OIM-AD Trusted Reconciliation Failing

Similar Messages

• User not created in OIM 11gr2 - trusted reconciliation from OID

  Hello,
  in my tests I'm trying to do a trusted reconciliation from OID to OIM.
  I checked the errors below in the log file and I checked the column on the database. The column is there but I can't understand why this error appear.
  I did a select on this table and this column is empty (select RA_USERLOGIN7C7B96D4 from RA_OIDTRUSTEDUSERBCBD344A).
  INFO: Generic Information: select USR_KEY from usr where USR_MIDDLE_NAME is null and USR_UDF_ORCLGUID=? and USR_FIRST_NAME=? and USR_EMAIL=? and USR_LAST_NAME=? and USR_STATUS=? and USR.USR_STATUS != 'Deleted' AND ((UPPER(USR.USR_LOGIN)=UPPER(RA_OIDTRUSTEDUSERBCBD344A.RA_USERLOGIN7C7B96D4)))
  INFO: Generic Information: Params = [CF7C29EE75F5A78FE040A8C084000DE8, orcladmin, orcladmin, orcladmin, Enabled]
  SEVERE: Generic Information: {0}
  oracle.iam.reconciliation.exception.DBAccessException: Failed SQL:: select USR_KEY from usr where USR_MIDDLE_NAME is null and USR_UDF_ORCLGUID=? and USR_FIRST_NAME=? and USR_EMAIL=? and USR_LAST_NAME=? and USR_STATUS=? and USR.USR_STATUS != 'Deleted' AND ((UPPER(USR.USR_LOGIN)=UPPER(RA_OIDTRUSTEDUSERBCBD344A.RA_USERLOGIN7C7B96D4))) =>PARAMS:: [CF7C29EE75F5A78FE040A8C084000DE8, orcladmin, orcladmin, orcladmin, Enabled]
  at oracle.iam.reconciliation.utils.DBAccessTemplate.executeQuery(DBAccessTemplate.java:71)
  at oracle.iam.reconciliation.impl.BaseEntityTypeHandler.executeSql(BaseEntityTypeHandler.java:508)
  at oracle.iam.reconciliation.impl.UserHandler.getMatchingKeys(UserHandler.java:601)
  at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:556)
  at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:535)
  at sun.reflect.GeneratedMethodAccessor3188.invoke(Unknown Source)
  at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
  Caused by: java.sql.SQLSyntaxErrorException: ORA-00904: "RA_OIDTRUSTEDUSERBCBD344A"."RA_USERLOGIN7C7B96D4": invalid identifier
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
  at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
  at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
  at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
  After this error the log shows:
  SEVERE: oracle.iam.connectors.icfcommon.recon.SearchReconTask : handle : Recon event skipped
  oracle.iam.connectors.icfcommon.exceptions.OIMException: Thor.API.Exceptions.tcAPIException: Child tables only supported at account-level
  at oracle.iam.connectors.icfcommon.service.oim11.OIM11Reconciliation.processEvent(OIM11Reconciliation.java:101)
  Please help me on this and tell me if I am missing something here.
  Thanks

  I've found something that worked for me. When executing the trusted recon schedule task, the "Configuration Lookup" field in the "OID Server" IT Resource has to have the value "Lookup.OID.Configuration.Trusted". On the other hand, when executing the user sync recon schedule task, this field must have the value "Lookup.OID.Configuration.Trusted".
  The lookups' names can be different if you've manually renamed them.
  --jtellier                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• OID Trusted reconciliation failed

  Hi,
  I am trying to do trusted reconciliation from OID. Reconciliation task is failed and following are the error logs found:
  ERROR QuartzWorkerThread-1 XL_INTG.OID - ====================================================
  ERROR QuartzWorkerThread-1 XL_INTG.OID - Exception at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliationprocessBatch(): [B cannot be cast to java.lang.String
  ERROR QuartzWorkerThread-1 XL_INTG.OID - ====================================================
  I am trying to reconcile the OOTB fields (cn,sn,givenName,userPassword) and 2 user defined fields (text based).
  Can anyone let us know when this casting exception will be thrown?
  - Kalyan Mutya                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  Yep mappings are poor, I created an entity adapter for the EMP_TYPE & USR_TYPE, users are reconciling.
  There is still an issue with the reconciliation.
  I can provision all attributes on the OIM user account to their coresponding OID attributes, but when I reconcile I process all attributes, but the xellerate user only links the default ones
  LastName
  Organization
  First Name
  User ID
  Xellerate Type
  Email
  Role
  I have checked and rechecked the mappings, This is on 9.0.3.1672 using the 9.0.4.1 connector.
  Any ideas?

• Trusted Reconciliation-Oracle Database to OIM

  Hi,
  I created a GTC in OIM for Trusted reconciliation with Oracle database as source.
  I can able to create & update users in OIM according to the same operation on database.
  but when i delete a user in oracle database, the same user is marked as deleted in OIM (although the user is not physically deleted).
  How to know the user is marked as deleted? i mean which attribute of user is updated? how to reflect the same in OIM admin console?
  Regards

  Hello
  About the trusted conector for an Oracle DB that you mentioned before, you said that you could create and update OIM Users....
  Could you please tell me what steps did you do to make the reconciliation work, is just that i already created the connector the same way the manual of the connector said but when I ran the reconciliation it doesnt create any OIM User, but when i saw the log it doesnt have any error.
  I hope you can help me please!!!!! TNKS!!!!

• OIM - GTC database trusted reconciliation not importing passwords

  Hi,
  I am using the latest available database connector (9.1.0.5.0) with OIM 9.1.0.2 BP07 and i have an issue with password reconciliation.
  Let's say i have a table MY_USERS with users login data and i want to use it as a source for trusted reconciliation.
  I have followed the tutorial available in the DBAT documentation and i get the following results:
  -if i don't map the password field from the recon staging with the one of the OIM account, original password is ignored and OIM password is set to the username
  - if i map the password field from the recon staging with the one of the OIM account i get an exception and reconciliation fails. To succeed i have to proceed as described in this tutorial http://st-curriculum.oracle.com/obe/fmw/oim/10.1.4/oim/obe12_using_gtc_for_reconciliation/using_the_gtc.htm , modifying the password field in the Design Console from "User password" to "Identity". Actually, this makes the recon work, but what happens is that original password is written in the USR table in the USR_FSS field and not in the USR_PASSWORD field (which is set to the username as above), and therefore the change is useless.
  I would like to know what should i do to import the original password from database table.
  Thanks in advance
  Alex

  AFAIK, we can't reconcile user's password from Trusted Reconciliation. If in your case you have to bring only those passwords which resides in DB Table then you can write some custom utility/sch task which will read through DB Table and update user's password using OIM APIs.

• Lookup.USR_PROCESS_TRIGGERS not working with trusted reconciliation oim 11g

  Hi,
  I am facing one issue while running the trusted incremental reconciliation in OIM 11g.
  In the bulkEvent of the event handler I am checking if the operation is MODIFY then I am comparing some attributes and based of that result I am performing some action.
  Now the issue is that if the first name or last name of the users gets changed in OIM due to trusted reconciliation then the Change First Name or Change Last Name Process task should get execute on the resources provisioned to the user. This is not happening in my case.
  I tried modifying the first name of the user via UI and then the Change First Name Process task got executed.
  Please let me know if I need to do some thing extra to get this working.
  Thanks

  Hi,
  Try creating a custom adapter and attach the adapter to the process task which you have created. This adapter should read the user profile value and populate in the AD provisioning form. Then test the flow for one attribute. As I am suspecting that there would be an issue with OOTB adapter.
  Regards
  Sai

• OIM Trusted Reconciliation with OID

  Hi all,
  1. i am facing the problem with trusted reconciliation , i mapped AttrName.Recon.OID.Map with OOTB values , and in Reconciliation manager the Event is created with No Match Found,
  2. In provisioning i am using the Entity Adapter to generate the User ID is this causing the error ?.
  3. when i run Trusted Recon ii am getting the following error
  DEBUG,06 Apr 2011 16:49:48,655,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isDescription - Value: Cannot save: Bad SQL operation FATAL REJECT, raw value 2.
  DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isRemedy - Value:
  DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj:handleErr - Data: poError.isDetail - Value:
  DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcErrorList/addError entered.
  DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/doRollback entered.
  ERROR,06 Apr 2011 16:49:48,656,[XELLERATE.DATABASE],Class/Method: tcDataBase/rollbackTransaction encounter some problems: Rollback Executed From
  java.lang.Exception: Rollback Executed From
  at com.thortech.xl.dataaccess.tcDataBase.rollbackTransaction(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.rollback(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.doRollback(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
  at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
  at com.thortech.xl.dataobj.tcRCE.createUserRecord(Unknown Source)
  at com.thortech.xl.ejb.databeansimpl.tcRCEBean.createUserRecord(Unknown Source)
  at com.thortech.xl.ejb.beans.tcRCE_4tknfu_EOImpl.createUserRecord(tcRCE_4tknfu_EOImpl.java:615)
  at com.thortech.xl.ejb.beans.tcRCE_4tknfu_EOImpl_WLSkel.invoke(Unknown Source)
  at weblogic.rmi.internal.activation.ActivatableServerRef.invoke(ActivatableServerRef.java:85)
  at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
  at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
  at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  INFO,06 Apr 2011 16:49:48,656,[XELLERATE.DATABASE],Class/Method: tcDataBase/setTransaction: ##########setTransaction getting called from: #######
  DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/doRollback left.
  DEBUG,06 Apr 2011 16:49:48,656,[XELLERATE.SERVER],Class/Method: tcDataObj/save left.
  DEBUG,06 Apr 2011 16:49:48,657,[XELLERATE.SERVER],Class/Method: tcRCE/createUserRecord left.
  DEBUG,06 Apr 2011 16:49:48,825,[XELLERATE.SERVER],Class/Method: tcErrorList/getErrors entered.
  DEBUG,06 Apr 2011 16:49:48,825,[XELLERATE.SERVER],Class/Method: tcErrorList/getErrors left.
  DEBUG,06 Apr 2011 16:49:48,887,[XELLERATE.SERVER],Class/Method: tcErrorList/ getRejections entered.
  DEBUG,06 Apr 2011 16:49:48,887,[XELLERATE.SERVER],Class/Method: tcErrorList/ getRejections left.
  DEBUG,06 Apr 2011 16:49:48,997,[XELLERATE.SERVER],Class/Method: tcDataBase/readEncryptedStatement entered.
  DEBUG,06 Apr 2011 16:49:48,998,[XELLERATE.SERVER],Class/Method: tcDataBase/readPartialStatement entered.
  Thank you.

  Hi Khanh,
  [This is not good for my use case.  I don't want the users from OID to be created in OIM]
  Remember this Ldap Sync we use when we want all users in OID -OIM to be in Synch. Otherwise you should have disabled Ldap Sync and used OID 11g Connector.
  So if you want to link users in OIM using OID process form/resouce, then its must to use OID 11g Connector.
  ~J

• OIM 11g DBAT connector - trusted reconciliation for user roles

  Hi,
  We have a database table containing a bunch of user records, and a table with a foreign key that contains all the associations user-group. We would like to do trusted reconciliation from those two tables into OIM. I already did that for target reconciliation but now I am having a look at the DBAT connector docs, and I have found this:
  "Child Table/View Names
  If you want to use the connector for trusted source reconciliation, then do not enter a
  value. If you want to use the connector for target resource reconciliation and if user data is
  spread across parent and child tables, then enter a comma-separated list of child table
  names."
  Does this mean that role membership trusted reconciliation is not supported by the DBAT connector?
  thanks in advance

  DBAT connector does not support trusted source with child data.
  But that does not mean you cannot configure user table as trusted source.
  What is it that you want to do with child table ?

• OIM 11g setXellerate password fails with weird message on massive usage

  Hi,
  i have set up trusted reconciliation from a database table with OIM 11g (11.1.1.3). Now, the default password is the concatenation of two other fields and i have built an adapter that uses the setXelleratePassword method to set the OIM user password an attached it to the xellerate reconciliation insert event. Now, when running the reconciliation, the password is correctly set only for the first 10 users or so, after which i get this error for every following event.
  <Apr 6, 2011 12:07:27 PM CEST> <Error> <oracle.iam.identity.usermgmt.impl> <BEA-000000> <The password change operation failed.>
  <Apr 6, 2011 12:07:27 PM CEST> <Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcPasswordOperationsBean/setXelleratePassword encounter some problems: Error occurred while setting user password.>
  Thor.API.Exceptions.tcAPIException: The password change operation failed.
       at com.thortech.xl.ejb.beansimpl.tcPasswordOperationsBean.setXelleratePassword(tcPasswordOperationsBean.java:158)
       at Thor.API.Operations.tcPasswordOperationsIntfEJB.setXelleratePasswordx(Unknown Source)
       at sun.reflect.GeneratedMethodAccessor1074.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
  the error is quite generic, and does happen only when there is a "massive" reconciliation run. I thought about the open file limit and the connection pool max values, but in the logs there are no errors related
  What should i look at?
  Thanks in advance

  Hi
  Have you tried to change the reconciliation batch size to 1 or something?
  I had something similar with just one account getting updated by my post-process hanndler.
  Anyway how did you attach your adapter to the reconciliation insert event? I have been trying to do this but the list that comes back does include the adapter i have created when i tried to select and adapter to run.
  Please guide how you did on design console or gui.
  Thanks

• EBS Trusted reconciliation error if we keep user email id blank

  Hi,
  We are executing EBS trusted reconciliation. It works fine and create user in OIM prefectly. But if user's email is blank then in that case its throwing below validation exception. I wanted to ask this is default behaviour of OIM at time of trusted recon? How can we handle this issue with blank email at time of truste reconciliation? One more thing if we create user in OIM manually with blank email id then its not throwing such exception.
  Please let me know if you have any idea on this issue.
  Exception logs:
  [2013-07-22T08:56:09.246-05:00] [oim_server1] [ERROR] [] [oracle.iam.reconciliation.scheduledtasks] [tid: OIMQuartzScheduler_Worker-9] [userId: oiminternal] [ecid: 0000Jzalan_ALQK6yVAhMG1HtGzH000002,1:29622] [APP: oim#11.1.2.0.0] Generic Information: {0}[[
  Thor.API.Exceptions.tcAPIException: An exception occurred: oracle.iam.platform.kernel.ValidationFailedException: Orchestration validation failed on the event handler - CreateUserValidationHandler
  at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.processReconciliationEvent(ReconOperationsServiceImpl.java:993)
  at sun.reflect.GeneratedMethodAccessor10816.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:601)
  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy493.processReconciliationEvent(Unknown Source)
  at oracle.iam.reconciliation.api.ReconOperationsServiceEJB.processReconciliationEventx(Unknown Source)
  at sun.reflect.GeneratedMethodAccessor10842.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:601)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
  at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
  at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy494.processReconciliationEventx(Unknown Source)
  at oracle.iam.reconciliation.api.ReconOperationsService_emc07d_ReconOperationsServiceRemoteImpl.__WL_invoke(Unknown Source)
  at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
  at oracle.iam.reconciliation.api.ReconOperationsService_emc07d_ReconOperationsServiceRemoteImpl.processReconciliationEventx(Unknown Source)
  at sun.reflect.GeneratedMethodAccessor10841.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:601)
  at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
  at $Proxy151.processReconciliationEventx(Unknown Source)
  at sun.reflect.GeneratedMethodAccessor10840.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:601)
  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
  at $Proxy273.processReconciliationEventx(Unknown Source)
  at oracle.iam.reconciliation.api.ReconOperationsServiceDelegate.processReconciliationEvent(Unknown Source)
  at sun.reflect.GeneratedMethodAccessor10816.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:601)
  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy274.processReconciliationEvent(Unknown Source)
  at oracle.iam.reconciliation.scheduledtasks.ReconRetrySchedulerTask.process(ReconRetrySchedulerTask.java:46)
  at oracle.iam.reconciliation.scheduledtasks.ReconRetrySchedulerTask.execute(ReconRetrySchedulerTask.java:36)
  at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:135)
  at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
  at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
  at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
  at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
  at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
  at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:116)
  at sun.reflect.GeneratedMethodAccessor5561.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:601)
  at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:266)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.security.Security.runAs(Security.java:41)
  at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
  at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:75)
  at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
  Caused by: oracle.iam.reconciliation.exception.CreateException: oracle.iam.platform.kernel.ValidationFailedException: Orchestration validation failed on the event handler - CreateUserValidationHandler
  at oracle.iam.reconciliation.impl.EntityTypeHandler.create(EntityTypeHandler.java:102)
  at oracle.iam.reconciliation.impl.EntityTypeHandler.applyRule(EntityTypeHandler.java:80)
  at oracle.iam.reconciliation.impl.EntityTypeHandler.process(EntityTypeHandler.java:53)
  at oracle.iam.reconciliation.impl.ActionEngine.processEvent(ActionEngine.java:175)
  at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.processReconciliationEvent(ReconOperationsServiceImpl.java:990)
  ... 76 more
  Caused by: oracle.iam.platform.kernel.ValidationFailedException: Orchestration validation failed on the event handler - CreateUserValidationHandler
  at oracle.iam.platform.kernel.impl.OrchProcessData.runValidationEvents(OrchProcessData.java:248)
  at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.validate(OrchestrationEngineImpl.java:704)
  at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:552)
  at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:490)
  at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:408)
  at sun.reflect.GeneratedMethodAccessor2132.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:601)
  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy251.orchestrate(Unknown Source)
  at oracle.iam.reconciliation.impl.UserHandler.orchestrate(UserHandler.java:218)
  at oracle.iam.reconciliation.impl.UserHandler.executeSingleEvent(UserHandler.java:180)
  at oracle.iam.reconciliation.impl.EntityTypeHandler.create(EntityTypeHandler.java:98)
  ... 80 more
  Caused by: oracle.iam.platform.kernel.EventFailedException: IAM-3050096:An error occurred while generating the Username. Invalid values passed for attribute Email.:Email
  at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createEventFailedException(UserManagerUtils.java:278)
  at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createEventFailedException(UserManagerUtils.java:260)
  at oracle.iam.identity.usermgmt.impl.handlers.base.UserValidationHandler.generateUserLoginIfNotPresent(UserValidationHandler.java:1859)
  at oracle.iam.identity.usermgmt.impl.handlers.base.UserValidationHandler.performCreateUserCommonValidations(UserValidationHandler.java:1257)
  at oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserValidationHandler.validate(CreateUserValidationHandler.java:193)
  at oracle.iam.platform.kernel.impl.OrchProcessData.validate(OrchProcessData.java:258)
  at oracle.iam.platform.kernel.impl.OrchProcessData.runValidationEvents(OrchProcessData.java:203)
  ... 97 more
  Caused by: oracle.iam.identity.exception.UserNameGenerationException: IAM-3050096 : An error occurred while generating the Username. Invalid values passed for attribute Email.:Email
  at oracle.iam.identity.usermgmt.utils.UserNameGenerationUtil.checkEmailFormat(UserNameGenerationUtil.java:529)
  at oracle.iam.identity.usermgmt.utils.UserNameGenerationUtil.validateInputData(UserNameGenerationUtil.java:372)
  at oracle.iam.identity.usermgmt.utils.UserNameGenerationUtil.generateUserNameFromPolicy(UserNameGenerationUtil.java:126)
  at oracle.iam.identity.usermgmt.utils.UserNameGenerationUtil.generateUserNameFromDefaultPolicy(UserNameGenerationUtil.java:110)
  at oracle.iam.identity.usermgmt.impl.handlers.base.UserValidationHandler.generateUserLoginIfNotPresent(UserValidationHandler.java:1827)
  ... 101 more
  Thanks

  Check for two things:
  - Open your resource object, go to reconciliation tabe. Check attribute email. make sure required flag for this attribute is set to false. If its true, set it to false and click on Create reconciliation profile button. And retry your use case.
  - Check if you have created any validationevent handler or your OOTB connector might have created it for validation purposes which is looking for some valid value in email. You may need to modify this validation  handler.
  regards,
  GP

• Trusted Reconciliation Status mapping does not work - 11g Release2

  Hi all,
  On my process for trusted reconciliation I have mapped my status attribute to Oim 'Status' attribute. It is as follow:
  UserStatus -> Status
  On my custom scheduled task I transform the status data get form HR (my trusted system) with the values 'Active', 'Disabled','Deleted' and create a reconciliation event.
  Even the value I set for the status is 'Active' , afte reconciliation the status is not updated and it is 'Disabled'., what may be the problem? any help is strongly appreciated
  Part of my reconciliation event creation code is as follow :
       params.put(AttributeConstants.TCMB.ROLE, "Consultant");
       params.put(AttributeConstants.TCMB.ORGANIZATION_NAME, "Xellerate Users");
       params.put(AttributeConstants.TCMB.XELLERATE_TYPE, "End-User");
       params.put(AttributeConstants.TCMB.DISPLAY_NAME, resourceData.getName()+" "+resourceData.getSoyadi());
       params.put(AttributeConstants.TCMB.IDENTITY_STATUS, UserManagerConstants.AttributeValues.USER_STATUS_ACTIVE.getId());
       System.out.println("Active param : "+UserManagerConstants.AttributeValues.USER_STATUS_ACTIVE.getId());
       System.out.println("Disabled param : "+UserManagerConstants.AttributeValues.USER_STATUS_DISABLED.getId());
       System.out.println("Deleted param : "+UserManagerConstants.AttributeValues.USER_STATUS_DELETED.getId());
       long result = recObject.createReconciliationEvent("TCMB_PBS_TRUSTED", params, true);
  Thnaks in advance,
  BR
  Aliye

  I would say don't supply status info for recon. OIM will update automatically based on start date and end date.
  If you have special scenario then sure we have to map it and try params.put(AttributeConstants.TCMB.IDENTITY_STATUS,"Active") for same.
  Better ignore passing status attribute. Lets OIM decide.
  --nayan                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• Handling Multi-Valued attribute in trusted reconciliation

  Hi,
  We have a requirement where an attribute is multi-valued in LDAP(Sun One Directory Server) which is a trusted source for OIM. We wanted to use oracle Out-of-the-Box connector for Sun Java System Directory Server. We wanted to bring in this multi-valued attribute into OIM, concatenate everything and populate it to a OIM User form attribute. Hence though the value is multi-valued in trusted source, we process it and populate as a single valued attribute in OIM. Since we run trusted reconciliation we are unable to bring this multivalued attribute for the user into OIM.
  Can anybody suggest any other workaround available to achieve this functionality without touching connector source code?
  Any help would be greatly appreciated.
  Regards
  Deepa

  I would highly suggest writing your own custom code.
  You'll need to create a UDF that is large enough to handle your concatenated value. A resource object marked as trusted object. A provisioning process defintion to map the value to the field.
  Then write a custom scheduled task that will connect to the LDAP directory, perform your search using the modifytimestamp attribute to get all the values. Concatenate them together in your code and create the reconciliation event.
  It will turn out to be smoother than dealing with an entity adapter that runs everytime an event occurs which might not be related to this item.
  -Kevin

• OIM's Trusted Source

  I have OIM11g and OID11g, and setup OID as the ldap during configuring OIM. OIM pulls the new or changes of the identities via the LDAP Reconciliation jobs from OID.
  There is also the LDAP provision to OID from OIM running auto out of the box.
  Can we say the OID is the OIM's trusted source?

  Rajiv Dewan wrote:
  There is also the LDAP provision to OID from OIM running auto out of the boxGo to Adminitration Console > Search User > Select User > Click that user > Go to Resources Tab
  What do you see here ?
  If you see LDAP/OID resource there then it means that resource is configured as Target Resource.
  Also, which task do you run to bring changes fromOID/LDAP to OIM. Is it trusted reconciliation o target reconciliation task ?
  Guide also tells about configuring OID/LDAP as trusted resurce. Do you see those configuration in your system ?selected a user's Resources Tab, it shows the provisioned the resource of the target Application.
  And as I stated in the beginning "OIM pulls the new or changes of the identities via the LDAP Reconciliation jobs from OID.".
  The Reconciliation Jobs are out of the box jobs.
  So can we say the OID is OIM's trusted source?

• Changing Timestamp value of incremental trusted reconciliation

  Hi,
  I need to run the incremental trusted reconciliation from an earlier date. This means I need to rerun the trusted recon on some of the data on which the recon might have already ran.
  Could you please let me know how to acheive this. The problem which I am facing is that if I run the incremental trusted recon then it starts from the date when it was last ran, but I want it to start from an earlier data to which it was ran earlier.
  Thanks

  all the available trusted recon implement this feature. download any ootb connector (ex: EBSER -eBusiness employee reconciliation creconnector) and look at the code by De-compling jar.
  basically you have to use OIM API where you have to supply Scheduler Key and currentTimestamp at end of the task

• Getting Error The trust relationship between the primary domain and the trusted domain failed in SharePoint 2010

  Hi,
  SharePoint 2010 Backup has been taken from production and restored through Semantic Tool in one of the server.The wepapplication of which the backup was taken is working fine.
  But the problem is that the SharePoint is not working correctly.We cannot create any new webapplication ,cannot navigate to the ServiceApplications.aspx page it shows error.Even the Search and UserProfile Services of the existing Web Application is not working.Checking
  the SharePoint Logs I found out the below exception
  11/30/2011 12:14:53.78  WebAnalyticsService.exe (0x06D4)         0x2D24 SharePoint Foundation          Database                     
   8u1d High     Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15' 
  11/30/2011 12:14:53.78  WebAnalyticsService.exe (0x06D4)         0x2D24 SharePoint Foundation          Topology                     
   2myf Medium   Enabling the configuration filesystem and memory caches. 
  11/30/2011 12:14:53.79  WebAnalyticsService.exe (0x06D4)         0x12AC SharePoint Foundation          Database                     
   8u1d High     Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15' 
  11/30/2011 12:14:53.79  WebAnalyticsService.exe (0x06D4)         0x12AC SharePoint Foundation          Topology                     
   2myf Medium   Enabling the configuration filesystem and memory caches. 
  11/30/2011 12:14:55.54  mssearch.exe (0x0864)                    0x2B24 SharePoint Server Search       Propagation Manager          
   fo2s Medium   [3b3-c-0 An] aborting all propagation tasks and propagation-owned transactions after waiting 300 seconds (0 indexes)  [indexpropagator.cxx:1607]  d:\office\source\search\native\ytrip\tripoli\propagation\indexpropagator.cxx 
  11/30/2011 12:14:55.99  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
   75dz High     The SPPersistedObject with
  Name User Profile Service Application, Id 9577a6aa-33ec-498e-b198-56651b53bf27, Parent 13e1ef7d-40c2-4bcb-906c-a080866ca9bd failed to initialize with the following error: System.SystemException: The trust relationship between the primary domain and the trusted
  domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids, Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection
  sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()    
  at Microsoft.SharePoint.Administration.SPAcl`1.Add(String princip... 
  11/30/2011 12:14:55.99* OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
   75dz High     ...alName, String displayName, Byte[] securityIdentifier, T grantRightsMask, T denyRightsMask)     at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)    
  at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider
  persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state) 
  11/30/2011 12:14:56.00  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
   8xqx High     Exception in RefreshCache. Exception message :The trust relationship between the primary domain and the trusted domain failed.   
  11/30/2011 12:14:56.00  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Timer                        
   2n2p Monitorable The following error occured while trying to initialize the timer: System.SystemException: The trust relationship between the primary domain and the trusted domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection
  sourceSids, Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type
  targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()     at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, Byte[] securityIdentifier, T grantRightsMask,
  T denyRightsMask)     at Microsoft.SharePoint.Administrati... 
  11/30/2011 12:14:56.00* OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Timer                        
   2n2p Monitorable ...on.SPAcl`1..ctor(String persistedAcl)     at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()    
  at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid
  id, Guid parentId, Guid type, String name, SPObjectStatus status, Byte[] versionBuffer, String xml)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(SqlDataReader dr)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.RefreshCache(Int64
  currentVe...
  Please guide me on the above issue ,this will be of great help
  Thanks.

  I have same error. Verified for trust , ports , cleaned up cache.. nothing has helped. 
  The problem is caused by User profile Synch Service:
  UserProfileProperty_WCFLogging :: ProfilePropertyService.GetProfileProperties Exception: System.SystemException:
  The trust relationship between the primary domain and the trusted domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids,
  Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type
  targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()     at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, SPIdentifierType identifierType, Byte[]
  identifier, T grantRightsMask, T denyRigh...        
  08/23/2014 13:00:20.96*        w3wp.exe (0x2204)                      
          0x293C        SharePoint Portal Server              User Profiles                
          eh0u        Unexpected        ...tsMask)     at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)    
  at Microsoft.Office.Server.Administration.UserProfileApplication.get_SerializedAdministratorAcl()     at Microsoft.Office.Server.Administration.UserProfileApplication.GetProperties()     at Microsoft.Office.Server.UserProfiles.ProfilePropertyService.GetProfileProperties()
  Please let me know if you any solution found for this?
  Regards,
  Kunal