolicy.setDescription("Test Authz Policy Description");
    Line6: Feature feature = oimClient.getService(Feature.class);
    Line7: Action featureAction = feature.getAction(FeatureManagerConstants.Features.USER_MGMT.getId());
    Line8: List<Action> actions = new ArrayList<Action>();
    Line9: actions.add(featureAction);
    Line10: authPolicy.setActions(actions);
    Line11: policyService.createPolicy(authPolicy);
    Exception: oracle.iam.platform.utils.NoSuchServiceException: java.lang.ClassNotFoundException: oracle.iam.authzpolicydefn.api.FeatureDelegate
    The above exception is throwing at Line6.
    Let me know if anyone implemented.
    - Kalyan Mutya

    If you are using JDeveloper , can you able to get class after giving "." .If yes no than it is the problem with the jar file you are using .Check whether you can able to import oracle.iam.authzpolicydefn.api.Feature.
    Thanks ,
    Animesh anand

  • OIM 11g R2 - Transferring accounts from one user to another user

    Hi,
    In OIM  11g R2,we have a requirement that we need to transfer accounts from one user to anothe user.For example,an user "User1" has AD and Exchange Accounts provisioned.Now we wanted to to transfer these AD and Exchange accounts to another user "User2".May I know how this can be done ?.Thanks

        public void moveAccount(){
            try {
                long newUser = xxxxx;
                long oiuKey = xxxxxx;
                userIntf.changeToServiceAccount(oiuKey);
                userIntf.moveServiceAccount(oiuKey, newUser);
                userIntf.changeFromServiceAccount(oiuKey);
            }catch(Exception e){
                e.printStackTrace();
    -Kevin

Maybe you are looking for

  • IDOC-XI-JMS Adapter

    Hi I have to build interface for scenario IDOC-XI-JMS adapter and legacy syetem is MQ-series. All the jar files has been deployed which is the pre-requisite to use JMS adapter. Can anyone tell me if I should send data in file or as message. Also if y

  • The movie could not be played

    I purchased a movie on my iPad through iTunes. It worked great for a few months. Now I just get a message saying "cannot play the movie". I tried rebooting. I tried making sure that I am online and logged onto iTunes. But nothing is working. The only

  • Upgrade JAX-WS stack inside WebLogic 10.3

    I have a question on upgrading the JAX-WS stack that is built inside WebLogic 10.3. WebLogic 10.3 JAX-WS RI's version is Oracle JAX-WS 2.1.3 internally and now that JAX-WS 2.2 is out, I would like to use it for my application development. Is there a

  • Confirm Transfer order using FM L_TO_CONFIRM

    Dear All, I need to confirm a transfer order. I am using this FM 'L_TO_CONFIRM' to do that, but i think there is some issue in populating the tables parameter (T_LTAP_CONF & T_LTAP_CONF_HU) of this FM, so i am not getting the sy-subrc to 0. Can anyon

  • Document link within PDF

    I have made a PDF that has a link to the other Word or PDF document within my harddrive.  However, when try to burn all the files to CD-RW, many of the links get inactivated. I would like to know those links still be active even after everything is b