OIM- OID Ldap Sync

Hi Experts,
I had configured OIM - OID Ldap Synchronization. Create/Modify/Delete of users are working as expected.
During User Account creation, user type will be given as Role A or Role B in OIM. This user type is created as Group/Role in OID. Role A or Role B is a group in OID and adds the User DN under this group based on User Type from OIM.
Now the problem is, When i modify User-Type of the User in OIM from Role A to Role B, in OID the user account is not getting added into the changed Groups. And also it is not getting deleted from old group which is assigned earlier.
What are the changes that need to be performed for Group changes in OIM/OID. Please throw some pointers on this.
Thanks in Advance,
Sandeep.

Any suggestions experts?

Similar Messages

Problem OIM OID Ldap Sync Configuration in 11g.

Hi Team,
I am doing OIM and OID LDAP Sync configuration There It is failed in "Configuration Process" Step.
and also in weblogic OIM Maganaged server in ADMIN mode not in running mode.
please find the both logs.
*********************************Weblogic Logs**********************************************
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
<28-Sep-2012 14:07:44 o'clock BST> <Info> <Management> <BEA-141107> <Version: We
bLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
<28-Sep-2012 14:07:47 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STARTING>
<28-Sep-2012 14:07:47 o'clock BST> <Info> <WorkManager> <BEA-002900> <Initializi
ng self-tuning thread pool>
<28-Sep-2012 14:07:48 o'clock BST> <Notice> <Log Management> <BEA-170019> <The s
erver log file E:\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim
server1\logs\oimserver1.log is opened. All server side log events will be writ
ten to this file.>
28-Sep-2012 14:07:56 oracle.security.am.common.nap.util.NAPLogger log
SEVERE: Failed to communicate with any of configured Access Server, ensure that
it is up and running.
<28-Sep-2012 14:07:57 o'clock BST> <Notice> <Security> <BEA-090082> <Security in
itializing using security realm myrealm.>
<28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STANDBY>
<28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STARTING>
<28-Sep-2012 14:08:20 o'clock BST> <Warning> <oracle.jps.upgrade> <JPS-06003> <C
annot migrate credential folder/key ADF/anonymous#oimBpelCredKey.Reason oracle.s
ecurity.jps.service.credstore.CredentialAlreadyExistsException: JPS-01007: The c
redential with map ADF and key anonymous#oimBpelCredKey already exists..>
<28-Sep-2012 14:08:21 o'clock BST> <Warning> <oracle.adf.share.ADFContext> <BEA-
000000> <Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic initializati
on is performed improperly.
This message may be avoided by performing initADFContext before using getCurrent
To see the stack trace for thread that is initializing this, set the logging lev
el of oracle.adf.share.ADFContext to FINEST>
<28-Sep-2012 14:08:24 o'clock BST> <Error> <Deployer> <BEA-149205> <Failed to in
itialize the application 'oim [Version=11.1.1.3.0]' due to error oracle.iam.plat
form.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
pInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
un(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
rAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
Caused By: oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
pInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
un(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
rAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
>
<28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
ttribute was not found in element application in the deployment descriptor in E:
\Oracle\Middleware\Oracle_IDM1\server\apps\spml-xsd.ear/META-INF/application.xml
. A version attribute is required, but this version of the Weblogic Server will
assume that the JEE5 is used. Future versions of the Weblogic Server will reject
descriptors that do not specify the JEE version.>
<28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
ttribute was not found in element application in the deployment descriptor in E:
\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim_server1\tmp\_WL_
user\spml-xsd\s8d2b9/META-INF/application.xml. A version attribute is required,
but this version of the Weblogic Server will assume that the JEE5 is used. Futur
e versions of the Weblogic Server will reject descriptors that do not specify th
e JEE version.>
<28-Sep-2012 14:08:24 o'clock BST> <Emergency> <Deployer> <BEA-149259> <Server '
oim_server1' in cluster 'OIM_Cluster' is being brought up in administration stat
e due to failed deployments.>
Loading xalan.jar for XPathAPI.
14:08:30 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] -
----------------- NEXAWEB SERVER LICENSE ------------------
- Customer ID : 122
- License type : Enterprise
- Max unique IPs : unlimited
- Max XUL sessions : unlimited
- Max CPUs/server : unlimited
- Clustering allowed : true
- Expiration date : none
Nexaweb Technologies Inc.(C)2000-2004. All Rights Reserved.
Nexaweb Technologies Inc.
10 Canal Park
Cambridge, MA 02141
Tel: 617.577.8100. Email: [email protected]
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Clustering is OFF.
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Servlet Engine: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PD
T 2011 1398638 Oracle WebLogic Server Module Dependencies 10.3 Thu Mar 3 14:37:5
2 PST 2011 Oracle WebLogic Server on JRockit Virtual Edition Module Dependencies
10.3 Thu Feb 3 16:30:47 EST 2011
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Servlet API Version: 2.5
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Nexaweb Server Info = Nexaweb Server 3.3.1072
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Nexaweb Server initialized successfully.
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Log Management> <BEA-170027> <The S
erver has established connection with the Domain level Diagnostic Service succes
sfully.>
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000197> <Listening fo
r announcements from cluster using unicast cluster messaging>
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000133> <Waiting to s
ynchronize with other running members of OIM_Cluster.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[2]" is now listening on 127.0.0.1:14000 for protocols iiop, t3, CLUSTER-BROA
DCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[3]" is now listening on 0:0:0:0:0:0:0:1:14000 for protocols iiop, t3, CLUSTE
R-BROADCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[1]" is now listening on fe80:0:0:0:0:5efe:a2f:f22a:14000 for protocols iiop,
t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Warning> <Server> <BEA-002611> <Hostname "UK
SHWTOAP03A.skandia.co.uk", maps to multiple IP addresses: 10.47.242.42, 0:0:0:0:
0:0:0:1>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult" is now listening on 10.47.242.42:14000 for protocols iiop, t3, CLUSTER-BROA
DCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000330> <Start
ed WebLogic Managed Server "oim_server1" for domain "IAM_domain" running in Prod
uction Mode>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to ADMIN>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000360> <Serve
r started in ADMIN mode>
**********************************OIM OID Ldap Sync Configuration Logs****************************
[2012-09-28T14:49:11.171+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Updating Ldap Sync Configuration
[2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] ENTRY
[2012-09-28T14:49:11.171+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] Create the Database connection
[2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: createDBConnection] ENTRY
[2012-09-28T14:49:11.296+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] isLIBOVD:true
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] ENTRY
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] RETURN
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
[2012-09-28T14:49:11.312+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
Updated LDAP Server Details in mds schema
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
[2012-09-28T14:49:11.812+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [OIM_CONFIG] Updated LDAPContainerRules.xml.
[2012-09-28T14:49:11.812+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: mdsMetadata] [SRC_METHOD: loadEventhandler] RETURN
[2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Created jobs using seedSchedulerData. Log location C:\Program Files\Oracle\Inventory\logs
[2012-09-28T14:49:14.687+01:00] [as] [ERROR] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] File not found[[
java.io.FileNotFoundException: File not found
     at java.util.zip.ZipFile.open(Native Method)
     at java.util.zip.ZipFile.<init>(ZipFile.java:117)
     at java.util.jar.JarFile.<init>(JarFile.java:135)
     at java.util.jar.JarFile.<init>(JarFile.java:72)
     at oracle.as.install.oim.config.util.RoleSODJarUtil.updateFile(RoleSODJarUtil.java:32)
     at oracle.as.install.oim.config.OIMConfigManager.configureOIM(OIMConfigManager.java:783)
     at oracle.as.install.oim.config.OIMConfigManager.doExecute(OIMConfigManager.java:538)
     at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:335)
     at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:87)
     at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:104)
     at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
     at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:63)
     at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:158)
     at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
     at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:83)
     at java.lang.Thread.run(Thread.java:662)
[2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Failed configuration step Configure OIM Server
[2012-09-28T14:49:14.702+01:00] [as] [ERROR] [] [oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] One or More configurations failed. Exiting
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:CONFIG
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INTERVIEW
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INSTALL
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:COPY
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:LINK
[2012-09-28T14:49:14.765+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
[2012-09-28T15:11:21.461+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
[2012-09-28T15:11:27.914+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
Regards,
Ravi.

Your log files too give some hint... Please verify whether following files like .xldatabasekey are present in your environment:-
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
I doubt whether OIM is properly installed in your environment otherwise .xldatabasekey would have been present in <DOMAIN_HOME>/config/fmwconfig..
Also, as far as Weblogic starting in ADMIN mode is concerned, you may try to do the following...
ps -eaf| grep AdminServer
Kill the process
Then remove the lok file. i.e. Lock files...
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/oim_server1/tmp/*oim_server1.lok*
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/soa_server1/tmp/*soa_server1.lok*
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/AdminServer/tmp/*AdminServer.lok*
After that
Take the backup of /home/oracle/Oracle/Middleware/user_projects/domains/<DOMAIN_HOME>/servers/AdminServer/data/ldap/ldapfiles (I mean CUT this folder and save it in Backup folder..
Share the result with us....

OIM 11g LDAP sync from different LDAP containers

Hi,
I have been setting up OIM 11g R2 (11.1.2) to use LDAP Sync to OID.
As of now the sync works (both ways) for this container:
cn=users,cn=oracleAccounts,dc=mycompany,dc=com (configured while doing the OIM config)
Would it be possible to sync users in other containers as well? For example:
cn=users,cn=otherAccounts,dc=mycompany,dc=com
cn=users,cn=moreAccounts,dc=Otherstuff,dc=com
By editing the file LDAPContainerRules.xml I can setup where the users are created when I create them through IDM.
But that will not make the sync work for those containers.
Any ideas where I should start to accomplish the above?
Thanks & Regards,
Henrik

Okay, I think I have found an answer to how to sync users from different OU:s in my OID to different OIM organizations.
Hopefully this will help others.
We can use a PostProcess Event handler like this:
1. Implement the method --> public BulkEventResult execute()
This is used during recon actions.
2. Get the user hashmap with attributes and set the "act_key" value with the OIM organizations ID.
You also needs to build the logic to fetch the users "LDAP DN", which is also fetched from the map.
From that attribute we can decide which Organization to put the user in.
This is the best solution we have found yet..
Docs & tips:
http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#CCHFBGAA
http://fusionsecurity.blogspot.se/2011/09/oim-11g-event-handler-example.html (thank you Daniel Gralewski)
Regards,
Henrik

OIM 11g LDAP Sync Features

Folks,
I`ve been researching the LDAP sync option in OIM 11g and I have some questions.
1. Is it true that once enabled, the user does not exist in OIM DB but only in LDAP?
2. Can we define rules such that only a certain set of users are in LDAP and some are only in OIM?
3. Can we define rules for Roles that only certain roles in OIM exist in LDAP but not all? I`d like to keep the business roles only in OIM.
4. I currently have 3 connectors for AD, eDir and OID with OIM 10g and I am researching the option to remove these connectors and use the LDAP sync with OVD. Can this be achieved? What would be the challenges if I were to replace the connectors with LDAP sync?
Regards,
AZ

Well for the connectors in 10g I plan to export them and then import in 11g. The versions are certified.
For LDAP sync with multiple directories, I've heard of using OVD. So the Directory Server IT Resource would point to OVD and multiple containers in OVD would be mapped to each of the individual directories. OVD adapters would define connection to these directories.
I have to see if this is feasible keeping in mind the workflows that have been customized in 10g, I don't think every workflow customization can be done in LDAP sync as well. Plus we would lose track of which attributes are provisioned to which LDAP. This is a user-ldap entry mapping, there would be no accounts in resource profile.

OIM and ldap sync

I am using OIM 11gR2 and OID 11.1.1.6. Users and groups will be in OID, and OIM is
required to do the provisioning of users. Plan is to use ldap sync between oid and oim.
With ldap sync, all users will be available in OIM. And then in OIM can one do the
provisioning of users. Is this approach ok? Or should we have OID connector? Or both?

You can use LDAP Sync between OIM and OID. You dont need OID connector in this case.
More here...
Why would you use the LDAP Sync instead of the OID Connector?
http://fusionsecurity.blogspot.com/2012/01/oim-11g-ldap-synchronization.html

Help required in OIM-OID LDap Synch and GTC flat file connector

Hi Experts,
I am using OIM 11.1.1.5 with OID LDap Synch enabled. I have OIM protected with OAM 11.1.1.5.0 and almost all normal things are working.
Once I am doing TRUSTED FLAT FILE GTC recon to OIM, the users are getting created in OIM without any password and due to that my users are not getting created in OID(Ldap Synch is enabled);
The following exception is getting thrown:
<Nov 13, 2011 9:48:21 AM CET> <Warning> <XELLERATE.GC.PROVIDER.RECONCILIATIONTRANSPORT> <BEA-000000> <FILE SUCCESSFULLY ARCHIVED : /home/oracle/OAM_ProtoTyping/TestCSV/Scheduled.csv>
<Nov 13, 2011 9:48:21 AM CET> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
<Nov 13, 2011 9:48:22 AM CET> <Error> <oracle.iam.ldapsync.impl.eventhandlers.user> <IAM-3010021> <An error occurred while creating the user in LDAP.
oracle.iam.platform.entitymgr.MissingRequiredAttributeException: [usr_password]
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.checkRequired(EntityManagerImpl.java:1450)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:263)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPPostProcessHandler.createUser(UserCreateLDAPPostProcessHandler.java:261)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPHandler.execute(UserCreateLDAPHandler.java:123)
at oracle.iam.platform.kernel.impl.OrchProcessData.runPostProcessEvents(OrchProcessData.java:1166)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:710)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:675)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:705)
at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
at sun.reflect.GeneratedMethodAccessor1821.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy335.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:380)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3822)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
Has any body faced similar kind of issue.
I tried to use post process event handler on create but while updating password its saying the user state is not in synch with OID.
So I am unable to use post process event handlers as well.
Regards,
J

Thanks Sunny,
But the post process event handler with reset/update password is not working on CREATE;
the following error message is being thrown:
oracle.iam.platform.kernel.EventFailedException: Password reset failed because user JSMITH151 is not synchronized to the LDAP directory.
at oracle.iam.ldapsync.impl.eventhandlers.user.util.LDAPUserHandlerUtil.resetPassword(LDAPUserHandlerUtil.java:203)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserResetPasswordLDAPHandler.execute(UserResetPasswordLDAPHandler.java:167)
at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:898)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:634)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:665)
In 11.1.1.3 OIM, I found the password was available for mapping in GTC connector, but in OIM 11.1.1.5, oracle has removed the password mapping attribute.
Can you please suggest?
I checked with Oracle Support, They are saying in OIM 11.1.1.5 they have introduced a new post process event handler which should generate the password on every trusted reconcilication event.
But in my environment its not behaving like that.
Regards,
J

OIM 11g - ldap sync - Post Process event handler 'CREATE' faillling

Hi Gurus,
We have ldap sync set up between OIM 11.1.1.5 and ODSEE 11g,
Post process event handler on user creation with is setting a attribute with random 16 digit character, This event handler is getting triggered and setting the attribute in OIM but in logs i can see "Modification failed because user 45118 is not synchronized to the LDAP directory." error and it is not updated in ODSEE.
This behaviour is only for trusted recon not for the User created through UI.
Not sure what exactly is happening..
Is it expected behavior??
Gurus help me out on this.

IF it fail because event handler unable to produce random number then verify below
is eventhandler code being executed in trusted recon verify in log.
There are two method execute and bulk execute in eventhandler. execute is being called from UI and bulk execute is being called for trusted recon.
either put code in bulk execute or update batch recon size something like that system property to 1. so, it will function as UI. Default value of batch is 500
--nayan

OIM 11gR1 LDAP Sync

Hi,
Is password sync'd to OID when LDAP Sync is configured? If no, I am using OID 11.1.1.6 how can migrate the password with out having to install Connector Server?
Thanks.

Yes, the passwords are also sync'ed in LDAP Sync.
-Mahendra.

OVD/OID group reconciliation in OIM 11g with LDAP sync

Hi All!
Is it possible to reconcile OID groups to OIM using LDAP sync? How to achieve such configuration?
I have OIM with LDAP sync and user and roles provisining to OVD is working.
best
mp

Hi,
I want to Integrate OIM and OID. Can you guide me in doing so?. The platform I will use is Windows 2003 Server, OIM version is 9.1. Also please tell me which version of OID i should use.
Note: I am new to OID and OIM.
Thanks in advance.
Regards,
Kazmi

LDAP SYNC without OID

Has anyone configured OIM 11g LDAP sync feature with directory other than OID ,say AD.
As far as i know Ldap sync is only certified and supported to work with OID as Directory.
Let me know if any one has pointers to wrong me.
Akshat

Yes, with *11.1.1.5* I reckon you can do it with AD as well but the only pre-requisite is that OVD should be sitting in front of the AD. The configuration steps would automatically create the adapters for OVD-AD integration which was not there in 11.1.1.3. Have a look at the documentation and you will find the links.
Thanks
SRS

OIM-OAM integration and LDAP Sync

Hello All, I have deployed OIM 11g R2 and OAM/OVD 11.1.1.5. Now I need to enable LDAP sync for OIM-OAM integration and I'm not allowed to extend Oracle schema in AD. So I decided to use OUD for FMW schema and I have completed all those steps and OUD is up and running. Since my enterprise directory is AD and OUD is my FMW directory, I need to think of a split profile setting in OVD. I'm following this link http://fusionapplications-ateam.blogspot.com/2012/04/split-profiles-with-ad-and-oid-for.html for this deployment. I have OVD adapters configured for AD, OUD, Join view and changelog. The link does not clearly explain the steps in OIM for LDAP Sync.
When I configure LDAP Sync in OIM, should I point the sync to the OUD users container?
When and how this cn=shadowentries container will be used? I understand that the password (obattributes) are used for password management by OAM, but wondering where will that get stored in OUD?
Please let me know your thoughts.
Thanks.

Hi,
when I use url:
http://idm1:14000/admin/faces/pages/Admin.jspx
I get Access Manager login page, I can click links: register new user, reset password and I get correct OIM pages. But when I type xelsysadm and password I get error on the next page:
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
I can't logon to EM, OAMconsole, Weblogic etc. when the OAM is running. In OIM log I got errors from oam-agent: "User is not authorized to access resource, MinorCode: DENY, MajorCode: DENY".
I have got user xelsysadm in OIM and in LDAP, when the OAM is not running I can login to OIM, create users in OIM (they appear in OID) etc. The user xelsysadm is added to group: OAMAdministrators. Also when I try to logon to OAM console (http://idm1:7001/oamconsole) using orcladmin name I get error: Access to administration console is restricted. But when I use weblogic username (the user is in OAMAdministrators group in OID) i can get OAMconsole.
How can I change logon type in OIM?
best
mp
Edited by: J23 on 2011-01-10 00:47

How to authenticate OIM from AD using LDAP sync

Hi Team,
We do not want to use password synchronization connector for AD password sync to OIM
After reading few article' I found two probable ways for it:
1. Authenticate OIM via AD using libOVD with OIM and LDAP sync enable
2. Authenticate OIM via AD using libOVD, OID and LDAP sync enable.
Please suggest whether theses approcahes are practicaly possible or not.
If yes then please shae related architecture docs.
Thanks,
Gaurav

Here is the one of the doc:
Configuring LDAP Authentication When LDAP Synchronization is Enabled

Missing /metadata/iam-features-ldap-sync in v11.1.1.6 OIM/OID sync

Hi All
Have picked up support of a site with Oracle Identity Management Suite already installed and need to create custom Schema attributes for users.
Have modified the create user form no problem in OIM, and also created a custom class with the required attributes in OID.
The bit I am stuck on is associating the custom class / attributes in OIM with the relevant fields in OID.
Am looking at the
Oracle® Fusion Middleware
Integration Guide for Oracle Identity Management Suite
11g Release 2 (11.1.2)
E27123-03
documentation which seems to make sense and have got as far as page 3-5 Step 2 where it says to
Export the /metadata/iam-features-ldap-sync/LDAPUser.xml metadata file from the repository
Issue I've got is that while i can identify the /metadata folder on the server, the only folder it contains are db and ldapReconJobs
Anyone got any idea where things might have gone wrong / how to rectify?
Am hoping that it may be something obvious to others as am new to this product-set.
thanks in advance
Dave

thanks idamgod
Your answer makes sense as to why the folder isnt there, but i have a bit of a problem in that there are no xServer components installed on the server so running the GUI orientated confg.sh isn't an easy option.
(apparently not an option to install)
is there any other (non gui orientated) way of achieving the same result?

OIM - OID (11g) auto-provision thru ldap sync

Hi,
I have configured ldap sync. I have following questions
1. We have created custom attributes in OID and referred to custom object class. Now when I try to create user in OIM, user is auto-provisioned to OID. But the custom attributes in OIM are not getting provisioned to OID (unable to see the custom attributes in user object of OID, unless we refer manually the custom object class). Can any one let me know how to auto-provision the custom attribtues into OID?
2. When user is auto-provisioned to OID, it is not showing any resource profile details of OID in OIM? Is it the expected behavior? But create, udpate, delete are happening as expected.
Please let me know if any one know the solution.

Hi,
Where you able to achieve this?? i have similar requirment where, i have added 5 custom attributes in both OIM and OID, when i create the users these attributes doesnot get updated on OID....should i add these UDF in any objectclass which OIM understands??please suggest
Thanks in advance

Error in Ldap sync with OIM 11gr2 and OID

Hi,
I am trying to sync OIM 11g r2 with OID using Ldap sync option. While creating a user or role I am facing this error
IAM-2050243 : Orchestration process with id 930, failed with error message IAM-3010201 : LDAP create event failed : Error: NO_SUCH_OBJECT null.
Help required,
Thanks

Any suggestions...

OIM- OID Ldap Sync

Similar Messages

Maybe you are looking for