OIM 11GR2 UNIX Connector Reconcile users from UNIX inquiry

Good Day!
I would like to ask whether there is a way in OIM that when I reconcile all new users from my UNIX server, OIM will also create the resource which this user is provisioned upon?
Here is my scenario:
1.) Freshly installed OIM 11GR2.
2.) Installed UNIX connector on OIM 11GR2.
3.) Configured UNIX TRUSTED Resource
4.) Reconciled all the UNIX users into OIM. (New users are created since my OIM doesn't have any user)
5.) The problem is when the new users are now created in OIM, they don't have entitlements or accounts linked to the UNIX server which they have been pulled upon.
I would like to ask whether I need to configure something to have the entitlements/accounts linking possible?
If not, what are the ways I can achieve this?
The only way I can think of is have the UNIX users be created in a flat file first then load via GTC then have reconciliation to have OIM to link these users to UNIX which I believe should be able to do the scenario I am asking upon.
Thanks in advance!
Regards,
Jeff

By the way, checking target resource recon by default will not create new users when OIM is not able to establish a link.
In my case, OIM doesn't have any users since this is a fresh install hence even running target resource at start will won't create the new users in OIM right?
based from this:
"You configure application (AD, OID, OVD, HR) etc in Target Resource Mode if that OIM is source of truth for user provisioning (All users are created in OIM and OIM then provision accounts in Application. Any changes in Application are reconciled back to OIM)."

Similar Messages

  • OIM 11gr2 UNIX Connector SUDO user

    Good Day!
    I would like to ask on how can I configure the UNIX connector using a SUDO user?
    I already have followed the documentation guide in setting up the SUDO user but I am getting this error:
    org.identityconnectors.framework.common.exceptions.OperationTimeoutException: Command timed-out while waiting for: password
    I'm not sure if I missed some steps?
    Your reply is greatly appreciated.
    Thanks!
    Regards,
    jeff

    Was there any feedback to your SR coming from Oracle?
    Because I have the same issue here.
    Regards,
    M

  • How do i reconcile users from OIM to OID

    I have configured the OIM with the connector for OID. But the user created in OIM is not stored in the OID. How should i proceed with it?

    You are trying to do Provisioning with OID.
    You have logged in with XELSYSADM.
    You have searched for user and went to his Resource Profile.
    Clicked Provision New Resource and selected OID.
    Resource form must be populated and you have filled the information and clicked continue and subitt that.
    Now go to Process Form attached with it and see whether values for OID Server has come and check for other attributes also.
    Also uncheck Auto Save button and start provisioning for some user again and give proper values in all the fields of Process as well as Object forms.

  • Problem handling SMTP address with OIM 11gR2 Exchange connector

    Hello,
    I have a problem in regarding the primary SMTP address with the Exchange connector. The connector doesn't seem to be able to update it. Changing a user's primary SMTP address from its account details in OIM creates a new secondary address in Exchange. It does not change the current primary SMTP address. This does not look like a normal behavior... Any ideas on how to fix this?
    I'm using OIM 11gR2 with BP10 with AD 11.1.1.5.0A and Exchange 11.1.1.5.0.
    Thanks,
    --jtellier

    Yes, you can try out few things suggested in below thread
    Re: Exchange Provisioning
    The error looks like form exchange server side but still not sure about it.
    Meantime open Service Request with oracle about the same as I can see other developers are also facing same issue.

  • OIM 11gR2 - Identity console - Search Users Page.  Need to add employee number by default.

    Hi,
    I am new to oim 11gR2.  I have a requirement , to add the employee number field in the user search box. I do not want to use the Add Fields button to add the employee number search field.
    When any user goes to the search page, they must find the employee number field in the search box in addition to the other default fields like lastname, firstname, etc.  Is it achievable? Thanks in advance.  
    If possible.... can you please provide the steps to achieve it?.. thanks

    Karthik Perath
    Thanks for the answer....... but I guess you misread the question.  I am able to add new fields as columns to the search results table.  My problem is I want to add the searchable field to the query form.  Also, I do not want to use the Add Fields button (because that is a part of Saved Search which is Personalization and limited only to the creator) , I want the newly added searchable field. for example Employee Number ( which is not there by default)  to be made available to all the end users of Identity Self Service system..... Hope you got the problem... 

  • OIM 10g - custom connector - modify user

    Hi
    I am writing a custom connector for OIM 10g and looking out for modify request format. My application has roles which are managed by OIM. When I call 'modify user' to update user's role in the application, I want to have the information of old role and new role in the connector. Please let me know how can I get the information of old role for the provisioned resource. I want to log the information that at the time of 'modify user' which role was newly added and which role was deleted.
    Does anybody has information about how this can be implemented.
    Thanks

    Well , When you write a process task for adding/ removing the child table , you specify in the task configuration the child table name and trigger type (insert OR delete)..
    So when you add or remove operation from child process form in OIM, OIM know which task it has to trigger and you can put the logic to add /remove the role in the adapter attached to the task .
    Thanks
    Suren

  • How to verify all the Services in Oracle R12 from Unix OS

    Hi,
    Can someone please through some details on how to check and verify the unix processes and services from Unix backend in R12. In 11i I was using
    ps -ef|grep f60
    ps -ef|grep httpd
    ps -ef|grep FNDLIB
    Currently , I am using './adopmnctl.sh status ' command to see if all the components are UP. But I need to see the conc manager, form/report server , apache etc and on which port they are running as OS Processes.
    Thanks
    -Samar

    Hi Samar,
    Processes in Instance: hostname_domain
    ------------------------------------------------+---------
    ias-component | process-type | pid | status
    ------------------------------------------------+---------
    OC4J | oafm | 29879 | Alive
    OC4J | forms | 29801 | Alive
    OC4J | oacore | 29726 | Alive
    HTTP_Server | HTTP_Server | 29669 | AliveThe above indicates that all application processes (except the CM) is up and running. You may also refer to the log files to verify that.
    I can also see the ps -ef|grep Apache but noting is comming as ps -ef|grep FNDLIB or ps -ef|grep frmweb or
    ps -ef|grep rwrun. What about "ps -ef | grep -i fnd"? If CM is down (verify by issuing "adcmctl.sh status" or from the application (Administer CM window)), the ps command will not return any result.
    For the forms server, does "ps -ef | grep -i frm" return something?
    I am using the R12 on linux single node. I shudown and starting all the services with adstrall.sh and it exited with status 0 after bringing up all the components. Apache and DB listeners are UP. I cant opent the forms due to firewall and Virus Protection AD blockers.What is the error you get? Can you open the forms if the firewall and pop-up blockers are disabled?
    How can I check if all the services are performing OK.The adopmnctl.sh command should be helpful here. In addition, review the log files (and try the commands in this reply) to verify the application components.
    Regards,
    Hussein

  • OIM 11gR2: API to modify accounts

    Hi all,
    I would like to develop an event handler for OIM 11gR2 to modify a user account (for example Active Directory account) if some conditions are satisfied.
    I looked for proper API in Java API Reference for Oracle Identity Manager and I found the interface ProvisioningService.
    I already developed an event handler for test purpose that gets and prints account details and it works.
    My question is: can you provide me an example to use the API to modify an account correctly please?
    Thanks in advance,
    Daniele

    Find the act_key for this new organization and then use the UserManager api to update the act_key for all the accounts.

  • Need to reconcile users based on custom query in IT resource

    Hi,
    We have a requirement to reconcile users from DB based on below criteria:
    If the user have attribute=sysadmin as 'Y' then that user should be reconciled into idm.
    If user have two attributes=sysadmin as 'Y' and manager as 'Y', then that user should be reconciled into idm.
    If user have two attributes=sysadmin as 'Y' and manager as 'N', then that user should be reconciled into idm.
    But if If user have two attributes=sysadmin as 'N' and manager as 'N', then that user should not be reconciled into idm.
    I need to mention that in the custom query column of IT resource. I gave the below query but the schedule task fails with error.
    Custom Query: (|(|(|(|(CREATEGLOBAL_FLAG="Y")(SYSADMIN_FLAG="Y"))(ALLOCATE_FLAG="Y"))(RELEASE_FLAG="Y"))(LOCATION_RESTRICTIONS_FLAG="Y"))
    Error: ERROR,24 Apr 2012 20:29:15,830,[OIMCP.DATC],Class/Method: DBFacade/getRecord encounter some problems: ORA-00936: missing expression
    java.sql.SQLException: ORA-00936: missing expression
    at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:138)
    If anybody have implemented same scenario then please help us.
    Thanks,
    Kalpana.

    Try this query:
    select usr.usr_login, obj.obj_name, ost.ost_status from usr, obj, obi, oiu, ost where usr.usr_key = oiu.usr_key and obi.obi_key = oiu.obi_key and obi.obj_key = obj.obj_key and ost.ost_key = oiu.ost_key and obj.obj_name='<resource object name>'
    you can add : and ost.ost_status = <status value > to search status as well.
    regards,
    GP

  • Deploying the UNIX connector in OIM

    Hi All
    Am trying to deploy the UNIX connector for OIM. The connector is deployed to connect to Red hat Linux 3.0 but am having difficulties in confinguring ssh. Am using the documetation provided by the connector. But when i try to test for connectivity it is always asking for the passphrase and sometimes the root user password
    Is there another doc that i can use to configure the same?
    Or does any one know of a proper way?
    Please.
    Thank you.

    Thanks for the heads up atleast now after changing the shell to $ and not using the private key we were able to see some progress from jboss even though when try to provision the user, the user is not being created. The promising message we are getting from
    [STDOUT] Target Class = com.thortech.xl.integration.telnetssh.helper.SSHProvisioning
    [TELNETSSH] Setting targetEnglishLocale:export LANG=en_US.UTF-8
    [TELNETSSH] ***SSHRecon:Init: Entered Method
    [TELNETSSH] ***SSHRecon:execute: Entered Method
    [TELNETSSH] Setting targetEnglishLocale:export LANG=en_US.UTF-8
    [TELNETSSH] in ssh
    [TELNETSSH] TelnetSSHUtil/executeCommand :login success
    [TELNETSSH] in ssh
    [TELNETSSH] TelnetSSHUtil/executeCommand :login success
    [TELNETSSH] in ssh
    [TELNETSSH] TelnetSSHUtil/executeCommand :login success
    [TELNETSSH] in ssh
    [TELNETSSH] TelnetSSHUtil/executeCommand :login success
    [TELNETSSH] in ssh
    [TELNETSSH] TelnetSSHUtil/executeCommand :login success
    [TELNETSSH] Recon Ends
    [STDOUT] Running SSHCREATEUSER
    [STDOUT] Target Class = com.thortech.xl.integration.telnetssh.helper.SSHProvisioning
    [TELNETSSH] Setting targetEnglishLocale:export LANG=en_US.UTF-8
    [STDOUT] Running SSHCREATEUSER
    [STDOUT] Target Class = com.thortech.xl.integration.telnetssh.helper.SSHProvisioning
    [TELNETSSH] Setting targetEnglishLocale:export LANG=en_US.UTF-8
    But was unable to verify that the allow root login was set. How do i verify this and where?
    Thanks

  • OIM 11.1.1.5.0 BP02 Generic UNIX Connector Configuration Problem

    I have an inquiry regarding the configuration of the Generic UNIX Connector on 11.1.1.5 of OIM. Basically, when I try to do Primary Group Recon and Shell Recon, I get an error saying:
    Oracle.iam.connectors.icfcommon.exceptions.IntegrationException: The value for a key [Host] is not defined in the provided map.
    I have followed the documentation of the UNIX guide connector and also created an attribute in OIM Design Console called privateKey[LOADFROMFILE] containg a value of file:\\\home\oracle\Oracle\Middleware\Oracle_OIM1\server\ConnectorDefaultDirectory\SSH\config\oim_rsa.
    I also tried to provisioned a user with the UNIX resource but I get an error message saying:
    Running CREATEUSER
    Target Class = oracle.iam.connectors.icfcommon.prov.ICProvisioningManager
    <Jul 2, 2012 6:20:32 PM PHT> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER> <BEA-000000> <oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user
    oracle.iam.connectors.icfcommon.exceptions.IntegrationException: The value for a key [Host] is not defined in the provided map.
    at oracle.iam.connectors.icfcommon.util.MapUtil.getRequiredValue(MapUtil.java:94)
    at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:122)
    at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:133)
    at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:141)
    at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.createObject(ICProvisioningManager.java:253)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpUNIXCREATEUSER.CREATEUSER(adpUNIXCREATEUSER.java:109)
    at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpUNIXCREATEUSER.implementation(adpUNIXCREATEUSER.java:54)
    at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
    at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
    at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2917)
    at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:547)
    at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
    at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
    at com.thortech.xl.ejb.beansimpl.tcProvisioningOperationsBean.retryTasks(tcProvisioningOperationsBean.java:4042)
    at Thor.API.Operations.tcProvisioningOperationsIntfEJB.retryTasksx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
    at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
    at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at $Proxy329.retryTasksx(Unknown Source)
    at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
    at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
    at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.retryTasksx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
    at $Proxy167.retryTasksx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
    at $Proxy328.retryTasksx(Unknown Source)
    at Thor.API.Operations.tcProvisioningOperationsIntfDelegate.retryTasks(Unknown Source)
    at com.thortech.xl.webclient.actions.ResourceProfileProvisioningTasksAction.retryTasks(ResourceProfileProvisioningTasksAction.java:702)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
    at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
    at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
    at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
    at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
    at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
    at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
    at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
    at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
    at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
    at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
    at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:108)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    >
    I would like to ask if there some configuration step I have missed upon which causes this error?
    Thanks in advance!

    Thanks for the reply! found out that I populated Connector Server with a value hence it was giving out this error. Thanks!
    Edited by: 940359 on Jul 2, 2012 9:08 PM

  • OIM 11gR2 user not provisioning to Active Directory (11.1.1.5 connector)

    Hello all,
    I'm trying to set up an OIM 11gR2 instance to work with Active Directory with the Active Directory 11.1.1.5.0 connector. I've full installed both OIM and AD on separate servers, and I've installed the AD 11.1.1.5 connector on OIM. I have configured Active Directory properly (connector on OIM and the connector server on the AD server-side), and have set up the two IT Resources on OIM. I can run, for example, the Active Directory Organization Lookup Recon job and have it return results in the Lookup window.
    My problem is that I cannot get it to provision to a user. I've created an Application Instance and Form for Active Directory, attached the Form, associated them with the appropriate resources (AD User), and added them to the Catalog, and then gone through the process of adding an account to the user, selecting the Application Instance, adding it to the cart, checking out, filling out the fields (Password, User ID, UPN, First Name, Last Name, Common Name, and Organization Name), and then submitting the request. This is all done as the xelsysadm admin user, but it still results with the account stuck on "Provisioning" because the "Create User" task failed due to a Connector Error (the reason stated is just a repeat of "Create Object" failed).
    Anyone know what I'm missing here?
    Thank you!
    Edited by: 939908 on Nov 12, 2012 6:36 AM

    Hey 833249, thanks for your reply
    The organization field attribute is filled in correctly, in that the OU I selected exists in AD.
    These are the errors listed in the connector server log:
    +11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception occured during the creation of directory entry.+
    +11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Message : Logon failure: unknown user name or bad password.+
    +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Stack Trace : at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)+
    at System.DirectoryServices.DirectoryEntry.Bind()
    at System.DirectoryServices.DirectoryEntry.get_NativeObject()
    at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1423
    +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Encountered Excetion: Unable to get the Directory Entry+
    +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Stack Trace: at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1456+
    at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.DirectoryEntryExists(String path) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1512
    at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 219
    ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: Unable to get the Directory Entry
    at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 368
    at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.CreateImpl.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 388
    at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
    at ___proxy1.Create(ObjectClass , ICollection`1 , OperationOptions )
    at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
    I'm not sure why the username/password error could be occurring, as those fields in the AD IT Resource are correct (I've run AD recon jobs that have connected properly). Is there something I'm missing?

  • Can we reconcile secondary group name from unix server

    Hi,
    Can we reconcile secondary group name from unix server using some own Customise code?

    Using JNDI this should not be very hard.
    Are you planning to store the secondary groups as a child table to a unix RO?
    Int hat case It might actually be easier and quicker to sidestep the recon system entirely and interact directly with the child form.
    Best regards
    /Martin

  • Externalise Users from Essbase on windows server to shared services on unix

    Hi All,
    We have Essbase 11.1.1.3 installled on Windows 2003 service pack1 and we have Shared services on SUN OS 5.10 with Hyperion version 11.1.1.1 and when we are trying to externalise the users from essbase to shared services we are facing an error saying that
    ''Error: 1051429: ESsbase product existence check fails aganist the shared services server with error(unable to connect to shared services make sure server is up and running try again"
    If you any ideas regarding this issue please let me know.
    Thanks,
    Ram.

    Hi Rob.
    What if you:
    start Computer Mangement.
    Open System Tools
    Right Click Shared Folders
    Select All Tasks -> Configure Shadow Copies
    Do you see/can configure both disk available there?
    Via cmd can you list the volumes that vss knows about using:
    vssadmin list volumes
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. Even if you are not the author of a thread you can always help others by voting as Helpful. This can
    be beneficial to other community members reading the thread.
    Oscar Virot

  • Unix Connector and Duplicate Accounts

    Hi,
    I have the unix connector working against a single Solaris server. By defalut the recon rule for non-trusted is to do nothing if the OIM account is not found.
    If I run the trusted unix job it will create OIM accounts for all the system accounts ( root, lp, uucp, sys, bin, ... ), that's okay, in fact, even desired...however, I also want to create OIM accounts for all the other system accounts on all the other Solaris servers...how do I configure the trusted connector to uniquely create OIM accounts (for example, root_$hostname or root_$ipaddress-of-target-solaris-server)?
    I realize this is not a standard action ... though OIM can easily gather all accounts/groups/privs from each target unix server for reporting purposes.
    Thoughts ... thanks for your time and idea.

    Hi,
    what exactly you mean by 'trusted unix job'? are you mean trusted recon?
    (in context i assume..)
    Trusted recon is getting user information from HR source like HR system.
    It is usually single system. So unix account is not a right source for OIM and you should not run trusted recon against unix server.
    hope it help you..
    dongsu
    Edited by: 992358 on 2013. 4. 25 오후 7:28

Maybe you are looking for

  • Auto login and password problems with Safari after OS 7.0.4 update?

    Hi all,    I updated my IPad 4 to OS 7.0.4 , now Safari won't auto login to my favorite forums and won't remember my user names or pass words. I checked in Safari settings and Names/passwords and auto fill are on. Have restarted a number of times but

  • Subtitles/captions under title and signs on some new iTunes movies

    Recently I purchased "Indiana Jones - The Complete Collection" and was amazed to see that on all four movies, when the movie title is displayed or any sign, foreign subtitles appear underneath and I could not find a way to get rid of them. Subtitles

  • Installation of OPA 10.4.3 and Siebel 8.2.2.2 webservice authentication issue

    We are working with OPA 10.4.3 and Siebel 8.2.2.2.  We have installed Siebel, and OPA.  We followed the procedures to put in all the integration parameters.  However, when we try and run the WD Smoke Test button, the popup shows a Error 500.  upon fu

  • New DHCP scope

    Hi spice family..We have a 2008 domain environment and just added a new 2008 DC toone of ourbuildings (bld3). All the pcs and printers are currently assigned IPs from a DHCP server from another building (bld2). DHCP server at bld2 is serving out IPs

  • Order Import Program Call Oe_Order_Pub.Process_Order to create Orders

    Hi All, I am new to OM. Can you please clarify me on the below point =============================== Does Order Import Program(concurrent Program ) Call Oe_Order_Pub.Process_Order to create Orders??? Thanks,