OIM and OID High Availability Info

Similar Messages

• OIM User Creation Error After OIM and OID Intregation

  Hi,
  I am new in oim and i am getting popup error message for user creation from OIM application after oim and oid intregation through libovd.
  Error message : LDAP create event failed : orclguid attribute has duplicate value.
  please guide me for resolving error.
  Thanks & Regards,
  Rajeev

  Hi,
  Thanks for reply...i checked1307549.1 in metalink, In that link they are telling us to modify some tables in the data base.i have some question regarding the following steps please help.
  === ODM Solution / Action Plan ===
  1. Use the following query to find fields with "plain text" values:
  select svr.svr_name, spd.spd_field_name, svp.svp_key, svp_field_value
  from svp
  inner join spd on spd.spd_key = svp.spd_key
  inner join svr on svr.svr_key = svp.svr_key
  2. Set these plain text values to null after making backup of table.
  *(kashyap:: Which fields values we have to change)*
  3. Edit the Directory Server to re-set values.
  *(kashyap:: could you please explain this)*
  Expected error at this stage:
  -- no "System Error call admin...", but that makes sense since the values in question pertained directly to the Directory Server --

• Integration and reconciliation of OIM and OID

  I need to do integration with OID and OIM, when i import the XML file, there are two XML files,
  1) oimOIDuser
  2) oimUser
  which xml should be used for the integration of OIM and OID.
  and for the trusted source Reconciliation.
  -sudhan elango.

  oimOIDUser.xml
  If you are using OIM 9.1.0 or later then you don't have to import the connector
  You can install it by copying the contents of the installation in OIM_HOME/xellerate/ConnectorDefaultDirectory
  and then Deployment Manager-> Install connector and from the connector list select OID connector and Load
  Hope it helps,
  Saggu

• WLC HA, difference between GLOBAL- and AP- High Availability

  hello everyone,
  I have a question regarding HA and LAP...
  we have two 5508 (sw ver 6.0.199.4), on each specific AP we have an entry for which is his primary and secondary controller
  so far so good, when one controller fails, the AP is connecting to the second controller and goes on doing his business...
  so what I am not sure about is what I should configure globally regarding HA
  first question: do I have to configure anything at all?
  second question: what should I configure best? we are using our WLCs only to control APs that are connected to our (WLAN-dedicated) LAN, we are not controlling any APs at a remote-location.
  finally, let me quote the configuration-guide:
  "Follow these steps to configure primary, secondary, and tertiary controllers for a specific access point and to configure primary and secondary backup controllers for all access points."
  and the question for this:
  what is the difference between a controller and a backup-controller?
  from my point of view: if I configure a primary and a secondary controller, the secondary controller is the backup-controller for the primary controller...
  while I am writing this, I would like to apologize for what I am asking here, because at this time I am totally confused about this and to write those questions down, did not help to calm down...
  thank you very much in advance!
  regards,
  Manuel

  hi Leo,
    I tested this out, but i guess its not working as i thought it would work. I configured the backup primary controller IP and name in the global configuration of the Wireless tab of the WLC and left the AP high availability blank with no settings. I joined the AP to the WLC and show capwap client ha output on the AP shows the backup primary controller name. but if i shut down the primary controller, the AP does not join the back, it just tries to get WLC ip by renewing DHCP forever and stuck in that...   below are the outputs.. any idea why its like this ? I thot if there is no HA configured at the AP level, the global config on the controller level should take effect ?
  LWAP3-1042#sh cap cli ha
  fastHeartbeatTmr(sec)   7 (enabled)
  primaryDiscoverTmr(sec) 30
  primaryBackupWlcIp      0xA0A700A
  primaryBackupWlcName    WLC2-4402-50
  secondaryBackupWlcIp    0x0
  secondaryBackupWlcName  
  DHCP renew try count    0
  Fwd traffic stats get   0
  Fast Heartbeat sent     0
  Discovery attempt      0
  Backup WLC array:
  LWAP3-1042#
  *Apr 30 20:36:21.324: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
  Not in Bound state.
  *Apr 30 20:36:31.829: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 10.10.114.49, mask 255.255.255.0, hostname LWAP3-1042
  *Apr 30 20:37:17.832: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
  Not in Bound state.
  *Apr 30 20:37:28.337: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 10.10.114.50, mask 255.255.255.0, hostname LWAP3-1042
  *Apr 30 20:38:14.338: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
  Not in Bound state.
  *Apr 30 20:38:24.842: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 10.10.114.51, mask 255.255.255.0, hostname LWAP3-1042
  regards
  Joe

• OIM and OID Domains in Weblogic

  I have a quick question:
  Can I install and make OID 11g and OIM 9.1.0.2 use the same domain (IDMDomain for example) in Weblogic 10.3.1?
  I want to see if we can use the same Weblogic domain for both OID and OIM and use the same port and domain management in Weblogic console.
  Will appreciate quick response.
  Regards!

  No

• Integrate a EBS, OIM ,and OID with orclGUID

  Hi expert,
  I already connect OID and EBS with OIM.
  My scenario is when I provisions user from OIM to OID, OID will generate orclGUID and I want this parameter to get back to OIM.
  Next, I want to provisions user to EBS and insert orclGUID to SSO GUID field to EBS provisioning form.
  My question is "How I get orclGUID from OID to EBS via OIM ?" .
  Noraset,

  Hi Bikash,
  I don't know the way to create task.
  Can you briefly explain to me or provide some document ?
  Thank,
  Noraset
  PS. I found something in EBS IT resource (SSO Enabled, SSO IT Resource, SSO Identifier, SSO Login Attribute) <<< Can it solve my problem ?
  Edited by: Noraset on May 3, 2013 3:51 PM

• Date difference in OIM and OID

  Hi All
  I am using OIM 11.1.1.5.4 having ldap sync with OID
  users are getting ldap sync properly, but the issue is when i check the date fields lyk start date, end date, hiredate there is a one day diff in OID
  for example
  i have date fields values in oim lyk
  start date 28 February 2013
  end date 28 February 2023
  hire date 28 February 2013
  and i have values in oid as
  orclActiveStartDate 20130227230000z
  orclActiveEndDate 20230227230000z
  orclHireDate 20130227230000z
  i am observing that in oid date fields are storing as oim date field -1
  why it happens lyk that i am facing issues because of this
  please help me out from this
  Thanks & Regards
  $sid
  Edited by: $sid on Mar 5, 2013 10:56 AM

  Bug opened by you? Bug id: 16438468
  -Bikash

• OIM and OID

  Hi ,
  I have a doubt over OID and OIM. I know both are different products but its related to user provisioning , reconcilation etc ...
  Is it necessary to use both the products. Since I can create the user in OID , provisoned , delete , revoke grants in OID itself, Then what the use of OIM ? Any advantage of this ?
  I am new to both the technologies.
  Regards
  Sourabh Gupta

  Can you achieve following things in OID:
  - Whenever a user joins a company. His data goes in HR data. In OIM we implement trusted source reconciliation, which run at several intervals to load data from HR feed and then automatically provision those users to a certain roles, applications as per requirement.
  - We can generate all kinds of reports on a particular user
  - We can implement custom schedulers which run on certain intervals
  - We have eventhandlers which can run on certain event like preinsetr, postinsert of users in OIM. Same way event handlers can be implmented for pre-update, post update, pre-delete, post delete etc.
  - We can customize forms for provisioning
  - Request and approvals workflow
  - Complete centralized management of identities
  Also, OID is an LDAP tool, meant to use for faster access of data. There are applications which may require to perform join operation on database table. In LDAP we can't perform joins.
  regards,
  GP

• OIM 11g High Availability Deployment

  Hi Experts,
  I'm deploying OIM 11g in High Available schema, following Oracle docs: http://download.oracle.com/docs/cd/E14571_01/core.1111/e10106/imha.htm#CDEFECJF, I have succesfully installed and configured OIM & SOA in weblogic domain on 'OIMHOST1', trying to propagate the configuration from 'OIMHOST1' to 'OIMHOST2' I have packed (using pack.sh) the domain on 'OIMHOST1' and unpacked (using unpack.sh) it to 'OIMHOST2' so I have updated the NodeManager executing setNMProps.sh and finally Ihave started the NodeManager. In order to Test everything is fine and following the documentation I'm traying to perform the following steps, but I'm not succeed
  I'M MUST TO SAY THAT I'M RUNNING ON SINGLE STANDARD EDITION DB INSTANCE AND NOT RAC AS MENTIONED IN ORACLE DOCS, PLEASE CLARIFY IF RAC IS REQUIRED, FOR NOW I'M IN DEVELOPMENT ENVIRONMENT, SO I THINK RAC IS NOT REQUIRED FOR NOW, PLEASE CLARIFY
  8.9.3.8.3 Start the WLS_SOA2 and WLS_OIM2 Managed Servers on OIMHOST2
  Follow these steps to start the WLS_SOA2 and WLS_OIM2 managed servers on OIMHOST2:
  Stop the WebLogic Administration Server on OIMHOST2. Use the WebLogic Administration Console to stop the Administration Server.
  Start the WebLogic Administration Server on OIMHOST2 using the startWebLogic.sh script under the $DOMAIN_HOME/bin directory. For example:
  /u01/app/oracle/admin/OIM/bin/startWebLogic.sh > /tmp/admin.out 2>1&
  Validate that the WebLogic Administration Server started up successfully by bringing up the WebLogic Administration Console.
  Here its not possible start AdminServer on OIMHOST2, first of all, it looks like boot.properties file under WLS_OIM_DOMAIN_HOME/servers/AdminSever/security is not valid, the first time I try to execute startWeblogic.sh script, it ask for username/password, I have updated boot.properties (vi boot.properties) and manually set clear username and password, this time startWeblogic.sh script passed this stage, but fails:
  <Error> <util.install.help.BuildMasterHelpSet> <BEA-000000> <IOException ioe java.io.IOException: No such file or directory>
  <Error> <oracle.adf.share.config.ADFMDSConfig> <BEA-000000> <MDSConfigurationException encountered in parseADFConfigurationMDS-01330: unable to load MDS configuration document
  MDS-01329: unable to load element "persistence-config"
  MDS-01370: MetadataStore configuration for metadata-store-usage "writeable" is invalid.
  MDS-00503: The metadata path "/u01/app/oracle/product/Middleware/user_projects/domains/IDMDomain/sysman/mds" does not contain any valid directories.
  I have verified that this directory "mds" does not exists, as reported by the IOException, in OIMHOST2, but it exists in OIMHOST1. from here its not possible for me following Oracle's documentation, I test this starting Adminserver in OIMHOST1, and starting WLS_SOA2 and WLS_OIM2 managed servers from OIMHOST1 AdminServer console, I have tested 2 ways:
  1.- All managed servers in OIHOST1 are shutdown, for this, managed servers in OIMHOST2 works as expected
  2.- All managed servers in OIMHOST1 are RUNNING, for this, first I have started SOA2 managed server, after that, I have fired OIM2 managed server, when it finish boot process the following message appears in server's output:
  <Warning> <org.quartz.impl.jdbcjobstore.JobStoreCMT> <BEA-000000> <This scheduler instance (servername.domainname1304128390936) is still active but was recovered by another instance in the cluster. This may cause inconsistent behavior.>
  Start the WLS_SOA2 managed server using the WebLogic Administration Console.
  Start the WLS_OIM2 managed server using the WebLogic Administration Console. The WLS_OIM2 managed server must be started after the WLS_SOA2 managed server is started.
  8.9.3.9 Validate the Oracle Identity Manager Instance on OIMHOST2
  Validate the Oracle Identity Manager Server instance on OIMHOST2 by bringing up the Oracle Identity Manager Console using a web browser.
  The URL for the Oracle Identity Manager Console is:
  http://oimvhn2.mycompany.com:14000/oim
  Log in using the xelsysadm password.
  Your help is highly apprecciated
  Regards
  Juan

  Hi Vaasu,
  I have succeeded deploying OIM in HA, just now my customer and I are working on the installation of webtier. Now I have a better understand about HA concepts and the way weblogic works -really nice, but little tricky-
  All the magic about HA is configuring properly the network interfaces in each Linux boxes (our case) so, first of all you need to create 2 new floating IP's on each Linux boxes (google: how to create virtual Ip in linux, if you don't know) clone and modify your 'eth0' network script to create the virtual IPs
  Follow the procudere in the HA guide: http://download.oracle.com/docs/cd/E14571_01/core.1111/e10106/imha.htm#CDEFECJF
  create DB schemas with RCU
  install weblogic
  install SOA
  patch SOA
  install IAM
  ---if you are working on a virtual machine is good idea to take a snapshot here---
  Create and configure the weblogic domain (special attentention whe configuring the cluster), see step 13 of 8.9.3.2 Creating and Configuring the WebLogic Domain for OIM and SOA on OIMHOST1, here you need to cofigure:
  For the oim_server1 entry, change the entry to the following values:
  Name: WLS_OIM1
  Listen Address: the IP that is confured in eth0:1 of Linux box1
  Listen Port: 14000
  For the soa_server1 entry, change the entry to the following values:
  Name: WLS_SOA1
  Listen Address: the IP configure on eth0:2 of Linux box1
  Listen Port: 8001
  For the second OIM Server, click Add and supply the following information:
  Name: WLS_OIM2
  Listen Address: the IP configured on eth0:1 of Linux box2
  Listen Port: 14000
  For the second SOA Server, click Add and supply the following information:
  Name: WLS_SOA2
  Listen Address: the IP configured on eth0:2 of Linux box2
  Listen Port: 8001
  Click Next.
  On Step 16 ensure you are using the UNIX tab to configure the machines, also ensure that for machine1 you use the IP configured on the eth0 interface of Linux box1, the same for machine2
  please confirm you have performered 8.9.3.3.2 Update Node Manager on OIMHOST1
  if everything is ok you must be able to start the AdminServer as described in the guide.
  configure OIM: 8.9.3.4.2 Running the Oracle Identity Management Configuration Wizard, in my case I don't need LDAPsync, I have skipped this section, if you configure properly OIM, then you mus perform 8.9.3.5 Post-Configuration Steps for the Managed Servers
  resrtar AdminServer then from the weblogic console, start OIM and SOA if node manager is properly configured SOA and OIM must run properly, update deployment mode and coherence as described in the guide and verify that OIM run perfectly in Linux box1.
  Propagate OIM from Linux box1 to Linux box2 as described in the guide, using pack and unpack (you MUST use the same filesystem directory structure on both Linux boxes)
  Update and start NodeManager as described in the guide
  VERY IMPORTAN OBSERVATION
  the guide say:
  8.9.3.8.3 Start the WLS_SOA2 and WLS_OIM2 Managed Servers on OIMHOST2
  Follow these steps to start the WLS_SOA2 and WLS_OIM2 managed servers on OIMHOST2:
  Stop the WebLogic Administration Server on OIMHOST2. Use the WebLogic Administration Console to stop the Administration Server.
  JUAN OBSERVATION:
  IS NOT POSSIBLE TO START OR STOP ADMINSERVER ON HOST2 SINCE ADMIN SERVER WERE CONFIGURED TO LISTEN ON THE IP ADDRES OF eth0 INTERFACE ON HOST1, SO, ITS NOT POSSIBLE TO PLAY IT ON HOST2, I THINK AND ADDITIONAL PROCEDURE SHOULD BE FOLLOWED TO CONFIGURE ADMINSERVER IN HA IN A ACTIVE-PASSIVE MODE
  Start the WebLogic Administration Server on OIMHOST2 using the startWebLogic.sh script under the $DOMAIN_HOME/bin directory. For example:
  /u01/app/oracle/admin/OIM/bin/startWebLogic.sh > /tmp/admin.out 2>1& -----NOT APPLICABLE
  Validate that the WebLogic Administration Server started up successfully by bringing up the WebLogic Administration Console. -----NOT APPLICABLE
  Start the WLS_SOA2 managed server using the WebLogic Administration Console. ----START SOA2 FROM THE CONSOLE RUNNING ON HOST1, IT DOESN'T MATTER
  Start the WLS_OIM2 managed server using the WebLogic Administration Console. The WLS_OIM2 managed server must be started after the WLS_SOA2 managed server is started. ------ START OIM2 FROM THE CONSOLE RUNNING ON HOST1
  HERE YOU MUST BE ABLE TO LOGIN TO OIM2 SERVER AS DESCRIBED IN THE GUIDE, YOU DON'T NEED TO EXECUTE config.sh SCRIPT THIS SHOULD WORK AS DESCRIBED.
  Server migration should work straight-forward if you have configured the floating IPs as described, I have not configured the persistence yet since my customer does not have the skills to share a storage.
  I hope this helps, and feel free to comment or complement.
  By the way, did you know how to set up a valid SSL certificate in Windows 2003 server??? I need it to test and Exchange 2007 I'm tryin to integrate
  Regards
  Juan

• OIM and ldap sync

  I am using OIM 11gR2 and OID 11.1.1.6. Users and groups will be in OID, and OIM is
  required to do the provisioning of users. Plan is to use ldap sync between oid and oim.
  With ldap sync, all users will be available in OIM. And then in OIM can one do the
  provisioning of users. Is this approach ok? Or should we have OID connector? Or both?

  You can use LDAP Sync between OIM and OID. You dont need OID connector in this case.
  More here...
  Why would you use the LDAP Sync instead of the OID Connector?
  http://fusionsecurity.blogspot.com/2012/01/oim-11g-ldap-synchronization.html

• Need to add a second weblogic server for high availability

  I have a weblogic 10.3.3 server with forms and reports 11.1.1.3.
  I have an adminServer, WLS_FORMS and WLS_REPORTS managed servers setup.
  This was setup with the wizard, so the WLS_FORMS is in the cluster_forms cluster group and WLS_REPORTS in the cluster_reports group.
  I now need to add a second server with forms and reports also to act as one big server and provide high availability and load balancing.
  How do I achieve thsi, is there a wizard that will do this?
  The two servers are setup in exactly the same way, with the same versions of Weblogic and Forms and Reports.
  Thanks in advance.

  I do not know "reports 11.1.1.3" application, but from your description this application is already targeted on a clustered configuration.
  So it should be sufficient to add 2 new instances in the WebLogic domain "WLS_FORMS_2", "WLS_REPORTS_2", include them into the existing clusters and add a load balancer (like apache + wleblogic-plugin) that will balance requests on instances.
  I never heard of wizards to create such clustered environments. However it is not hard to do:
  1- Install binaries on the new machine
  2- Create the domain configuration directory on the new machine using config.sh wizard in the same way you have aleady done with the first machine.
  In this step you can create a clone of the existing domain, but it is enough to create a domain with the same name and the same admin instance.
  Instead of using config.sh, you can also copy the domain directory from the existing machine and change diretories in scripts if needed.
  The domain configuration is needed only to find the binaries, the basic domain files common to all installations, and to allow startup scripts (see point 4-) to connect to the admin and download the domain/instance configuration.
  3- Configure the new instances on the existing WebLogic console
  4- Create startup scripts for "WLS_FORMS_2", "WLS_REPORTS_2" on the second machine
  Bye
  Mariano

• How to perform up high availability upgrade with database changes?

  Hi,
  Can someone point me to pertinent documentation for performing live upgrades? Specifically I'm looking for best practice for setting up and attaining High Availability especially during application upgrades which have db changes.
  Thanks in advance,
  Rich

  Hi,
  For internal clients, yes, your requirement can be met by setting the autodiscover site affinity by using the “AutoDiscoverSiteScope” parameter in Set-ClientAccessServer command:
  https://technet.microsoft.com/zh-cn/library/bb125157(v=exchg.150).aspx
  For external clients, I am afraid “No” because the “autodiscover.domain.com” only points to one CAS server.
  Thanks,
  Simon Wu
  TechNet Community Support

• Creation of users in OIM from OID, where OID is target resource

  Hi,
  I am new to OIM. We have a scenario where we have OIM and OID. The users are being created in OID. Now we need to get these users to the OIM system to use the Change Password, Forgot Password functionalities of OIM. Can we have OID as the target resource for OIM and have a reconciliation done to get all the users from OID and have them created in OIM.
  Or this possible only when OID is the Trusted Source?
  Thanks in advance,

  Re: OIM's Trusted Source

• JCo Server High Availability

  How can I make the JCo server implement "High Availability" functionality. The SAP Server which the makes calls to the JCo Server is HA-aware. So if there is a failover, the SAP Server switches over to the other instance but the JCo server keeps sending the message "Server unavailable". Is there a solution for this problem.
  Thanks.

  Single Appliance not necessarily means Single Point of Failure, an appliance with HW Redundancy could handle failure and provide High Availability, if only configured well.
  Does Symantec BrightMail Appliance provide such redundancy configuration?
  You will have to ask their support or in a Symantec Forum.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• IPS High Availability Solution

  Hi all,
  requirement to have redundancy for IPS appliance placed on data center design, I have digged on Cisco docs but found the Resiliency and HA (High Availability) from the IPS point of view could occur in the switches side (HSRP/Eth channel load-balance).
  is there any visible way to implement the High Availability in dynamic way !!
  Regards,
  Belal

  Belal
  You are correct, only one sensor at a time will pass traffic.
  Spanning Tree Protocol uses layer 2 frames called BPDUs to determine if a path to the root bridge (in this case VLAN) exists. If the primary sensor stops passing layer 2 frames (a good indication that the rest of your traffic is not going to get through the sensor) then BPDUs will not pass thru the primary sensor and Spanning Tree will unblock the secondary path through the standby sensor. You may want to watch for an SNMP trap from the switch to know when that happens.
  The failover cable is just an ordinary roll over cable between two ports (in the two VLANS) on the switch. I called it a failover cable because it only carries traffic when the sensor has failed to pass layer two (and above) frames.