OIM - Call adapter when edit OIM user

Similar Messages

• Call adapter when Xellerate User is created

  How can I attach an adapter when an Xellerate User is created? I see that the Add User task for Xellerate User process definition does not have any adapter attached to it. Can I just attach my adapter from the integration tab so that it will get called when the user is created in OIM ?
  Previously I have attached an Task on a response code but I don't see any response codes for "Add User" task.
  Edited by: DJ on Aug 16, 2011 2:16 PM

  Here are the steps I performed:
  1. Changed MIL data level of "Add User" to 0
  2. Added a task in Xellerate User - "Create User on Target"
  3. Tried to add "Add User" as precedding task in "Create User on Target" task but failed with the error.
  I found this thread to which points to editing Data Object Manager on post-insert. I'm not sure which Form do I need edit, User Tasks? Users.User Defined tasks?
  OIM Xellerate: how to trigger external actions from a create user event

• Illustrator CC 17.1.0 crashes when editing preferences, user interface. Running on MacBook Pro i7 OSX 10.9.5

  Illustrator CC 17.1.0 running on MacBook Pro i7 OSX 10.9.5 - crashes when editing preferences, user interface. Also crashes when quitting application. Anybody any ideas?

  While 2 GB is the absolute minimum to install Mavericks, if you want to do anything with the Mac you need more then that. Upgrade your RAM.
  Until you upgrade the RAM seriously consider shutting down the Mac nightly. You should also seriously review the items in the User Login Items to see if there are any there that you really don't need to have startup with your login to reduce the amount of RAM you are using.

• Error when editing Portal User Profiles

  Hi there,
  I got this error message when editing Portal User Profiles
  Error: The specified user does not exist. (WWC-41406).
  I can select users from OID, but can't edit them.
  Note: these users are imported from AD and placed in a different OU other than users container in OID.
  But, If I create a user in the same OU from Portal Administration page, then I can select and edit that user's Portal Profile.
  So what's the difference between imported users and the user created from Portal?
  Please advise.
  Thanks,
  Geoff

  REPORTSDEV was an invalid user so we dropped this user and started over and now it works.
  <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by GREGG SAKSEFSKI ([email protected]):
  I'm tring to edit user REPORTSDEV.
  So I'm on the "Administer" tab and enter "REPORSDEV" in the User box and press <EDIT> button.
  After a couple minuates I receive the error below:
  Error: Unexpected error encountered in wwsec_api.id_sso (User-Defined Exception) (WWC-41417)
  The system failed to retrieve the necessary HTTP request to the Login Server to validate this user. (WWC-41447)
  Any ideas???<HR></BLOCKQUOTE>
  null

• Disabling a field when editing a user

  Hi,
  I have a form in which I want to disbale a field if I am in editing mode. But I want it enabled when I create a user. Anyone know how to achieve this?
  thanks

  I think that when the user has not been created yet in IDM, the waveset.id does not exist. so you are in creation mode.
  but when you're editing a user, the user exists in IDM and thus has a wavest.id.
  really basic but works fine !

• OIM 11g attaching an adapter to the delete user process

  Hi everyone,
  Is there any way to attach
  1. A process task adapter to the Delete User task for the Xellerate User process. Either through creating a new task and linking this task to the Delete User task or modifying the out of the box event handler.
  2. Or an entity adapter to User on pre delete. (from what I understand you can't do this in 11g)
  What I'm trying to do is obscure a user's information in the database before or after they are deleted. I'm trying to avoid event handlers. Any help would be greatly appreciated.

  You should be able to create a pre-process event handler on the User object for action Delete.
  -Kevin

• Provision OIM user to ADAM using own ProcessDefinationForm,lookups etc

  Hi Friends,
  I am getting problem while provision OIM user to ADAM using the AD Connector 9.1.0.1. For provision I am using my own process definition form, adapter etc (see below).
  The details are
  •     Created a new IT resource i.e. “ADAM IT” of type AD Server.
  •     Created a new Resource i.e. “ADAM User”
  •     Created a Form i.e. “UD_ADAMUSER” similar to “UD_ADUSER”
  •     Created a new “AD. PARAMETERADAM” similar to “AD.PARAMETER”
  •     Created a lookup definition AtMap.MYADAM (similar to AtMap.ADAM) containing mapping between above form field and ADAM server attribute. This lookup is used in created IT resource as AtMap ADUser value.
  •     Created an adapter i.e. adpADAMCREATEUSER. This adapter has exactly same step as it is in adapter “adpADCSCREATEUSER”. I have used “AD.PARAMETERADAM” instead of “AD.PARAMETER”. Below are the three tasks I have created for this adapter It is similar to task “adpADCSCREATEUSER”.
  o     ADAM Get Lookup Values
  o     ADAM Get Attribute Map
  o     ADAM Create User
  •     Created a process definition of type provisioning i.e. “ADAM User” just like “AD User”
  o     In this process definition I have used created “ADAM User” as object
  o     “UD_ADAMUSER” as “Table Name” and
  o     Create a task called “Create User” and used the created adapter and mapped the adapter variables.
  When I perform the provisioning operation with the above settings, then provision is not succeeded and when I checked log I found below details….
  2009-01-29 17:38:48,640 INFO [STDOUT] Running ADAM Get Lookup Values
  2009-01-29 17:38:48,640 DEBUG [OIMCP.ADCS] tcUtilADTasks::getLookupValues() Enter
  2009-01-29 17:38:48,640 DEBUG [OIMCP.ADCS] tcUtilADTasks::getLookupHashMap() Enter
  2009-01-29 17:38:48,640 DEBUG [OIMCP.ADCS] tcUtilADTasks::getLookupHashMap() Exit
  2009-01-29 17:38:48,640 DEBUG [OIMCP.ADCS] tcUtilAttributeNameMap::getIntegrationAttributes() Enter
  2009-01-29 17:38:48,640 DEBUG [OIMCP.ADCS] tcUtilAttributeNameMap::getIntegrationAttributes() Exit
  2009-01-29 17:38:48,640 DEBUG [OIMCP.ADCS] tcUtilADTasks::getLookupValues() Exit
  2009-01-29 17:38:48,640 INFO [STDOUT] Running ADAM Get Attribute Map
  2009-01-29 17:38:48,640 DEBUG [OIMCP.ADCS] tcUtilADTasks::getProcessHasHMapVoid() Enter
  2009-01-29 17:38:48,640 DEBUG [OIMCP.ADCS] tcUtilADTasks::getProcessHasHMap() Enter
  2009-01-29 17:38:48,640 DEBUG [OIMCP.ADCS] tcUtilADTasks::getProcessHasHMap() Exit
  2009-01-29 17:38:48,640 DEBUG [OIMCP.ADCS] tcUtilAttributeNameMap::getUDFIntegrationAttributes() Enter
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcUtilAttributeNameMap::getUDFIntegrationAttributes() Exit
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcUtilADTasks::getProcessHasHMapVoid() Exit
  2009-01-29 17:38:48,687 INFO [STDOUT] Running ADAM Create User
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcUtilADTasks::createADAMUser() Enter
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcUtilADTasks::checkHierarchy() Enter
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcUtilADTasks::checkHierarchy() Exit
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::getPath() Enter
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::getPath() Exit
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::connectToAvailableAD() Enter
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::hashTableEnvForDirContext() Enter
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::removePlus() Enter
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::removePlus() Exit
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::hashTableEnvForDirContext() Exit
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::hashTableEnvForLDAPContext() Enter
  2009-01-29 17:38:48,687 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::hashTableEnvForLDAPContext() Exit
  2009-01-29 17:38:48,687 INFO [OIMCP.ADCS] SSL option is not selected in ITResource
  2009-01-29 17:38:48,750 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::connectToAvailableAD() Exit
  2009-01-29 17:38:48,750 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::getAttributesObject() Enter
  2009-01-29 17:38:48,750 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::getAttributesObject() Exit
  2009-01-29 17:38:48,750 ERROR [OIMCP.ADCS] AD User Creation Failed:null
  2009-01-29 17:38:48,750 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::disconnect() Enter
  2009-01-29 17:38:48,750 DEBUG [OIMCP.ADCS] tcADUtilLDAPController::disconnect() Exit
  2009-01-29 17:38:48,750 DEBUG [OIMCP.ADCS] tcUtilADTasks::createADAMUser() Exit
  Any thought on why the provisioning operation failed, am I missing something? One more thing where I can find the java doc for the AD Connector 9.1.0.1?
  Any help would be greatly appreciated!
  Regards,
  Hardew

  The AD connector is built to provision one object and doesn't really do complex OU structures very well so if you need to create multiple objects your best bet is probably a custom connector using JNDI.
  Good luck
  /M

• Move Users from one OU to other on AD based on the OIM user profile attrs

  Hi All
  I am currently pre-populating AD User OU attribute based on the OIM User profile Location attribute. This is working as expected.
  Now when the location changes, I wanted to move the user from the current OU to a different one based on the location provided. Here I am kind of stuck.
  I think I can use access policies / User triggers to get this done, but is there any other approach / additional configuration for pre-populate.
  Are pre-populate only for the first time User Provisioning?
  Regards
  user12841694

  Hi Martin
  For the above requirement we have used lookups and could accomplish the task.
  However, I need a minor clarification here.
  I have OU dependent on Location Code & I also have Users Home Directory[on AD process form] dependent on Location Code.
  How should I use the User triggers to trigger both Change HomeDir and Change OU process tasks on AD User?
  I will create a dummy task with name "*Trigger Location Dependents*" and always return a "TRUE" response in the integrated adapter.
  Now upon true I will generate Change HomeDir & Change OU process tasks.
  I will provide Trigger Location Dependents name aganist USR_UDF_LOCATION code in the triggers lookup.
  Should this work or do u have any suggestion..Please
  Regards
  user12841694
  Edited by: user12841694 on Dec 23, 2010 6:59 AM

• OIM11gR2 - API - how to create accounts and link them to an oim user

  hi,
  my problem is the following:  I would like to import a lot(1000+) of different service accounts to my oim system and link them to oim users.
  at the moment, the information which service-account belongs to which person is stored in a textfile.
  I use this API code to create accounts:
  ProvisioningService service=getClient().getService(ProvisioningService.class);
  ApplicationInstanceService service=getClient().getService(ApplicationInstanceService.class);
  ApplicationInstance appInstance=service.findApplicationInstanceByName("LinuxServer001");
  FormInfo formInfo=appInstance.getAccountForm();
  String formKey=String.valueOf(formInfo.getFormKey());
  AccountData accountData=new AccountData(formKey,null,null);
  Account account=new Account(appInstance,accountData);
  account.setAccountType(Account.ACCOUNT_TYPE.Primary);       
  service.provision(userKey, account);
  this works fine! the account is displayed in the section  "user accounts", but the status of the created account is "Provisioning".
  when I reconcile this linux server, oim doesn't establish a link between the service account on the target system and the created account! why?
  how can i solve my problem? which information is missing, to establish a link between an existing account on a target system and an api created account?
  thank you!
  br,
  max

  Thanks, Brian, for your support! - It's working.
  It's hard to understand why NI did not pass this parameter to the top of the call chain...
  I also needed some time to understand the syntax of the string passed to the subaddress node:
  The name of the worksheet needs to be framed by single quotation marks and the following cell address must preceeded by an exclamation point (!).
  A working link pointing to cell "A1" of "Worksheet 1" looks like:
  'Worksheet 1'!A1
  Maybe also of interest: If you want to point the link to a worksheet inside the document itself, the parameter "address" (URL of link - href) can be left empty.
  Thanks and Regards,
  Ingo

• Target Recon does not link accounts with OIM user

  Hi all,
  We have developed a custom connector (provisioning and reconciliation connector) to integrate a custom LDAP server.
  It is not a trusted source, so, we are performing a target reconciliation.
  We have OIM populated with all the users (by a bulk load from a HR resource). Then, when we integrate the LDAP server resource, in the first time reconciliation, we expect that OIM will link LDAP accounts with OIM users, using OIM User ID and LDAP uid attribute for matching.
  Our reconciliation connector creates reconciliation events ok, but we always get "not match found" as reconciliation event status.
  In the Process Definition we have configured "User ID" as key field, mathed with "User ID" Field of the Resource Object, and uid LDAP attribute.
  We have defined all the reconciliation fields in the Resource Objetc.
  Why OIM is not matching resource account with OIM users, creating a resource (provisioned resource) for each OIM user?
  It seems that OIM is trying to match reconciliation events against already provisioned resources for users, and not against OIM users.
  Any ideas?

  Hi,
  After running bulk loading from the HR resource, all your target Users will get created at OIM. Now if you try to run Target Resource Reconciliation against that LDAP targetfor these records, the first thing OIM will do is to execute the reconciliation rule. After successful matching of this rule OIM will see for Process matching. So try this out after defining a reconciliation rule for your Resource Object with the following rule element values.
  User Profile Data - User Login
  Operator - Equals
  Attribute - uid LDAP attribute *(Primary Field at the target Or the filed against which you want the matching at OIM)*
  Transform - None
  Object should be Your RO + Rule should be Valid and Active
  After this matching you need to have the Reconciliation Action rules in place as well. Check that the following two rules exist:
  Go to Resource Object -> Object Reconciliation -> Reconciliation Action Rules
  1) One Entity match Found - Establish link \\\\\ *(must for your case)* \\\\\
  2) One Process Match Found - Establish link
  If not create the rules and Try then.
  Regards
  Edited by: rajsunny on Jan 27, 2009 4:20 AM

• OIM 10g: Best practice for updating OIM user status from target recon?

  We have a requirement, where we need to trigger one or more updates to the OIM user record (including status) based on values pulled in from a target resource recon from an LDAP. For example, if an LDAP attribute "disable-flag=123456" then we want to disable the OIM user. Other LDAP attributes may trigger other OIM user attribute changes.
  I think I need to write a custom adapter to handle "recon insert received" and "recon update received" events from the target recon, but wanted to check with the community to see if this was the right approach. Would post-insert/post-update event handlers be a better choice?

  Thanks Nishith. That's along the lines of what I was thinking. The only issue in my case is that I might need to update additional custom attributes on the OIM User in addition to enable/disable. Because of that requirement, my thought was to call the API directly from my task adapter to do the attribute updates in addition to the enable/disable. Does this seem like a sound approach?

• OIM Cannot uncomplete a completed task. OIM User Enable

  Hey Guys,
  I try to Enabled a Disabled user using the OIM user interface.
  When doing it I have an error coming back:
  DOBJ.SCHTM_INVALID_COMPLETED_CHANGE
  Cannot uncomplete a completed task.
  The logs shows:
  ERROR,08 Mar 2011 13:28:45,806,[XELLERATE.ADAPTERS],Class/Method: tcAdpEvent/updateDataSetValuePost encounter some problems: Adapter Execution Error: updateDataObjFieldValuePost: error updating usr_disabled
  ERROR,08 Mar 2011 13:28:45,807,[XELLERATE.ADAPTERS],Class/Method: tcAdpEvent/updateUserInfo encounter some problems: Adapter Execution Error: error updating Disabled
  Any idea where this can come from ?

  Hi
  If you will simply disable or enable user on OIM user profile, it won't give any error, if it is not attached with any resource object.
  I think, provisioning process has been attached with this user and you are going to enable, and one of the resource object is already enabled or data inconsistent.
  Will you provide user details for resource object and code?

• Updating AD Attributes via OIM user forms

  Hi,
  I have configured an AD connector. Firstly, I did a trusted recon to create the OIM. Next, I did a user recon to link the AD user to the OIM user. After that I have configured to pre-populate to show the AD attributes onto the OIM user form.
  Now, what I want to do is to update the AD attributes (eg. Mobile) in the OIM web interface, and has it reflect back to AD.
  Appreciate a detail description as I am very new to OIM.
  Cheers, SK

  You may want to try this:
  a. Add an entry in Lookup.USR_PROCESS_TRIGGERS
  b. Add a Process Form field and a Process task in each Process where you want to push the value.
  The task should have a name "<UDF label> Updated"
  c. Create another one called "Change <UDF label>"
  d. Make the tasks conditional, "allow multiple instances"
  e. Wire the "Change <UDF label>" to copy values from the user profile to the process form
  f. Wire the "<UDF Label> Updated" to the connector adapter.
  --Deepak                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

• [OIM] GTC (DB App Tables) doen't refresh the OIM User Stages

  The scenario is as follows: I have one table as a trusted source. I mapped it to the OIM User using the stages screen (the OIM User plus some UDF Fields) and everything works fine.
  The problem arised when I need to add more UDF fields. The stages screen doens't show them, neither if I press the refresh button on the OIM User stage. The weird thing is that, for example if I make a Create User, all fields are shown and more weird, if I go directly to the provisioning process of the GTC connector, in the recon mapping these new fields appears and let me make the mappings. The strange thing is that I save this, and when I go to the GTC stages screen, the new UDF still doen's appear, neither the mappings I made in the design console.
  Have this happened to anyone? I don't want to mix GTC management touching directly the Design Console, I am trying to let it clean so I can make a clean export when it happen to put the connector in other environment.
  Thanks!

  Hi,
  I got the same problem... I added two UDF after I'had created the GTC and it didn't read them up, so I added the lines below in the xml schema in the database. After that, I could map the UDFs to the Reconciliation Staging fields.
  <Field default=" " keyfield="false" type="String " required="false" size="60 " encrypted="false" order="0 " name="USR_UDF_SAMPLE1" password="false">
  </Field>
  <Field default=" " keyfield="false" type="String " required="false" size="15 " encrypted="false" order="0 " name="USR_UDF_SAMPLE2" password="false">
  </Field>
  <Field default=" " keyfield="false" type="String " required="false" size="30 " encrypted="false" order="0 " name="USR_UDF_SAMPLE3" password="false">
  </Field>
  I think that would exist a button to refresh OIM User Schema used by the adapter, so the UDFs can be updated.
  tks.
  Renato.

• [OIM 11g] How can a pwd changed in the AD be sent to OIM User account?

  Hi Gurus,
  I am working in a PoC. I have AD and AD Pwd Sync connectors, and DBAT connector installed.
  IHAC who expected to see the following behavior regarding user password management:
  1) When user change password in the OIM account, this password should be propagated for all the targets (AD and DB table).
  Ok...I got the behavior.
  2) When user change password in the AD account, this password should be propagated for OIM user account (consequently this password will be propagated for all the target)..
  How can I do to achieve that?
  With AD password sync I am able to just sync the password between Target password and Resource form password.
  Note: AD is not the Trusted Source. The AD only should be trusted source for password.
  I would appreciated any help.
  Best regards.
  Edited by: user12295533 on 01/09/2011 07:05

  Hi Kevin, Thanks for your reply.
  By the AD Pwd Sync documentation (2.3.2 Configuring the IT Resource for the Target System section), I understood that the password changed into target system (AD account) would be changed only in the process form of the resource (ADUser), and it wouldn't be propagated to OIM user account (password attribute).
  When the password is changed on Microsoft Active Directory:
  The updated password is detected by the connector and sent to Oracle Identity Manager.
  On Oracle Identity Manager, the password is compared with the current password of the Active Directory resource. Because both passwords are different, the password of the Microsoft Active resource on Oracle Identity Manager is updated.
  The updated password is detected by the user management connector and sent to Microsoft Active Directory.
  The password of the Microsoft Active Directory is modified, even though this is the same password that was set by the user.
  The password of the account is detected by the password synchronization connector and sent to Oracle Identity Manager.
  On Oracle Identity Manager, the password is compared with the current password of the Active Directory resource. Because both passwords are the same, no further action is taken.
  If password history policy is set on Oracle Identity Manager, then an exception for the SPML request (sent by the password synchronization connector) is encountered. You can ignore this exception.
  Are you informing that the password changed in the AD should be propagated to OIM user account (password field)? Sorry, I am asking because it is not clear for me and I need to be sure of that. Because in this case then I need to check the configuration and try find any error.
  Thanks again Kevin.