OIM 11gR2 : recon matching multi-value attribute

Similar Messages

• Multi-Valued Attributes in Non-trusted recon - OIM

  Hi,
  I need to build a custom reconciliation task whihch performs non-trusted recon with my target system.In my process form,I have a Parent form(userid,email etc) and a child form(profileid).The profileid in the child form is a multi-valued attribute.Can Somebody explains me how i could do this?.
  I have created the Recon Field in Resource Object and mapped the field in Process Form Mappings.In my code,I am trying to call the createReconEvent("RO",usermap,finishevent).I am not clear with how my usermap should look like,since it involves multi-valued attribute.
  Any help would be appreciated.
  Thanks.

  Hi,
  You need to do following :
  (1) Create Recon event with false
  long l1 = reconIntf.createReconciliationEvent(sObjectName, hashmap, false)
  (2) Create hashmap having key-value pair of your mulitiattribute and unique value
  mhashmap.put(attribute-name, value);
  mhashmap.put(attribute-name, value1);
  (3) Add hashmap to multiattribute
  reconIntf.addMultiAttributeData(l1, [attribute-name], mhashmap);
  (4) Close the reconciliation Event.
  reconIntf.finishReconciliationEvent(l1);
  - AG

• Using AD connector to populate multi-valued attributes  to OIM

  Could anybody share the expirience of provisioning multi-valued attributes from AD to OIM 11.1.15?
  What is the best approach?
  Thanks.

  mc2,
  you can use http://docs.oracle.com/cd/E23104_01/download_readme_ps4/download_readme_ps4.htm#BABDABDA and http://docs.oracle.com/cd/E21764_01/install.1111/e12002/install.htm#CIHGAEFI as a staring point. This gives you pointers to all software needed and steps to follow.
  Kevin was referring in fact to BP1 11.1.1.5.1, Patch# [12748351|https://updates.oracle.com/download/12748351.html] , not PS1. PS1 is in fact 11.1.1.5.
  Florin

• Pre-populate a multi-valued attribute on target?

  Hi. I am working on pre-populating our I-Planet target resource with data we are storing in OIM User(Address data). it is a requirement by the AD group to store the data as a multi-valued attribute in the LDAP attribute postaladdress. I have tried setting up the resource form to use a pre-populate adapter to populate each line of the address, but I can only add the adapter once for the attribute. Any ideas on how to do this with a pre-populate adapter?
  rkimbal45

  You will probably need to write your own custom code to connect to your ldap directory and perform any actions needed when the field is updated. So you'll need a pre-populate to fill in the date with some sort of delimiter. Then on provisioning, you'll want to trigger this task after the create user. Then when any updates are performed, you'll need to completely refresh the multivalue attribute in the target. I would suggest one function to be called in your custom code, then query ldap for what exists, and parse your data for any updates neccessary, and then do as needed based on what exists and what needs to be added/deleted/updated.
  -Kevin

• How does IDP handle multi-value attributes in directory?

  I have a directory referenced by the IDP where the mail attribute is multi-value. Assertions being received by the SP are indicating that the mail attribute is null or empty. How does the Oracle IDP handle multi-value attributes from a directory? Is there a way to select the first entry in an array of multi-values?

  On the IdP side, passing of multi-valued attributes is supported. Read this section:
  http://download.oracle.com/docs/cd/E10773_01/doc/oim.1014/b25355/configuring.htm#BCGCGFCJ
  Snippet (under 'Delimited Data'):
  "In addition to supporting and passing multi-valued attributes, Oracle Identity Federation can also support delimited data to provide multiple values for assertion attributes ......"
  This information is also available on the OIF screen for 'Add Assertion Profile'.
  On the SP side, mapping a multi-valued assertion attribute to a local user attribute is NOT supported. Read this section:
  http://download.oracle.com/docs/cd/E10773_01/doc/oim.1014/b25355/configuring.htm#BCGGEAEA
  Snippet (under Submit/Reset button):
  "Note: Mapping an assertion attribute containing multiple values to a local user is not supported."
  So, basically, there is no way to send only the first value of an LDAP attribute.
  -shetty2k

• How to handle multi valued attributes

  Hi All,
  I am supposed to populate multivalued attributes for a field in oim resource profile. Lets assume the field is mailbox. The issue is that I am supposed to reconcile this field from the directory server during initial load. The mailboxes are fetched from the DS based on organization. For provisioning I have to get the mailboxes from the database and these mailboxes are based on the role a user has. At the time of provisioing, I am supposed to populate the mailbox field with values the user already has been provisioned with and also display the mailboxes that he can get access to. I have created the mailbox as a resource with id and name as two of its fields. Could someone please tell me how do I handle this?
  Thanks,
  Supreetha

  I am not sure if I could follow the same thing as mentioned in the link above. Here is my case, Role is a multi valued attribute which i need to handle in oim and is very different from the usual roles. For this purpose, I have created roles as a resource object with role_id as field in its process form.When an admin logs in to assign a new role_id, he should be able to see only those roles for assignment that the admin's org has. I have these org and role mappings in a custom table that I have created in the oim schema. How will I able to display only these available role_ids so that the admin can choose them and assign for the role resource.
  Could you please let me know how do I do the config in oim?
  Thanks,
  supreetha
  Edited by: Supreetha on Nov 13, 2010 2:54 AM

• Handling Multi-Valued attribute in trusted reconciliation

  Hi,
  We have a requirement where an attribute is multi-valued in LDAP(Sun One Directory Server) which is a trusted source for OIM. We wanted to use oracle Out-of-the-Box connector for Sun Java System Directory Server. We wanted to bring in this multi-valued attribute into OIM, concatenate everything and populate it to a OIM User form attribute. Hence though the value is multi-valued in trusted source, we process it and populate as a single valued attribute in OIM. Since we run trusted reconciliation we are unable to bring this multivalued attribute for the user into OIM.
  Can anybody suggest any other workaround available to achieve this functionality without touching connector source code?
  Any help would be greatly appreciated.
  Regards
  Deepa

  I would highly suggest writing your own custom code.
  You'll need to create a UDF that is large enough to handle your concatenated value. A resource object marked as trusted object. A provisioning process defintion to map the value to the field.
  Then write a custom scheduled task that will connect to the LDAP directory, perform your search using the modifytimestamp attribute to get all the values. Concatenate them together in your code and create the reconciliation event.
  It will turn out to be smoother than dealing with an entity adapter that runs everytime an event occurs which might not be related to this item.
  -Kevin

• Reconcile multi valued attributes

  Hi,
  I am developing a custom AD recon scheduler and my requirement is that i am able to reconcile multi-valued attributes like memberOf.
  I am using the tcReconciliationOperationsIntf reconObj factory interface. The reconObj has two inputs one the resource name and the other the HashMap. How do i add multivalued attributes to this hash map.
  I haven't tried multivalued attributes before , anyone has any tips please reply.

  createReconciliationEvent(java.lang.String psObjectName, java.util.Map poData, boolean pbFinishEvent) method has three parameters.
  If you want to add the data for multivalued attributes, you should call
  createReconciliationEvent(psObjectName, poData, false),
  then call the addDirectMultiAttributeData(...) method, and then the closeReconciliationEvent method.

• OAM : Multi-valued attribute in Authorization Rule Actions

  Our application is protected by an Oracle Access Manager deployment, where the identity user base is based in an Oracle Internet Directory.
  In the OID, for every user entry, we have a multi valued attribute (say, 'roleattr') which contains the roles recognized in our application. Once the user is authenticated by the Access Server, we need the roles associated to him to be fetched and returned in the page header (similar to uid).
  Hence, our question is, in PolicyManager, by setting the Authorization Rule > Actions, is it possible to retrieve this attribute (which is 'multivalued') and populated into the pageHeader, so that our application can retrieve the same.

  Sure, you'll get a colon-delimited list of the multiple values in your header!
  -Vinod

• Using "Update All Mapped Fields" with multi-value attributes

  Is it possible to update a value in a multi-value attribute through the import manager?  It appears that if a source value is different then it just gets added as another value to the record.
  For example, a product has an attribute of speed which is measured in revolutions/minute. Some products can be rated at two speeds (i.e. 1800/3600).
  I created a numeric attribute for speed and enable only nominal rating and selected multi-valued.
  In import manager, I set "/" as multi delimiter for source field.  This created two entries in destination attribute, 1800 and 3600. 
  However, if on subsequent imports the speed values changes for this record (i.e. 1200 and 1800) then I will now have 1200, 1800, and 3600 as values for this record.
  Would the proper solution be to create two individual numeric attributes that are single valued (i.e. Speed1 and Speed2)?

  Hi Aaron,
  in your example it would make sense to use two different attributes called "Speed1" and "Speed2". Using the multi value option, MDM allows you to store a list of values into a single field. This list is more or less unlimited, you can add as many values as you like. A change of an existing value is not possible. The reason is that Import Manager does not know, which value you've changed! So it simply adds the "new" record (which is the 1200 in your example) to your value list. This is the intended behaviour of the "update all mapped fields option". If you really want to replace the values, you can check if the "Replace" option is useable for you. But note, that the replace will replace the complete existing record with the incoming new one. This means if the product you want to import with the replace option is smaller than the existing one (maybe it does not contain values for all segments), you'll loose data in MDM.
  BR Michael

• Multi value attributes not appearing in the Web UI

  Hello,
  I've created a multi value attribute in the SAP GUI in CRM 2007 which appears correctly against the product. When I transfer this multi value attribute to the web UI, it doesn't appear at all unless you add values against it in the SAP GUI, in which case it appears, but the set type attributes are not editable.
  Any suggestions as to why the attribute is not appearing and what can be done to resolve this?
  Thanks,
  Alison

  Hi,
  I fear I did not completely get your point.
  One thing I noticed some time ago while playing with the marketing attributes is this:
  When you define an attribute that has multiple values, but no fixed values assigned, you are only able to maintain one value for this attribute. Maybe it is this what you are describing?
  The WebClient only adds new lines in the table for the attribute, when a server roundtrip is triggered by selecting a value from the DDLB.
  I do not know if SAP provided a fix for it in the meantime.
  cheers Carsten

• Multi value attribute in IB - how does it affect system (crm 4.0)

  Hi,
  Is there any limitation when using Multi value attribute in set type which is used for Individual object in IB?
  I have succeed in implementation of Multi value variable feature in CRM 4.0 . this change is irreversible so I wish to know what are the _risks moving it to production.
  (We use IB VERY heavily with single value attributes)
  Does it affect performance? other features?
  Thanks
  Rachel

  hi there
  due to the pain of sending the single value attribute in production,we usually try create multi value attribute so that multidimensional usefulness takes place.
  i really don see any limitation and risk sending those in production,infact it will serve u a good cause there
  just procede with that,so far we havent observed any defect doing that in projects
  best regards
  ashish

• Multi value attribute question

  Hello there,
  Our application would like to have a multi value attribute in DS11.1.1.7.0 on SLES platform. But here is my question..
  1. Can i have a one single attribute with value like companyCode: ABC,XYZ,QWE,RTY
  2. OR , can i have like below..
  CompayCode: ABC
  CompanyCode: XYZ
  CompanyCode: QWE
  CompanyCode: RTY
  which is the best method for LDAP server performance?
  Thanks

  Hi,
  Multi-valued attribute is supported OOTB by LDAP and it seems simpler&better (possibility to have better indexing, more efficient to add/delete values)  to use the second option, especially if you need to search for entries based on one of the attribute value. By default, LDAP attributes are multi-valued in the LDAP schema so you can store several values for companyCode.
  Note: attribute values in an LDAP attribute are unordered, so choose the primary option if you need to maintain ordering across attribute values.
  HTH
  -Sylvain

• How to query involving Multi-Value Attributes objects

  Hello.
       I have one question regarding coherence. We are looking for best and the fastest way to query multi-value attribute of objects. In Coherence User guide there is example, that shows, how can this be made with java.lang.String object:
       Set searchTerms = new HashSet();
       searchTerms.add("java");
       searchTerms.add("clustering");
       searchTerms.add("books");
       // The cache contains instances of a class "Document" which has a method
       // "getWords" which returns a Collection<String> containing the set of
       // words that appear in the document.
       Filter filter = new ContainsAllFilter("getWords", searchTerms);
       Set entrySet = cache.entrySet(filter);
       // iterate through the search results
       But I would like to know, how can this be made with some other object type. For example I could have object MyCoherenceObject with attribute HashSet<Identifier> idHashSet that would represent Person object that has composite key comprised of name and lastname. Identifier object would contain two attributes of type String: name & value.
       So basically I could have two identifiers in list:
       public MyCoherenceObject {
       public HashSet idHashSet = new HashSet();
       public MyCoherenceObject() {
       Identifier id1 = new Identifier("name", "John");
       Identifier id2 = new Identifier("surname", Smith");
       idHashSet.add(id1);
       idHashSet.add(id2);
       public HashSet getIdentifiers() {
       return idHashSet;
       This object would later be inserted in coherence cache. When query over coherence cache would be performed I would like all objects where multi-value parameter with name="name" equal "John" and parameter with name="lastname" equal "Smith". My code would look something like this:
       Set searchTerms = new HashSet();
       searchTerms.add("John");
       searchTerms.add("Smith");
       // The cache contains instances of a class "Document" which has a method
       // "getWords" which returns a Collection<String> containing the set of
       // words that appear in the document.
       Filter filter = new ContainsAllFilter("getIdentifiers", searchTerms);
       Set entrySet = cache.entrySet(filter);
       // iterate through the search results
       How can this be done. Basically I don't know how to search in multi-value attribute if one value represents arbitrary object and how to tell coherence which getter fuction must be used for comparison. In my case getValue() must be used and not getName().
       Second problem:
       Coherence must not return Person object with name="Smith" and lastname="John". Here upper filter would be satisified, but problem is that I am looking for person with lastname "Smith" and name "John".
       Domain description:
       I will have different objects of same type in coherence cache with different multi-value attribute list length. For example some objects will have only one identifier object in list (e.g. Phone "phoneNumber") some two (e.g. Person "name", "lastname") and other objects will have maybe three identifier objects (e.g. City "country", "area", "state").
       If there is faster way to do this in Coherence (I saw examples with getters that contain attributes for example), please give me some directions.
       Thank you very much for your help.

  When filtering based on the getIdentifiers, you should add Identifier instances into the searchTerms collection, and it will satisfy all your expectations. If you add simple Strings into that searchTerms collection, then none of your queries will return anything, because the String will never equal() the Identifier instances.
       You can also add an index on the getIdentifiers() method. However, the Identifier class should properly implement the equals() and hashCode() methods, and in order to be able to use an ordered index (you don't need that for the current requirements you listed), it should also implement Comparable.
       BR,
       Robert

• Mod performance on multi-valued attributes

  Is there any way to improve mod performance of DS5.2P4 that has a lot of frequently modified multi-valued attributes?
  Thank you.

  There are different ways to tune Directory Server for write performance.
  The area to consider are :
  - DB cache size and location of the db-home-directory
  - Entry cache size and overall memory available
  - Spreading writes to multiple disks. For example, putting logs, transaction logs and the DB on separated disks
  - Useful vs useless indexes
  - Disks performances
  You may also want to check "cn=Directory Manager" blog <http://blogs.sun.com/DirectoryManager" about performance tips.
  Regards,
  Ludovic.