OIM 9.1.0.2 provisioning privilege configuration?

Similar Messages

• OIM 9.1.0.2 provisioning privileges for user?

  Hi there,
  I can provision users to my DB. Great.
  However, if the user then logs on to the DB, they are rejected because they do not have connect privileges.
  How can I set up my provisioning so that the user is not only created in the DB, but also granted basic privileges that allow them access DB features?
  All the best, 2Hugh

  I am using the Standard Connector.
  The question is how do I use it?
  The tasks described below were performed in the Design Console as xelsysadm.
  I have opened the process Database Access Oracle User and ticked the auto-prepopulate and Autosave form.
  I've set up a pre-populate rule that calls this process and refers to the resource object called Database Access Oracle User RO. It only fires if the user created is in group Oracle.
  I've opened Form Designer and created a new version of UD_DB_ORA_U (Database Access Provisioning form for Oracle User). Within the pre-populate tab of this form, I've added pre-populate entries for username, password and IT resource.
  In the child tables tab under the UD_DB_ORA_U form, the roles and privileges tables are present.
  However, I can not see how I can configure these so that they get pre-populated with the other user pre-populate entries (IT resource, username and password).
  Any help with my impasse much appreciated.
  Thanks,
  2Hugh
  Edited by: 2hughg on 16-Feb-2011 07:31

• Extend Provisioning (from OIM to OID) for already provisioned resources

  We use OIM 9.1.0 to provision users to several target systems, for example OID. Not all information stored for a user in OIM is also provisioned to OID (for example department or location or phone is only stored in OIM). The provisionig task automatically is created via access policys.
  This works fine.
  Now we want to provision some more data (including department and location) to OID. So I changed the oid connector configuration to also provision these fields. This works fine for new users (which are not already provisioned to oid).
  But we also need these additional fields in OID for users which have already been provisioned in the past. How can this requirement be implemented? Is there a way to resubmit these provisiong tasks oder to automatically update the process form.

  Create a schedule task which will read the data from OIM User Profile and update the process form using tcFormInstanceOperationsIntf OIM APIs.
  Also create their Label Name updated task in OID Workflow (Process Defintion)

• Any provision to configure Custom Duty or Excise Duty in Advanced Pricing

  Hi,
  Any provision to configure the 'Custom Duty' or 'Excise Duty' in Advanced Pricing ?
  Thanks!

  hi,
  For this either you can cancel your Invoice doc...
  Or
  CAn Post the GR asit is and then make a credit memo for req. amount....
  hope it helps...
  Regards
  Priyanka.P

• OIM 11.1.1.5 provisioning role based objectclasses and attributes

  TL;DR You can't provision some attributes in our LDAP directory without the objectclass and I can't figure out the best way to inject the dynamic objectclasses into the create user process without the user being created already.
  Some background:
  I have configured our oim 11.1.1.5 instance and LDAP connector to provision ODSEE.  At another's recommendation, I put all possible LDAP attributes in a single form regardless of which objectclass was needed for them.  In ODSEE, sets of attributes are allowed through objectclasses for each 'Role'.  ie. Student, Employee, Guest, etc objectclasses.  I have all of the roles identified in OIM and can map them to an objectclass in LDAP
  My question is, how can I provision role based objectclasses along with the common ones that are configured in the lookup so that when the associated attributes are provisioned, I don't get objectclass violations? 
  Can I append objectclasses to the list stored in the Configuration lookup in ldapUserObjectClass?
  Should I create a child form containing the objectclasses and try to provision them?
  Can/should I create a child form for each set of attributes by role?  Common attribs in the LDAP_USR form and role based attribs in UD_LDAP_STU, UD_LDAP_EMP, UD_LDAP_GST, etc.  Would prepop and the rest of the main form functions work the same?
  Anything else I'm not thinking of? I am still a novice with some of these topics and may be way off base.
  Any help will be greatly appreciated and thank you in advance

  It is definitely doable if you use a custom LDAP connection implementation and just add objectclass update calls as needed as precursor tasks for the Update tasks.
  Here is a small LDAP demo tool that you can adapt to do the update: http://iamreflections.blogspot.com/2010/08/manage-ad-with-jndi-demo-tool.html
  There may be a smarter and more out of the box way to do it but this will work.
  Martin

• OIM 9.1 AD Account Provisioning

  Has anyone ran into the scenario where you go to provision an AD account and the process fails because the account already exist on the target which results in the resource status remaining as "provisioning". I expected that status to change to "provisioned" once a recon was ran which would link the account to the OIM user but it didn't. The recon linked the account but from the user's resource profile you can see that it didn't.

  first of all when the account with the same id is found on Ad, it may necessarily not be that of the user unless you have ascertained that. If you want the adapter to return a success what you should have done is mapping the user_already exists retrun code to C for completed instead of an R for rejected, which is why the resource is going into a provisioning status.
  BTW does your create user task or whatever task last gets executed before the provisioning is deemed as complete have the task to object status mapping set to C=Provisioned?
  What you will need to do is, revoke the AD resource from the user's resource profile list and then run the recon, the account should now be linked to the user if the owner matching rules match up to the identity in oim.

• OIM 11g r2 Exchange connector provisioning is not working

  Hi,
  I have created one user in oim and i have provisioned this user into AD successfully.
  after that i have tried provision same user into Exchange but the user provisioning status is shows "*waiting*" and provision date also shows wrong.
  Please any body help me on this issue..
  Thanks,
  Venu

  Exchange goes to waiting status when AD is not listed in user's resource profile as Provisioned. Check whether AD is properly provisioned. It is better to always create a new process task before 'Create User' in Exchange resource object which checks whether AD is already provisioned for the user. Then this problem can be avoided.
  Also when there are multiple AD resource object instances in user's resource profile and even one of that instance is in Provisioning status, Exchange goes to waiting status
  Edited by: Durgaprasad on Mar 5, 2013 6:43 AM

• OIM 11gR2 - AD Organizational Unit provisioning

  hi,
  i can provision OIM organization to AD Organizational Unit. Its work fine with "Provision Resource to Organization" forms but i can't find any simple way (without six steps form) to add AD organizational unit to OIM organization.
  Have you any suggestion or hint?
  a.

  Hi IDM Newbie,
  Please find the link of Developer Guide:-
  http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/toc.htm
  And following link is for Application Instances:-
  http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/resmgt.htm#CBBFAIEC

• Does OIM Connector for AS400 support provisioning of "Information Systems"?

  A customer is asking to configure OIM’s connector for AS/400 with the set of attributes natively supported (a.k.a. documented) by our connector, plus another one, named, in Italian, “Sistemi Informativi” (“Information Systems”).
  As far as I can understand from the Customer, and by reading some documents downloaded from the Internet, an “Information System” is a set of AS/400 libraries that the End-User Administrator can enable for the user.
  The possibility to configure one or more “Information Systems” seems to be enabled by the installation of a (quite popular, according to my Customer) AS/400 module named “Modulo Base” (“Base Module” in English”).
  Does anyone have any experience about this feature?
  Regards,
  Angelo Carugati

  It is a separate connector.
  Talk to your Oracle sales person to get more information about the licensing.

• OIM 9.1 Xellerate User Provision form

  Hi,
  I want to add a process task to Xellerate user form and form that is cretaed while configuring Generic connector. But it seems that those are disabled. Does it mean that no modification can be done on thses forms?
  Thanks

  hi kiran,
  I tried to find it out......but didnt get the answer. I will be obliged if you help me regarding this.
  Thanks in advance

• OIM 11.1.2 AD Provisioning problem

  I added custom fields for AD resource. Reconciliation and create(create a new user into the target system with the custom attributes) operations works successful.
  I try to update custom attributes and not update into the target system.
  Thanks.

  The custom attributes is created in AD Form not in USR definition.
  I already added the attribute in the provisioning lookup.
  I tried your procedure and it did not work
  In the Resource History not displays the Task of the extended attribute.
  The logs no displays any errors.
  Thanks.

• _SYS_BIC Privileges Configuration

  Hi Guys,
  I am trying to READ data from _SYS_BIC schema. But unfortunately, I have this kind of message when I check my authorizations ...
  How could I configure my authorizations to READ data ?
  Thank you in advance.
  Best regards.

  Hi Wenjun,
  thank you. It is a bit strange because I have exactly followed step by step a training video of Riu Nogueira and I did the same things explained ...
  Don't know, why I have these kind of message and how to solve it:
  Rachid.

• How to Configure OIM 9.1 for Request-Based Provisioning

  Hi experts,
  I am new to OIM and need to know how to configure request based provisioning. Here is the scenario.
  My environment has two target systems (Sun LDAP and Novell EDirectory) configured for provisioning to OIM 9.1
  A user should be able to login, request either or both (SUN LDAP and EDir) for self or others.
  Now the request should go to an admin for approval.
  Once approved, the requested accounts should be created on the target systems.
  Please guide me on the procedure to be followed.
  Many thanks in advance

  You will have to download the standard out of box connector for these target systems & will have to import it through the Deployment manager into OIM. Then you will have to create the Process definition of approval type & attach it to the same resource object. Please read the belo link before implementing any thing. This will provide you a better idea.
  http://download.oracle.com/docs/cd/E10391_01/doc.910/e10363.pdf

• Error for provisioning in connector PeopleSoft UM (OIM 11g)

  Hi !
  I have a connector PeopleSoft UM configured in OIM 11, when run the provision user, a error is displayed and the user is not provisioned to PeopleSoft.
  [2012-11-30T18:25:16.757-02:00] [oim_server1] [NOTIFICATION] [IAM-3050013] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 217563633db15e76:-602f016:13b47d9d430:-8000-0000000000005499,0] [APP: oim#11.1.1.3.0] Searching for users with the specified criteria.
  [2012-11-30T18:25:19.607-02:00] [oim_server1] [ERROR] [] [ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 217563633db15e76:-602f016:13b47d9d430:-8000-0000000000005499,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user[[
  oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=org.identityconnectors.peoplesoftintfc bundleVersion=1.0.5963 connectorName=org.identityconnectors.peoplesoft.compintfc.PeopleSoftCompIntfcConnector ) not found
  at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:150)
  at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:134)
  at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:143)
  at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.createObject(ICProvisioningManager.java:257)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  Someone can help me ?
  TKS

  Check your Bundle jar.
  It should be there in ConnectorServer (bundle directory), OIMHOME_JARS table.
  Also check the Configuration Lookup for Bunde Version/Name etc.

• Provisioning a user in MSAD from OIM

  Hi all,
  I am trying to provision a user from OIM to MSAD through direct provisioning. After performing the steps for provisioning, i get the status of create user as rejected and the task is asssigned to xelsysadm for approval though it is direct povisioning.
  Please help me to know why the user is not gettin provisioned in MSAD

  hi Rajiv,
  thanks...
  i have run the AD Organisation lookup Recon and have given the following parameters
  Lookup Search Filter:     (|(objectclass=OrganizationalUnit)(objectclass=container))
  Search Base:     DC=<domain_name2>,DC=<domain_name1>,DC=com
  Recon Type:     Update
  IT Resource Name:     ADITResource
  AttrName For Decode Value In Lookup:     distinguishedName
  AttrName For Code Value In Lookup:     distinguishedName
  Lookup Code Name:     Lookup.ADReconciliation.Organization
  Configuration Lookup:     Lookup.AD.Configuration
  But still theres no value for Organisation Lookup in process form for provisioning the user. what could be the cause for the same?
  Also i was testing if the connector is installed properly by using the testing utility. i used the following command to run it : . runADtest.sh 2
  But i got the following error.
  Exception in thread "Main Thread" java.lang.NoClassDefFoundError: com/thortech/xl/integration/ActiveDirectory/test/ADTestClient
  Caused by: java.lang.ClassNotFoundException: com.thortech.xl.integration.ActiveDirectory.test.ADTestClient
  at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
  at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
  at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
  Could not find the main class: com.thortech.xl.integration.ActiveDirectory.test.ADTestClient. Program will exit.
  Please help me for this also.
  Edited by: 827805 on Feb 9, 2011 4:11 AM