OIM OID CONNECTOR

i interfaced OIM with Oracle 10 g database instance using database connector. i installed the connector using a database user account by giving some privileges (sysadmin which is admin account of that database instance was not able to install the connector,so i created a new database user and gave him the privileges by running OIM.bat file)
now i m trying to interface OIM with OID. it says that system admin or any user with certain privileges can install a connector.
The required permissions are the following:
Form Designer (Allow Insert, Write Access, Delete Access)
Structure Utility.Additional Column (Allow Insert, Write Access, Delete Access)
Meta-Table Hierarchy (Allow Insert, Write Access, Delete Access)
In that case which user can i use. may i use the admin credentials of OIM (xelsysadm) or do i need to create a new user with relevant privileges
how can this be materialised?
i m constantly getting INVALID_NAMING_ERROR while i try to provision OID IT Resource to the users in OIM.
what can be the reason
Edited by: user12240044 on Jan 12, 2010 8:43 PM
i configured the target system by modifying the custom.bat file as follows :
ldapmodify -h hostname -p 4389 -D "cn=orcladmin" -w "adminpassword" -c -f customRoleOccupant.ldif
ldapadd -h hostname -p 4389 -D "cn=orcladmin" -w "adminpassword" -c -f customIndex.ldif
ldapmodify -h hostname -p 4389 -D "cn=orcladmin" -w "adminpassword" -c -f customOrganizationalRole.ldif
then i run the custom.bat file
is it must to make modifytimestamp a searchable attribute. why is it needed?
Edited by: user12240044 on Jan 12, 2010 9:02 PM
Admin Id     cn=orcladmin,cn=Users,dc=ad,dc=infosys,dc=com
Admin Password     ******
CustomizedReconQuery
Last Target Delete Recon TimeStamp
Last Target Recon TimeStamp
Last Trusted Delete Recon TimeStamp
Last Trusted Recon TimeStamp
Port     389
Prov Attribute Lookup Code     AttrName.Prov.Map.OID
Recon Attribute Lookup Code     AttrName.Recon.Map.OID
Root DN     dc=ad,dc=infosys,dc=com
SSL     false
Server Address     given
Use XL Org Structure     true
Edited by: user12240044 on Jan 12, 2010 9:39 PM

Although the documentation does not make any mention of it AT ALL, you need to add modifytimestamp to the ldapTargetResourceTimeStampField in the recon lookup attribute map. The modifytimestamp attribute in OID then needs to be indexed so that it can be used in the LDAP search the connector makes.

Similar Messages

OIM-OID connector group lookup recon

Hi Everyone,
I am trying to run group lookup recon using scheduled job OID Connector Group Lookup Reconciliation. I can run the recon sucesssfully if my base DN for OID is set to dc=com in the IT resource. and does not work when it is "dc=example,dc=com". The error is Failed: Error message can not be retrieved and cannot see any relavant information in the log files.
Also, I get an ADF error when i try to open the OID Connector OU Lookup Reconciliation.
java.lang.VirtualMachineError
ADF_FACES-60097:For more information, please see the server's error log for an entry beginning with: ADF_FACES-60096:Server Exception during PPR, #2
[2013-01-21T08:22:46.936+09:00] [oim_server1] [ERROR] [] [oracle.adfinternal.view.faces.config.rich.RegistrationConfigurator] [tid: [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 498a5bc255145a67:-60b819ea:13c5a0de041:-8000-0000000000000470,0] [APP: oim#11.1.1.3.0] ADF_FACES-60096:Server Exception during PPR, #2[[
javax.servlet.ServletException: java.lang.InstantiationError: java.lang.VirtualMachineError
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:341)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
     at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
     at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
     at java.security.AccessController.doPrivileged(Native Method)
     at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
     at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
     at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
     at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
     at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: java.lang.InstantiationError: java.lang.VirtualMachineError
     at sun.reflect.GeneratedSerializationConstructorAccessor251.newInstance(Unknown Source)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     at java.io.ObjectStreamClass.newInstance(ObjectStreamClass.java:924)
     at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1736)
     at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
     at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
     at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
     at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
     at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
     at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
     at oracle.iam.scheduler.vo.JobHistory.getExceptionObject(JobHistory.java:79)
     at oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1251)
     at oracle.iam.consoles.faces.utils.CanonicUtils.prepareOperation(CanonicUtils.java:169)
     at oracle.iam.consoles.faces.utils.CanonicUtils.prepareOperation(CanonicUtils.java:179)
     at oracle.iam.consoles.faces.render.canonic.UICursor$TableActionListener.processAction(UICursor.java:855)
     at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
     at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXComponentBase.java:675)
     at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:179)
     at org.apache.myfaces.trinidad.component.UIXCollection.broadcast(UIXCollection.java:148)
     at org.apache.myfaces.trinidad.component.UIXTable.broadcast(UIXTable.java:271)
     at oracle.adf.view.rich.component.UIXTable.broadcast(UIXTable.java:145)
     at oracle.adf.view.rich.component.rich.data.RichTable.broadcast(RichTable.java:402)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
     at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
     at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
     at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
     ... 41 more
Anyone help me in resolving these problems.
Thanks,
Bob
Edited by: user10104431 on Jan 21, 2013 5:04 AM

Any ideas please..

OIM-OID Connector: OID Group Recon Task and organizations

Hi,
I'm evaluating OIM and its OID Connector.
We have groups in our existing OID. We thought that we could use the OID Connector OID Group Recon Task to import those groups into OIM and make them Groups in OIM.
However, when we run the task, it appears to import our groups from OID as organizations, not as groups. It's not clear to me from the OID Connector documentation what exactly the OID Group Recon task is supposed to do. That's why we assumed it was an OOTB method for reconciling OID groups into OIM groups.
What are we doing wrong? Why do we end up with our OID Groups becoming OIM Organizations after running the task?
We are using version 9.4.11 of the OID Connector.
Also, a side issue: how can we delete unwanted organizations from OIM? There's a delete option but it just seems to mark the organizations as deleted but they are still there.
Thanks
Eric
Edited by: PeachEye on 17/03/2010 11:49

Hi,
I am also facing the similar issue. I want to reconcile OID groups into OIM User Groups menu item. Please suggest how to proceed.
I ran the schedule task- OID Group Recon Task, but it throws error-
ERROR,12 Mar 2010 09:16:44,265,[XL_INTG.OID],OID:tcTskOIDGrouporRoleReconTask:pe
rformReconciliation():com.thortech.xl.integration.OID.util.tcUtilLDAPOperations:
NamingException :Unable to search LDAP. Check the following values and try agai
n: Base Search detail: cn=abc,ou=Q System1,dc=xoserve-apps,dc=com, filter expres
sion is (&(objectClass=groupOfUniqueNames)(modifytimestamp>=19000101010001Z)), A
ttributes : DN, modifytimestamp, Organization Name, orclguid, cn,]
ERROR,12 Mar 2010 09:16:44,281,[XL_INTG.OID],===================================
I want to bring OID groups into OIM so that I can manager those OID groups from OIM. Is there any other way to so this? I have to make changes in the OID object class or in the OID field mappings? I have not done any changes in Lookup OID configuration or LookUp Field map parameters.
Please help.

OIM - OID Connector 9.0.4 - Incremental User Recon?

I can't see how incremental user recon is implemented in this connector. Can anyone tell me if incremental user recon is possible with this connector and if so how to configure it to perform incremental user recon? There is no documented or default scheduled task property that seems to enable / disable this. The IT Resource has a Last Recon TimeStamp that is updated on each recon, but ALL users are reconciled each time the task is run even though there are no changes to the objects. I have also looked at the "Object Initial Reconciliation Date" field in RO and setting this date to a date in the past doesn't seem to have any impact.
My OID install is 10.1.4.2 and my OIM install is 9.1.

Although the documentation does not make any mention of it AT ALL, you need to add modifytimestamp to the ldapTargetResourceTimeStampField in the recon lookup attribute map. The modifytimestamp attribute in OID then needs to be indexed so that it can be used in the LDAP search the connector makes.

OIM: OID Connector Issue

Hey all,
I downloaded and installed the new 11g version of the OID 11.1.1.5 connector without the connector server on OIM 11g BPO5. While trying to run the group lookup reconciliation scheduled task, it fails with below error:
<Oct 30, 2012 8:51:01 PM PDT> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.RECON.LOOKUPRECONTASK> <BEA-000000> <oracle.iam.connectors.icfcommon.recon.LookupReconTask : execute : Error during execution
org.identityconnectors.framework.common.exceptions.ConnectorException: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; Remaining name: *'dc=mycompanydc=statedc=*type'
at org.identityconnectors.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:71)
at org.identityconnectors.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:59)
at org.identityconnectors.ldap.search.LdapSearch.execute(LdapSearch.java:131)
at org.identityconnectors.ldap.LdapConnector.executeQuery(LdapConnector.java:115)
at org.identityconnectors.ldap.LdapConnector.executeQuery(LdapConnector.java:59)
at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:105)
at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:93)
at $Proxy336.search(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:107)
at $Proxy336.search(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:162)
Caused By: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; Remaining name: *'dc=mycompanydc=statedc=*type'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3092)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:245)
at org.identityconnectors.ldap.search.DefaultSearchStrategy.doSearch(DefaultSearchStrategy.java:60)
at org.identityconnectors.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:66)
at org.identityconnectors.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:59)
at org.identityconnectors.ldap.search.LdapSearch.execute(LdapSearch.java:131)
at org.identityconnectors.ldap.LdapConnector.executeQuery(LdapConnector.java:115)
at org.identityconnectors.ldap.LdapConnector.executeQuery(LdapConnector.java:59)
at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:105)
at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:93)
at $Proxy336.search(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:107)
at $Proxy336.search(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:162)
>
<Oct 30, 2012 8:51:01 PM PDT> <Warning> <oracle.iam.scheduler.vo> <IAM-1020035> <Error in exception object for job {0}
java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1173)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1527)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1492)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1409)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1167)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1527)
at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:428)
at java.lang.Throwable.writeObject(Throwable.java:293)
at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1001)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1478)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1409)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1167)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1527)
at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:428)
at java.lang.Throwable.writeObject(Throwable.java:293)
at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1001)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1478)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1409)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1167)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:336)
at oracle.iam.scheduler.vo.TaskSupport.populateJobHIstory(TaskSupport.java:321)
at oracle.iam.scheduler.vo.TaskSupport.logJobExecution(TaskSupport.java:206)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:153)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Another thing is, the logs is not showing the basecontext properly i.e., *'dc=mycompanydc=statedc=*type' instead of *'dc=mycompany,dc=state,dc=*type'. The ',' seems to be missing in the logs.
Please help.
Regards,
Sunny

Whats is the value in SearchContext attribute value in scheduled task.
It should be dc=mycompany,dc=state,dc=type
And it should be present in your OID.

Queuing/Retrying 'Rejected' status OID Process Tasks: OIM-OID provisioning

Hello Gurus,
I have already up and running environment with OIM, OID connector pack and OID as the target system. So when a user data (for e.g. a UDF) is being provisioned from OIM to OID target system; if a process task comes back with 'rejected' status due to target unavailability/OID down; then is there any settings that we can configure within OIM design console that queues up and retries these 'rejected' tasks related to each individual user?
Is there any setting within any of the OID lookups such that we can set a retry count for such process tasks?
The goal is without human intervention all these 'rejected' process tasks should run successfully and be set to 'completed' status. If the target system is unavailable then there should be a way to run all these failed tasks - is my assumption.
Is it by anyway related to 'Offline Provisioning'?
Please provide some guidelines.
Thanks,
- oidm.
Edited by: oidm on Mar 16, 2010 10:34 PM

But it'll only allow us to 'retry' those specific tasks for a limited number of times and limited period of time. And will this task be retried only if its 'rejected' or it'll be retried for whatever number of times we specified?
What if the target system doesn't come up for the whole day? Can we specify some value for the same in 'Duration' fields?
So all in all if we talk about retrying the failed/rejected tasks we just have these options in hand as far as task 'status' is concerned?
Thanks,
- oidm.

OIM - OID11g Connector Logging

Hi All,
I have updated the logging.xml as below to enable the logging for OIM -OID Connector 11.1.1.5.0 but I can't see anything in the file (File is created but it has no logs):
<log_handler name='oid-handler' level='TRACE:32' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
<property name='logreader:' value='off'/>
<property name='path' value='/u01/oracle/iam_middleware/user_projects/domains/IAMdomain/oidconnector.log'/>
<property name='format' value='ODL-Text'/>
<property name='useThreadName' value='true'/>
<property name='locale' value='en'/>
<property name='maxFileSize' value='5242880'/>
<property name='maxLogSize' value='52428800'/>
<property name='encoding' value='UTF-8'/>
</log_handler>
<logger name="OIMCP.OID" level="TRACE:32" useParentHandlers="false">
<handler name="oid-handler"/>
<handler name="console-handler"/>
</logger>
Please help.
Thanks
Sunny

Firstly I would normally manage OIM 11g logging through Oracle Enterprise Manager rather than directly in a logging.xml file, with log information appearing in the OIM server diagnostic log rather than a dedicated log file as you have done. That is not to say what you are doing is wrong (I cannot comment as I have never managed OIM 11g logging in this way.)
The other thing that may be wrong is the logger you are using. You have logger OIMCP.OID. For my OIM11g OID connector logging I am using the standard logger of XL_INTG.OID.

OIM 11g R1: LDAPsync or OID Connector or both?

Hello,
at the moment we have ldapsync configured for user/roles provisioning/recon to OID.
We have the requirement to manage two OIDs (test and prod) with one OIM systems. Both OIDs have the same users and roles! LDAPsync is a 1:1 mapping and not possible to manage two destinations.
Now we are thinking about a OID connectors.
Here my questions:
1. Is it possible to use ldapsync and OID connector together? Does make this sense?
2. If using OID connector for role assignment and provisioning, is it possible to use the same role name for an application in both systems (e.g. role: xyz in prod and role: xyz in test?)
3. We have OAM-OID-OIM integration. Here is ldapsync required, isnt it?
4. Can i use OID connector alone without ldapsync. How does the user lifecycel (provisioning, reconicilation of user password) works?
Many thanks in advance!

any ideas?

OIM 11g OID connector install error

Hi,
I'm trying to install the OID connector (OID_904140.zip) for OIM 11g (11.1.1.5), but it fails and I get this error message on my screen:
"A system error occurred.
Contact the Oracle Identity Manager System Administrator."
I have unzipped the OID_904140.zip into /home/oracle/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/
..and the ldap.jar and ldapbp.jar to the subfolder targetsystems-lib/OID_904140/
I can load it, but when I press install something fails. The log tells me this:
[2012-06-08T05:37:24.153-07:00] [oim_server1] [NOTIFICATION] [IAM-5010000] [oracle.iam.reconciliation.impl.config] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 88d26e01c38a3469:747267b6:137cc114f1d:-8000-0000000000000123,0] [APP: oim#11.1.1.3.0] Generic Information: Unable to delete, as profile does not exist : /db/OID User moving forward ...
[2012-06-08T05:37:24.157-07:00] [oim_server1] [NOTIFICATION] [IAM-5012124] [oracle.iam.reconciliation.impl.config] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 88d26e01c38a3469:747267b6:137cc114f1d:-8000-0000000000000123,0] [APP: oim#11.1.1.3.0] Failed to load profile from MDS /db/OID User. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/OID User".
[2012-06-08T05:37:24.157-07:00] [oim_server1] [NOTIFICATION] [IAM-5012124] [oracle.iam.reconciliation.impl.config] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 88d26e01c38a3469:747267b6:137cc114f1d:-8000-0000000000000123,0] [APP: oim#11.1.1.3.0] Failed to load profile from MDS /db/OID User_backup. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/OID User_backup".
[2012-06-08T05:37:24.165-07:00] [oim_server1] [NOTIFICATION] [IAM-5012122] [oracle.iam.reconciliation.impl.config] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 88d26e01c38a3469:747267b6:137cc114f1d:-8000-0000000000000123,0] [APP: oim#11.1.1.3.0] Reading configurations from the database for object name OID User
[2012-06-08T05:37:24.212-07:00] [oim_server1] [NOTIFICATION] [IAM-5010000] [oracle.iam.reconciliation.impl.config] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 88d26e01c38a3469:747267b6:137cc114f1d:-8000-0000000000000123,0] [APP: oim#11.1.1.3.0] Generic Information: tos not null
[2012-06-08T05:37:24.326-07:00] [oim_server1] [ERROR] [] [XELLERATE.WEBAPP] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 88d26e01c38a3469:747267b6:137cc114f1d:-8000-0000000000000123,0] [APP: oim#11.1.1.3.0] Class/Method: tcActionBase/execute encounter some problems: EJB Exception: ; nested exception is: [[
java.lang.NoSuchMethodError: org/eclipse/persistence/queries/SQLCall.setParameters(Ljava/util/Vector;)V; nested exception is: java.rmi.RemoteException: EJB Exception: ; nested exception is:
java.lang.NoSuchMethodError: org/eclipse/persistence/queries/SQLCall.setParameters(Ljava/util/Vector;)V javax.ejb.EJBException: EJB Exception: ; nested exception is:
java.lang.NoSuchMethodError: org/eclipse/persistence/queries/SQLCall.setParameters(Ljava/util/Vector;)V; nested exception is: java.rmi.RemoteException: EJB Exception: ; nested exception is:
java.lang.NoSuchMethodError: org/eclipse/persistence/queries/SQLCall.setParameters(Ljava/util/Vector;)V
java.rmi.RemoteException: EJB Exception: ; nested exception is:
java.lang.NoSuchMethodError: org/eclipse/persistence/queries/SQLCall.setParameters(Ljava/util/Vector;)V
at weblogic.ejb.container.internal.EJBRuntimeUtils.throwRemoteException(EJBRuntimeUtils.java:108)
at weblogic.ejb.container.internal.BaseRemoteObject.handleSystemException(BaseRemoteObject.java:857)
at weblogic.ejb.container.internal.BaseRemoteObject.handleSystemException(BaseRemoteObject.java:809)
at weblogic.ejb.container.internal.BaseRemoteObject.postInvoke1(BaseRemoteObject.java:518)
This looks interesting to me, but I can't really make sense of it:
Failed to load profile from MDS /db/OID User_backup. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/OID User_backup".
Any ideas, what has gone wrong?
Thanks and regards,
Henrik
Edited by: user1154522 on Jun 8, 2012 6:50 AM

Hi Henrik,
Trying to help:
1-Go and take a look into CIH table into OIM Schema.
1.2-If OID is there, chech: CIH_STATUS column.
1.3-If it's recorded into this table. Try to follow OIM Connector Unistall guide and do it again.
Link: http://docs.oracle.com/cd/E28271_01/doc.1111/e14308/conn_mgmt.htm#CIHBDFEB
section: 6.9.3 Setting Up the Uninstall Connector Utility
I hope this helps,
Thiago Leoncio.

How to install OID connector using OIM API in 11g?

Hi All,
We are using OID connector in OIM 11g environment. It is a simple process to install OID connector by unzipping the connector zip file to ConnectorDefaultDirectory and goto Admin console and load the connector.
However, we are looking for API methods to simulate "load the connector " step in GUI.
Please help.
Thanks
Mahendra.

Hey Mahendra,
I am not aware of this API to do the 'Deployment Manager' load task. But III try to help you using another way:
1-You can use ICF API to do this task(creating it specifically to OID). Using ICF: http://www.groenenberg.nu/Oracle_Doc/AS_11.1.1.5/doc.1111/e14309/icf.htm#BABFDJHJ
2- And following this example that my buddy did for Open DS: http://itnaf.org/2011/12/30/developing-icf-connectors/
Another helpful doc: http://docs.oracle.com/cd/E14571_01/doc.1111/e14309.pdf
I hope this helps,
Thiago Leoncio.

OIM-OID 11g provisioning connector

Hi all,
we are performing OIM-OID (both 11.1.1.5) user provisioning, please can anybody let me know which version of connector we have to use and provide us the steps to perform the installation of the connector.
We used 9.0.4.12 connector for OIM 9i. If we have to use different version of connector for 11g other than this please provide the link and version detail of the connector.
Thank you.

Hi,
Where you able to achieve this?? i have similar requirment where, i have added 5 custom attributes in both OIM and OID, when i create the users these attributes doesnot get updated on OID....should i add these UDF in any objectclass which OIM understands??please suggest
Thanks in advance

OIM: New OID Connector Problem

Hey all,
I downloaded and installed the new 11g version of the OID connector without the connector server. While trying to run the group lookup reconciliation scheduled task, it fails.
The following occurs in the .out file.
Thread Id: 109 Time: 2012-08-14 13:24:42.339 Class: org.identityconnectors.framework.api.operations.SearchApiOp Method: search Level: OK Message: Exception:
org.identityconnectors.framework.common.exceptions.ConnectorException: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'dc=company'
My base DN is dc=company,dc=com

I have typed it in by hand, both with and without quotes. When I use quotes I get the following error:
org.identityconnectors.framework.common.exceptions.ConnectorException: javax.naming.InvalidNameException: "dc=company: no close quote
.. and yes, the quote is closed. This was in my IT resource.

OIM-OID Provisioning - OID Group PrePopulate Approach :

Hi,
I am working on OID Connector 9.0.1.14 with OIM 11.1.1.5.
I have reconciled all the Roles and Groups from OID to OIM and can successfully provision users to the OID along with membership to these specific Roles and Groups.
I want to prepopulate the OID Group based on certain attribute from the OIM User form. My Approach so far is :
1) Created an Entity Adapter with a variable : say Org and GroupName.
2) Set the Logic as if Org = XYZ (+XYZ does exist on OIM+) set GroupName as = "OID Group 1" else set GroupName as = "OID Group 2"
3) Attached this adapter to the "OID User Group" form on the "Data Object Manager" at the pre-insert stage.
4) Mapped the Adapter variable as :
a) Org Maps to "Organization Definition" with the qualifier "Organization Name"
b) GroupName maps to the "Entity Field" with the qualifier "UD_OID_GRP_GROUP_NAME"
However nothing seems to happen when I create/modify a user with Orgization Name as XYZ and manually Provision the OID Resource. I can see the form but nothing is populated in the Group Field. Upon completing the request, I get the user provisioned to OID but without any Group information..
Is my approach right ? Am I missing something ?

Here is what I have done for a client. My requirement was for a given department, a user must have a list of groups provisioned to them. So here is what i've done:
1. Create a lookup that has Code Key = Department, Decode = CN of the groups in a delimited format.
2. Create a provisioning task that will look at the department code from the user form, reference the lookup and find the decode values. Split them based on a delimiter. Then using each value, lookup the code key value from the real lookup that contains the full distinguished name of the group in the OID Group lookup. I even appened the IT Resource Key and ~ so that my search would be Decode or Code = "IT Resource Name~CN=<CN VALUE>%". This would return only the single group code key value. And then i add it to the child table. Repeat this for all the values in the delimited field.
3. Create a provisioning task that removes the values from the child table based on the delimited value. You'll need to search through the existing child table values.
Once you have the 2 tasks, you'll want to add a value to the your Lookup.USR_PROCESS_TRIGGERS that is your group determining field. Create your task name in this lookup. On your provisioning workflow, for the Adding of the groups task, make this unconditional, and have a preceding task of the Create User. Give it the name from your Lookup.USR_PROCESS_TRIGGERS and append " - Add Groups" to the task name. Create another task called the same, but append " - Delete Groups" to the task name. On the Add Groups task, make the preceding task the Delete groups. When you map your inputs to the adapters, on the delete, select the old value check box from the User Form so that you get the old value. Now, when the value changes on the user form, it will first remove the old groups, then add the new ones. All this will be done using the child table APIs, so that the existing Insert and Delete task triggers for your child table will run.
-Kevin

AD and OID connector installation on Base version 11.1.1.5.0 failed.

Hi Experts,
I am trying to install AD and OID connectors on base oim 11.1.1.5.0
OID connector version: Release 9.0.4.12
AD connector version: Release 9.1.1.7
while installing these connectors in 3 steps
a. Configuration of connector libraries
b. Import of the connector XML files (by using the Deployment Manager)
c. Compilation of adapters
first step passed and it is failing at 2nd step and 3rd
Error:
DOBJ.XML_IMPORT_ERROR Missing root objectcom.thortech.xl.dataobj.tcUSR [DataObjectDef] (importable)
can anyone suggest me on this.
Thanks,

What's the error in the log files? full stacktrace?
-Bikash

OID connector maps User ID to uppercase

Hi community,
I'n configuring OID connector as trusted source reconciliation to OIM. In Lookup Definition => AttrName.Recon.Map.OID, I see the default mapping provided by OID connector is that User ID is mapped to cn.
However, when i run the reconciliation, all User ID values are converted to uppercase. Is there anyway that I can keep the original values of cn?
Thanks,
David

Re: OIM User Login UPPERCASE.

OIM OID CONNECTOR

Similar Messages

Maybe you are looking for