OIM-AD Trusted Reconciliation Failing
Hi All,
OIM Version :- 11GR2
AD Connector Version :- MSFT_AD_Base_91141
I am getting the following Error while running the Trusted User Reconciliation Schedule task.
Even I tried Creating the reconciliation profile. This is working in my local environment.
Reconciliation Rule :-
User Login = User ID or ObjectGUID = ObjectGUID
<09-Dec-2013 13:54:12 o'clock GMT> <Error> <OIMCP.ADCS> <BEA-000000> <====================================================>
<09-Dec-2013 13:54:12 o'clock GMT> <Error> <OIMCP.ADCS> <BEA-000000> <com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask : processUserChange : oracle.iam.reconciliation.exception.ReconciliationException: Invalid Profile - SWAD AD User Trusted>
<09-Dec-2013 13:54:12 o'clock GMT> <Error> <OIMCP.ADCS> <BEA-000000> <====================================================
>
<09-Dec-2013 13:54:12 o'clock GMT> <Error> <OIMCP.ADCS> <BEA-000000> <================= Start Stack Trace =======================>
<09-Dec-2013 13:54:12 o'clock GMT> <Error> <OIMCP.ADCS> <BEA-000000> <com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask : processUserChange>
<09-Dec-2013 13:54:12 o'clock GMT> <Error> <OIMCP.ADCS> <BEA-000000> <oracle.iam.reconciliation.exception.ReconciliationException: Invalid Profile - SWAD AD User Trusted>
<09-Dec-2013 13:54:12 o'clock GMT> <Error> <OIMCP.ADCS> <BEA-000000> <Description : oracle.iam.reconciliation.exception.ReconciliationException: Invalid Profile - SWAD AD User Trusted>
<09-Dec-2013 13:54:12 o'clock GMT> <Error> <OIMCP.ADCS> <BEA-000000> <Thor.API.Exceptions.tcAPIException: oracle.iam.reconciliation.exception.ReconciliationException: Invalid Profile - SWAD AD User Trusted
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:537)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:509)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy473.ignoreEvent(Unknown Source)
at Thor.API.Operations.tcReconciliationOperationsIntfEJB.ignoreEventx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy472.ignoreEventx(Unknown Source)
at Thor.API.Operations.tcReconciliationOperationsIntfEJB_troehf_tcReconciliationOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at Thor.API.Operations.tcReconciliationOperationsIntfEJB_troehf_tcReconciliationOperationsIntfRemoteImpl.ignoreEventx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at com.sun.proxy.$Proxy206.ignoreEventx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at com.sun.proxy.$Proxy470.ignoreEventx(Unknown Source)
at Thor.API.Operations.tcReconciliationOperationsIntfDelegate.ignoreEvent(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy471.ignoreEvent(Unknown Source)
at com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask.processUserChange(Unknown Source)
at com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask.processBatch(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.searchResultPageEnum(Unknown Source)
at com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask.performReconciliation(Unknown Source)
at com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask.execute(Unknown Source)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:383)
at oracle.iam.scheduler.vo.TaskSupport.invokeExecute(TaskSupport.java:183)
at oracle.iam.scheduler.vo.TaskSupport.access$000(TaskSupport.java:40)
at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:143)
at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:125)
at sun.reflect.GeneratedMethodAccessor1118.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:268)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:77)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: oracle.iam.reconciliation.exception.ReconciliationException: Invalid Profile - SWAD AD User Trusted
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.getProfile(ReconOperationsServiceImpl.java:1450)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:518)
... 88 more
Caused by: oracle.iam.reconciliation.exception.ConfigNotFoundException: Invalid Profile - SWAD AD User Trusted
at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl$ProfileMarshaller.unMarshal(CoreProfileManagerImpl.java:582)
at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl$ProfileMarshaller.unMarshal(CoreProfileManagerImpl.java:565)
at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl$ProfileMarshaller.access$100(CoreProfileManagerImpl.java:515)
at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl.readProfileFromXML(CoreProfileManagerImpl.java:472)
at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl.getProfileFromMDS(CoreProfileManagerImpl.java:452)
at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl.getProfile(CoreProfileManagerImpl.java:442)
at oracle.iam.reconciliation.impl.config.ProfileManagerImpl.getProfile(ProfileManagerImpl.java:163)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy474.getProfile(Unknown Source)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.getProfile(ReconOperationsServiceImpl.java:1448)
... 89 more
Caused by: javax.xml.bind.UnmarshalException
- with linked exception:
[org.xml.sax.SAXParseException: cvc-minLength-valid: Value '' with length = '0' is not facet-valid with respect to minLength '1' for type 'matchingRuleType'.]
at javax.xml.bind.helpers.AbstractUnmarshallerImpl.createUnmarshalException(AbstractUnmarshallerImpl.java:315)
at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.createUnmarshalException(UnmarshallerImpl.java:522)
at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:334)
at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:305)
at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(AbstractUnmarshallerImpl.java:107)
at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl$ProfileMarshaller.unMarshal(CoreProfileManagerImpl.java:573)
... 107 more
Caused by: org.xml.sax.SAXParseException: cvc-minLength-valid: Value '' with length = '0' is not facet-valid with respect to minLength '1' for type 'matchingRuleType'.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.elementLocallyValidType(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.processElementContent(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.handleEndElement(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.endElement(Unknown Source)
at org.apache.xerces.jaxp.validation.ValidatorHandlerImpl.endElement(Unknown Source)
at com.sun.xml.bind.v2.runtime.unmarshaller.ValidatingUnmarshaller.endElement(ValidatingUnmarshaller.java:106)
at com.sun.xml.bind.v2.runtime.unmarshaller.InterningXmlVisitor.endElement(InterningXmlVisitor.java:81)
at com.sun.xml.bind.v2.runtime.unmarshaller.SAXConnector.endElement(SAXConnector.java:158)
at com.sun.xml.bind.unmarshaller.DOMScanner.visit(DOMScanner.java:255)
at com.sun.xml.bind.unmarshaller.DOMScanner.visit(DOMScanner.java:281)
at com.sun.xml.bind.unmarshaller.DOMScanner.visit(DOMScanner.java:250)
at com.sun.xml.bind.unmarshaller.DOMScanner.visit(DOMScanner.java:281)
at com.sun.xml.bind.unmarshaller.DOMScanner.visit(DOMScanner.java:250)
at com.sun.xml.bind.unmarshaller.DOMScanner.scan(DOMScanner.java:127)
at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:322)
... 110 more
>
<09-Dec-2013 13:54:12 o'clock GMT> <Error> <OIMCP.ADCS> <BEA-000000> <================= End Stack Trace =======================>
Thank you
Srivatsa Kashyap
Solution:
Perform any one of the following:
1. The exact problem can be diagnosed and fixed by checking the schema validation message.
2. Validate the reconciliation profile XML by using the Diagnostic Dashboard.
3. Validate the reconciliation profile by importing the profile and the XSD into an XML schema-aware editor and validate against that schema in that editor, which can point to the exact cause of the failure
Similar Messages
-
User not created in OIM 11gr2 - trusted reconciliation from OID
Hello,
in my tests I'm trying to do a trusted reconciliation from OID to OIM.
I checked the errors below in the log file and I checked the column on the database. The column is there but I can't understand why this error appear.
I did a select on this table and this column is empty (select RA_USERLOGIN7C7B96D4 from RA_OIDTRUSTEDUSERBCBD344A).
INFO: Generic Information: select USR_KEY from usr where USR_MIDDLE_NAME is null and USR_UDF_ORCLGUID=? and USR_FIRST_NAME=? and USR_EMAIL=? and USR_LAST_NAME=? and USR_STATUS=? and USR.USR_STATUS != 'Deleted' AND ((UPPER(USR.USR_LOGIN)=UPPER(RA_OIDTRUSTEDUSERBCBD344A.RA_USERLOGIN7C7B96D4)))
INFO: Generic Information: Params = [CF7C29EE75F5A78FE040A8C084000DE8, orcladmin, orcladmin, orcladmin, Enabled]
SEVERE: Generic Information: {0}
oracle.iam.reconciliation.exception.DBAccessException: Failed SQL:: select USR_KEY from usr where USR_MIDDLE_NAME is null and USR_UDF_ORCLGUID=? and USR_FIRST_NAME=? and USR_EMAIL=? and USR_LAST_NAME=? and USR_STATUS=? and USR.USR_STATUS != 'Deleted' AND ((UPPER(USR.USR_LOGIN)=UPPER(RA_OIDTRUSTEDUSERBCBD344A.RA_USERLOGIN7C7B96D4))) =>PARAMS:: [CF7C29EE75F5A78FE040A8C084000DE8, orcladmin, orcladmin, orcladmin, Enabled]
at oracle.iam.reconciliation.utils.DBAccessTemplate.executeQuery(DBAccessTemplate.java:71)
at oracle.iam.reconciliation.impl.BaseEntityTypeHandler.executeSql(BaseEntityTypeHandler.java:508)
at oracle.iam.reconciliation.impl.UserHandler.getMatchingKeys(UserHandler.java:601)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:556)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:535)
at sun.reflect.GeneratedMethodAccessor3188.invoke(Unknown Source)
at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: java.sql.SQLSyntaxErrorException: ORA-00904: "RA_OIDTRUSTEDUSERBCBD344A"."RA_USERLOGIN7C7B96D4": invalid identifier
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
After this error the log shows:
SEVERE: oracle.iam.connectors.icfcommon.recon.SearchReconTask : handle : Recon event skipped
oracle.iam.connectors.icfcommon.exceptions.OIMException: Thor.API.Exceptions.tcAPIException: Child tables only supported at account-level
at oracle.iam.connectors.icfcommon.service.oim11.OIM11Reconciliation.processEvent(OIM11Reconciliation.java:101)
Please help me on this and tell me if I am missing something here.
ThanksI've found something that worked for me. When executing the trusted recon schedule task, the "Configuration Lookup" field in the "OID Server" IT Resource has to have the value "Lookup.OID.Configuration.Trusted". On the other hand, when executing the user sync recon schedule task, this field must have the value "Lookup.OID.Configuration.Trusted".
The lookups' names can be different if you've manually renamed them.
--jtellier -
OID Trusted reconciliation failed
Hi,
I am trying to do trusted reconciliation from OID. Reconciliation task is failed and following are the error logs found:
ERROR QuartzWorkerThread-1 XL_INTG.OID - ====================================================
ERROR QuartzWorkerThread-1 XL_INTG.OID - Exception at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliationprocessBatch(): [B cannot be cast to java.lang.String
ERROR QuartzWorkerThread-1 XL_INTG.OID - ====================================================
I am trying to reconcile the OOTB fields (cn,sn,givenName,userPassword) and 2 user defined fields (text based).
Can anyone let us know when this casting exception will be thrown?
- Kalyan MutyaYep mappings are poor, I created an entity adapter for the EMP_TYPE & USR_TYPE, users are reconciling.
There is still an issue with the reconciliation.
I can provision all attributes on the OIM user account to their coresponding OID attributes, but when I reconcile I process all attributes, but the xellerate user only links the default ones
LastName
Organization
First Name
User ID
Xellerate Type
Email
Role
I have checked and rechecked the mappings, This is on 9.0.3.1672 using the 9.0.4.1 connector.
Any ideas? -
Trusted Reconciliation-Oracle Database to OIM
Hi,
I created a GTC in OIM for Trusted reconciliation with Oracle database as source.
I can able to create & update users in OIM according to the same operation on database.
but when i delete a user in oracle database, the same user is marked as deleted in OIM (although the user is not physically deleted).
How to know the user is marked as deleted? i mean which attribute of user is updated? how to reflect the same in OIM admin console?
RegardsHello
About the trusted conector for an Oracle DB that you mentioned before, you said that you could create and update OIM Users....
Could you please tell me what steps did you do to make the reconciliation work, is just that i already created the connector the same way the manual of the connector said but when I ran the reconciliation it doesnt create any OIM User, but when i saw the log it doesnt have any error.
I hope you can help me please!!!!! TNKS!!!! -
OIM - GTC database trusted reconciliation not importing passwords
Hi,
I am using the latest available database connector (9.1.0.5.0) with OIM 9.1.0.2 BP07 and i have an issue with password reconciliation.
Let's say i have a table MY_USERS with users login data and i want to use it as a source for trusted reconciliation.
I have followed the tutorial available in the DBAT documentation and i get the following results:
-if i don't map the password field from the recon staging with the one of the OIM account, original password is ignored and OIM password is set to the username
- if i map the password field from the recon staging with the one of the OIM account i get an exception and reconciliation fails. To succeed i have to proceed as described in this tutorial http://st-curriculum.oracle.com/obe/fmw/oim/10.1.4/oim/obe12_using_gtc_for_reconciliation/using_the_gtc.htm , modifying the password field in the Design Console from "User password" to "Identity". Actually, this makes the recon work, but what happens is that original password is written in the USR table in the USR_FSS field and not in the USR_PASSWORD field (which is set to the username as above), and therefore the change is useless.
I would like to know what should i do to import the original password from database table.
Thanks in advance
AlexAFAIK, we can't reconcile user's password from Trusted Reconciliation. If in your case you have to bring only those passwords which resides in DB Table then you can write some custom utility/sch task which will read through DB Table and update user's password using OIM APIs.
-
Lookup.USR_PROCESS_TRIGGERS not working with trusted reconciliation oim 11g
Hi,
I am facing one issue while running the trusted incremental reconciliation in OIM 11g.
In the bulkEvent of the event handler I am checking if the operation is MODIFY then I am comparing some attributes and based of that result I am performing some action.
Now the issue is that if the first name or last name of the users gets changed in OIM due to trusted reconciliation then the Change First Name or Change Last Name Process task should get execute on the resources provisioned to the user. This is not happening in my case.
I tried modifying the first name of the user via UI and then the Change First Name Process task got executed.
Please let me know if I need to do some thing extra to get this working.
ThanksHi,
Try creating a custom adapter and attach the adapter to the process task which you have created. This adapter should read the user profile value and populate in the AD provisioning form. Then test the flow for one attribute. As I am suspecting that there would be an issue with OOTB adapter.
Regards
Sai -
OIM Trusted Reconciliation with OID
Hi all,
1. i am facing the problem with trusted reconciliation , i mapped AttrName.Recon.OID.Map with OOTB values , and in Reconciliation manager the Event is created with No Match Found,
2. In provisioning i am using the Entity Adapter to generate the User ID is this causing the error ?.
3. when i run Trusted Recon ii am getting the following error
DEBUG,06 Apr 2011 16:49:48,655,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isDescription - Value: Cannot save: Bad SQL operation FATAL REJECT, raw value 2.
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isRemedy - Value:
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isDetail - Value:
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcErrorList/addError entered.
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/doRollback entered.
ERROR,06 Apr 2011 16:49:48,656,[XELLERATE.DATABASE],Class/Method: tcDataBase/rollbackTransaction encounter some problems: Rollback Executed From
java.lang.Exception: Rollback Executed From
at com.thortech.xl.dataaccess.tcDataBase.rollbackTransaction(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.rollback(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.doRollback(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.createUserRecord(Unknown Source)
at com.thortech.xl.ejb.databeansimpl.tcRCEBean.createUserRecord(Unknown Source)
at com.thortech.xl.ejb.beans.tcRCE_4tknfu_EOImpl.createUserRecord(tcRCE_4tknfu_EOImpl.java:615)
at com.thortech.xl.ejb.beans.tcRCE_4tknfu_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.activation.ActivatableServerRef.invoke(ActivatableServerRef.java:85)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
INFO,06 Apr 2011 16:49:48,656,[XELLERATE.DATABASE],Class/Method: tcDataBase/setTransaction: ##########setTransaction getting called from: #######
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/doRollback left.
DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/save left.
DEBUG,06 Apr 2011 16:49:48,657,[XELLERATE.SERVER],Class/Method: tcRCE/createUserRecord left.
DEBUG,06 Apr 2011 16:49:48,825,[XELLERATE.SERVER],Class/Method: tcErrorList/getErrors entered.
DEBUG,06 Apr 2011 16:49:48,825,[XELLERATE.SERVER],Class/Method: tcErrorList/getErrors left.
DEBUG,06 Apr 2011 16:49:48,887,[XELLERATE.SERVER],Class/Method: tcErrorList/ getRejections entered.
DEBUG,06 Apr 2011 16:49:48,887,[XELLERATE.SERVER],Class/Method: tcErrorList/ getRejections left.
DEBUG,06 Apr 2011 16:49:48,997,[XELLERATE.SERVER],Class/Method: tcDataBase/readEncryptedStatement entered.
DEBUG,06 Apr 2011 16:49:48,998,[XELLERATE.SERVER],Class/Method: tcDataBase/readPartialStatement entered.
Thank you.Hi Khanh,
[This is not good for my use case. I don't want the users from OID to be created in OIM]
Remember this Ldap Sync we use when we want all users in OID -OIM to be in Synch. Otherwise you should have disabled Ldap Sync and used OID 11g Connector.
So if you want to link users in OIM using OID process form/resouce, then its must to use OID 11g Connector.
~J -
OIM 11g DBAT connector - trusted reconciliation for user roles
Hi,
We have a database table containing a bunch of user records, and a table with a foreign key that contains all the associations user-group. We would like to do trusted reconciliation from those two tables into OIM. I already did that for target reconciliation but now I am having a look at the DBAT connector docs, and I have found this:
"Child Table/View Names
If you want to use the connector for trusted source reconciliation, then do not enter a
value. If you want to use the connector for target resource reconciliation and if user data is
spread across parent and child tables, then enter a comma-separated list of child table
names."
Does this mean that role membership trusted reconciliation is not supported by the DBAT connector?
thanks in advanceDBAT connector does not support trusted source with child data.
But that does not mean you cannot configure user table as trusted source.
What is it that you want to do with child table ? -
OIM 11g setXellerate password fails with weird message on massive usage
Hi,
i have set up trusted reconciliation from a database table with OIM 11g (11.1.1.3). Now, the default password is the concatenation of two other fields and i have built an adapter that uses the setXelleratePassword method to set the OIM user password an attached it to the xellerate reconciliation insert event. Now, when running the reconciliation, the password is correctly set only for the first 10 users or so, after which i get this error for every following event.
<Apr 6, 2011 12:07:27 PM CEST> <Error> <oracle.iam.identity.usermgmt.impl> <BEA-000000> <The password change operation failed.>
<Apr 6, 2011 12:07:27 PM CEST> <Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcPasswordOperationsBean/setXelleratePassword encounter some problems: Error occurred while setting user password.>
Thor.API.Exceptions.tcAPIException: The password change operation failed.
at com.thortech.xl.ejb.beansimpl.tcPasswordOperationsBean.setXelleratePassword(tcPasswordOperationsBean.java:158)
at Thor.API.Operations.tcPasswordOperationsIntfEJB.setXelleratePasswordx(Unknown Source)
at sun.reflect.GeneratedMethodAccessor1074.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
the error is quite generic, and does happen only when there is a "massive" reconciliation run. I thought about the open file limit and the connection pool max values, but in the logs there are no errors related
What should i look at?
Thanks in advanceHi
Have you tried to change the reconciliation batch size to 1 or something?
I had something similar with just one account getting updated by my post-process hanndler.
Anyway how did you attach your adapter to the reconciliation insert event? I have been trying to do this but the list that comes back does include the adapter i have created when i tried to select and adapter to run.
Please guide how you did on design console or gui.
Thanks -
EBS Trusted reconciliation error if we keep user email id blank
Hi,
We are executing EBS trusted reconciliation. It works fine and create user in OIM prefectly. But if user's email is blank then in that case its throwing below validation exception. I wanted to ask this is default behaviour of OIM at time of trusted recon? How can we handle this issue with blank email at time of truste reconciliation? One more thing if we create user in OIM manually with blank email id then its not throwing such exception.
Please let me know if you have any idea on this issue.
Exception logs:
[2013-07-22T08:56:09.246-05:00] [oim_server1] [ERROR] [] [oracle.iam.reconciliation.scheduledtasks] [tid: OIMQuartzScheduler_Worker-9] [userId: oiminternal] [ecid: 0000Jzalan_ALQK6yVAhMG1HtGzH000002,1:29622] [APP: oim#11.1.2.0.0] Generic Information: {0}[[
Thor.API.Exceptions.tcAPIException: An exception occurred: oracle.iam.platform.kernel.ValidationFailedException: Orchestration validation failed on the event handler - CreateUserValidationHandler
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.processReconciliationEvent(ReconOperationsServiceImpl.java:993)
at sun.reflect.GeneratedMethodAccessor10816.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy493.processReconciliationEvent(Unknown Source)
at oracle.iam.reconciliation.api.ReconOperationsServiceEJB.processReconciliationEventx(Unknown Source)
at sun.reflect.GeneratedMethodAccessor10842.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy494.processReconciliationEventx(Unknown Source)
at oracle.iam.reconciliation.api.ReconOperationsService_emc07d_ReconOperationsServiceRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.iam.reconciliation.api.ReconOperationsService_emc07d_ReconOperationsServiceRemoteImpl.processReconciliationEventx(Unknown Source)
at sun.reflect.GeneratedMethodAccessor10841.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy151.processReconciliationEventx(Unknown Source)
at sun.reflect.GeneratedMethodAccessor10840.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy273.processReconciliationEventx(Unknown Source)
at oracle.iam.reconciliation.api.ReconOperationsServiceDelegate.processReconciliationEvent(Unknown Source)
at sun.reflect.GeneratedMethodAccessor10816.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy274.processReconciliationEvent(Unknown Source)
at oracle.iam.reconciliation.scheduledtasks.ReconRetrySchedulerTask.process(ReconRetrySchedulerTask.java:46)
at oracle.iam.reconciliation.scheduledtasks.ReconRetrySchedulerTask.execute(ReconRetrySchedulerTask.java:36)
at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:135)
at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:116)
at sun.reflect.GeneratedMethodAccessor5561.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:266)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:75)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: oracle.iam.reconciliation.exception.CreateException: oracle.iam.platform.kernel.ValidationFailedException: Orchestration validation failed on the event handler - CreateUserValidationHandler
at oracle.iam.reconciliation.impl.EntityTypeHandler.create(EntityTypeHandler.java:102)
at oracle.iam.reconciliation.impl.EntityTypeHandler.applyRule(EntityTypeHandler.java:80)
at oracle.iam.reconciliation.impl.EntityTypeHandler.process(EntityTypeHandler.java:53)
at oracle.iam.reconciliation.impl.ActionEngine.processEvent(ActionEngine.java:175)
at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.processReconciliationEvent(ReconOperationsServiceImpl.java:990)
... 76 more
Caused by: oracle.iam.platform.kernel.ValidationFailedException: Orchestration validation failed on the event handler - CreateUserValidationHandler
at oracle.iam.platform.kernel.impl.OrchProcessData.runValidationEvents(OrchProcessData.java:248)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.validate(OrchestrationEngineImpl.java:704)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:552)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:490)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:408)
at sun.reflect.GeneratedMethodAccessor2132.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy251.orchestrate(Unknown Source)
at oracle.iam.reconciliation.impl.UserHandler.orchestrate(UserHandler.java:218)
at oracle.iam.reconciliation.impl.UserHandler.executeSingleEvent(UserHandler.java:180)
at oracle.iam.reconciliation.impl.EntityTypeHandler.create(EntityTypeHandler.java:98)
... 80 more
Caused by: oracle.iam.platform.kernel.EventFailedException: IAM-3050096:An error occurred while generating the Username. Invalid values passed for attribute Email.:Email
at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createEventFailedException(UserManagerUtils.java:278)
at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createEventFailedException(UserManagerUtils.java:260)
at oracle.iam.identity.usermgmt.impl.handlers.base.UserValidationHandler.generateUserLoginIfNotPresent(UserValidationHandler.java:1859)
at oracle.iam.identity.usermgmt.impl.handlers.base.UserValidationHandler.performCreateUserCommonValidations(UserValidationHandler.java:1257)
at oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserValidationHandler.validate(CreateUserValidationHandler.java:193)
at oracle.iam.platform.kernel.impl.OrchProcessData.validate(OrchProcessData.java:258)
at oracle.iam.platform.kernel.impl.OrchProcessData.runValidationEvents(OrchProcessData.java:203)
... 97 more
Caused by: oracle.iam.identity.exception.UserNameGenerationException: IAM-3050096 : An error occurred while generating the Username. Invalid values passed for attribute Email.:Email
at oracle.iam.identity.usermgmt.utils.UserNameGenerationUtil.checkEmailFormat(UserNameGenerationUtil.java:529)
at oracle.iam.identity.usermgmt.utils.UserNameGenerationUtil.validateInputData(UserNameGenerationUtil.java:372)
at oracle.iam.identity.usermgmt.utils.UserNameGenerationUtil.generateUserNameFromPolicy(UserNameGenerationUtil.java:126)
at oracle.iam.identity.usermgmt.utils.UserNameGenerationUtil.generateUserNameFromDefaultPolicy(UserNameGenerationUtil.java:110)
at oracle.iam.identity.usermgmt.impl.handlers.base.UserValidationHandler.generateUserLoginIfNotPresent(UserValidationHandler.java:1827)
... 101 more
ThanksCheck for two things:
- Open your resource object, go to reconciliation tabe. Check attribute email. make sure required flag for this attribute is set to false. If its true, set it to false and click on Create reconciliation profile button. And retry your use case.
- Check if you have created any validationevent handler or your OOTB connector might have created it for validation purposes which is looking for some valid value in email. You may need to modify this validation handler.
regards,
GP -
Trusted Reconciliation Status mapping does not work - 11g Release2
Hi all,
On my process for trusted reconciliation I have mapped my status attribute to Oim 'Status' attribute. It is as follow:
UserStatus -> Status
On my custom scheduled task I transform the status data get form HR (my trusted system) with the values 'Active', 'Disabled','Deleted' and create a reconciliation event.
Even the value I set for the status is 'Active' , afte reconciliation the status is not updated and it is 'Disabled'., what may be the problem? any help is strongly appreciated
Part of my reconciliation event creation code is as follow :
params.put(AttributeConstants.TCMB.ROLE, "Consultant");
params.put(AttributeConstants.TCMB.ORGANIZATION_NAME, "Xellerate Users");
params.put(AttributeConstants.TCMB.XELLERATE_TYPE, "End-User");
params.put(AttributeConstants.TCMB.DISPLAY_NAME, resourceData.getName()+" "+resourceData.getSoyadi());
params.put(AttributeConstants.TCMB.IDENTITY_STATUS, UserManagerConstants.AttributeValues.USER_STATUS_ACTIVE.getId());
System.out.println("Active param : "+UserManagerConstants.AttributeValues.USER_STATUS_ACTIVE.getId());
System.out.println("Disabled param : "+UserManagerConstants.AttributeValues.USER_STATUS_DISABLED.getId());
System.out.println("Deleted param : "+UserManagerConstants.AttributeValues.USER_STATUS_DELETED.getId());
long result = recObject.createReconciliationEvent("TCMB_PBS_TRUSTED", params, true);
Thnaks in advance,
BR
AliyeI would say don't supply status info for recon. OIM will update automatically based on start date and end date.
If you have special scenario then sure we have to map it and try params.put(AttributeConstants.TCMB.IDENTITY_STATUS,"Active") for same.
Better ignore passing status attribute. Lets OIM decide.
--nayan -
Handling Multi-Valued attribute in trusted reconciliation
Hi,
We have a requirement where an attribute is multi-valued in LDAP(Sun One Directory Server) which is a trusted source for OIM. We wanted to use oracle Out-of-the-Box connector for Sun Java System Directory Server. We wanted to bring in this multi-valued attribute into OIM, concatenate everything and populate it to a OIM User form attribute. Hence though the value is multi-valued in trusted source, we process it and populate as a single valued attribute in OIM. Since we run trusted reconciliation we are unable to bring this multivalued attribute for the user into OIM.
Can anybody suggest any other workaround available to achieve this functionality without touching connector source code?
Any help would be greatly appreciated.
Regards
DeepaI would highly suggest writing your own custom code.
You'll need to create a UDF that is large enough to handle your concatenated value. A resource object marked as trusted object. A provisioning process defintion to map the value to the field.
Then write a custom scheduled task that will connect to the LDAP directory, perform your search using the modifytimestamp attribute to get all the values. Concatenate them together in your code and create the reconciliation event.
It will turn out to be smoother than dealing with an entity adapter that runs everytime an event occurs which might not be related to this item.
-Kevin -
I have OIM11g and OID11g, and setup OID as the ldap during configuring OIM. OIM pulls the new or changes of the identities via the LDAP Reconciliation jobs from OID.
There is also the LDAP provision to OID from OIM running auto out of the box.
Can we say the OID is the OIM's trusted source?Rajiv Dewan wrote:
There is also the LDAP provision to OID from OIM running auto out of the boxGo to Adminitration Console > Search User > Select User > Click that user > Go to Resources Tab
What do you see here ?
If you see LDAP/OID resource there then it means that resource is configured as Target Resource.
Also, which task do you run to bring changes fromOID/LDAP to OIM. Is it trusted reconciliation o target reconciliation task ?
Guide also tells about configuring OID/LDAP as trusted resurce. Do you see those configuration in your system ?selected a user's Resources Tab, it shows the provisioned the resource of the target Application.
And as I stated in the beginning "OIM pulls the new or changes of the identities via the LDAP Reconciliation jobs from OID.".
The Reconciliation Jobs are out of the box jobs.
So can we say the OID is OIM's trusted source? -
Changing Timestamp value of incremental trusted reconciliation
Hi,
I need to run the incremental trusted reconciliation from an earlier date. This means I need to rerun the trusted recon on some of the data on which the recon might have already ran.
Could you please let me know how to acheive this. The problem which I am facing is that if I run the incremental trusted recon then it starts from the date when it was last ran, but I want it to start from an earlier data to which it was ran earlier.
Thanksall the available trusted recon implement this feature. download any ootb connector (ex: EBSER -eBusiness employee reconciliation creconnector) and look at the code by De-compling jar.
basically you have to use OIM API where you have to supply Scheduler Key and currentTimestamp at end of the task -
Hi,
SharePoint 2010 Backup has been taken from production and restored through Semantic Tool in one of the server.The wepapplication of which the backup was taken is working fine.
But the problem is that the SharePoint is not working correctly.We cannot create any new webapplication ,cannot navigate to the ServiceApplications.aspx page it shows error.Even the Search and UserProfile Services of the existing Web Application is not working.Checking
the SharePoint Logs I found out the below exception
11/30/2011 12:14:53.78 WebAnalyticsService.exe (0x06D4) 0x2D24 SharePoint Foundation Database
8u1d High Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15'
11/30/2011 12:14:53.78 WebAnalyticsService.exe (0x06D4) 0x2D24 SharePoint Foundation Topology
2myf Medium Enabling the configuration filesystem and memory caches.
11/30/2011 12:14:53.79 WebAnalyticsService.exe (0x06D4) 0x12AC SharePoint Foundation Database
8u1d High Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15'
11/30/2011 12:14:53.79 WebAnalyticsService.exe (0x06D4) 0x12AC SharePoint Foundation Topology
2myf Medium Enabling the configuration filesystem and memory caches.
11/30/2011 12:14:55.54 mssearch.exe (0x0864) 0x2B24 SharePoint Server Search Propagation Manager
fo2s Medium [3b3-c-0 An] aborting all propagation tasks and propagation-owned transactions after waiting 300 seconds (0 indexes) [indexpropagator.cxx:1607] d:\office\source\search\native\ytrip\tripoli\propagation\indexpropagator.cxx
11/30/2011 12:14:55.99 OWSTIMER.EXE (0x1DF4) 0x1994 SharePoint Foundation Topology
75dz High The SPPersistedObject with
Name User Profile Service Application, Id 9577a6aa-33ec-498e-b198-56651b53bf27, Parent 13e1ef7d-40c2-4bcb-906c-a080866ca9bd failed to initialize with the following error: System.SystemException: The trust relationship between the primary domain and the trusted
domain failed. at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids, Boolean& someFailed) at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection
sourceSids, Type targetType, Boolean forceSuccess) at System.Security.Principal.SecurityIdentifier.Translate(Type targetType) at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()
at Microsoft.SharePoint.Administration.SPAcl`1.Add(String princip...
11/30/2011 12:14:55.99* OWSTIMER.EXE (0x1DF4) 0x1994 SharePoint Foundation Topology
75dz High ...alName, String displayName, Byte[] securityIdentifier, T grantRightsMask, T denyRightsMask) at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)
at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization() at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization() at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider
persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state)
11/30/2011 12:14:56.00 OWSTIMER.EXE (0x1DF4) 0x1994 SharePoint Foundation Topology
8xqx High Exception in RefreshCache. Exception message :The trust relationship between the primary domain and the trusted domain failed.
11/30/2011 12:14:56.00 OWSTIMER.EXE (0x1DF4) 0x1994 SharePoint Foundation Timer
2n2p Monitorable The following error occured while trying to initialize the timer: System.SystemException: The trust relationship between the primary domain and the trusted domain failed. at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection
sourceSids, Boolean& someFailed) at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess) at System.Security.Principal.SecurityIdentifier.Translate(Type
targetType) at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName() at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, Byte[] securityIdentifier, T grantRightsMask,
T denyRightsMask) at Microsoft.SharePoint.Administrati...
11/30/2011 12:14:56.00* OWSTIMER.EXE (0x1DF4) 0x1994 SharePoint Foundation Timer
2n2p Monitorable ...on.SPAcl`1..ctor(String persistedAcl) at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization() at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()
at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state) at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid
id, Guid parentId, Guid type, String name, SPObjectStatus status, Byte[] versionBuffer, String xml) at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(SqlDataReader dr) at Microsoft.SharePoint.Administration.SPConfigurationDatabase.RefreshCache(Int64
currentVe...
Please guide me on the above issue ,this will be of great help
Thanks.I have same error. Verified for trust , ports , cleaned up cache.. nothing has helped.
The problem is caused by User profile Synch Service:
UserProfileProperty_WCFLogging :: ProfilePropertyService.GetProfileProperties Exception: System.SystemException:
The trust relationship between the primary domain and the trusted domain failed. at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids,
Boolean& someFailed) at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess) at System.Security.Principal.SecurityIdentifier.Translate(Type
targetType) at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName() at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, SPIdentifierType identifierType, Byte[]
identifier, T grantRightsMask, T denyRigh...
08/23/2014 13:00:20.96* w3wp.exe (0x2204)
0x293C SharePoint Portal Server User Profiles
eh0u Unexpected ...tsMask) at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)
at Microsoft.Office.Server.Administration.UserProfileApplication.get_SerializedAdministratorAcl() at Microsoft.Office.Server.Administration.UserProfileApplication.GetProperties() at Microsoft.Office.Server.UserProfiles.ProfilePropertyService.GetProfileProperties()
Please let me know if you any solution found for this?
Regards,
Kunal
Maybe you are looking for
-
I can't view the pictures I've downloaded from my ipad to my PC. The only options I have is Tunes, TV, Movies or Apps. How do I view pictures on my PC.
-
After syncing my iphone to my Windows XP Outlook all of my calendar info went to my PC and is no longer on my iphone. How can I get the calendar info from my PC back to my iphone
-
Difference in S_ALR_87012153 and FS10N
Hi , There is a difference in value appearing in the reports FS10N and S_ALR_87012153 for only one particular month . All other months it appears fine . I would like to which docuemnt(s) have created this difference . Can you please let me know how
-
hi, can anyone help me to get the data for a file in dms with a specific doknr? i need to get the binary data to send them per mail. I searched in function group cv120 (i tried cv120_read_file2table but it doesn't work for me) but wasn't able find a
-
I have a .mac account and would like to assist my sister in doing a web page. I agree to create the page on my .mac account but she would like to be able to maintain the site through her PC. She has acquired a domain name and it is my understanding t