OIM-OID Provisioning - OID Group PrePopulate Approach :

Hi,
I am working on OID Connector 9.0.1.14 with OIM 11.1.1.5.
I have reconciled all the Roles and Groups from OID to OIM and can successfully provision users to the OID along with membership to these specific Roles and Groups.
I want to prepopulate the OID Group based on certain attribute from the OIM User form. My Approach so far is :
1) Created an Entity Adapter with a variable : say Org and GroupName.
2) Set the Logic as if Org = XYZ (+XYZ does exist on OIM+) set GroupName as = "OID Group 1" else set GroupName as = "OID Group 2"
3) Attached this adapter to the "OID User Group" form on the "Data Object Manager" at the pre-insert stage.
4) Mapped the Adapter variable as :
a) Org Maps to "Organization Definition" with the qualifier "Organization Name"
b) GroupName maps to the "Entity Field" with the qualifier "UD_OID_GRP_GROUP_NAME"
However nothing seems to happen when I create/modify a user with Orgization Name as XYZ and manually Provision the OID Resource. I can see the form but nothing is populated in the Group Field. Upon completing the request, I get the user provisioned to OID but without any Group information..
Is my approach right ? Am I missing something ?

Here is what I have done for a client. My requirement was for a given department, a user must have a list of groups provisioned to them. So here is what i've done:
1. Create a lookup that has Code Key = Department, Decode = CN of the groups in a delimited format.
2. Create a provisioning task that will look at the department code from the user form, reference the lookup and find the decode values. Split them based on a delimiter. Then using each value, lookup the code key value from the real lookup that contains the full distinguished name of the group in the OID Group lookup. I even appened the IT Resource Key and ~ so that my search would be Decode or Code = "IT Resource Name~CN=<CN VALUE>%". This would return only the single group code key value. And then i add it to the child table. Repeat this for all the values in the delimited field.
3. Create a provisioning task that removes the values from the child table based on the delimited value. You'll need to search through the existing child table values.
Once you have the 2 tasks, you'll want to add a value to the your Lookup.USR_PROCESS_TRIGGERS that is your group determining field. Create your task name in this lookup. On your provisioning workflow, for the Adding of the groups task, make this unconditional, and have a preceding task of the Create User. Give it the name from your Lookup.USR_PROCESS_TRIGGERS and append " - Add Groups" to the task name. Create another task called the same, but append " - Delete Groups" to the task name. On the Add Groups task, make the preceding task the Delete groups. When you map your inputs to the adapters, on the delete, select the old value check box from the User Form so that you get the old value. Now, when the value changes on the user form, it will first remove the old groups, then add the new ones. All this will be done using the child table APIs, so that the existing Insert and Delete task triggers for your child table will run.
-Kevin

Similar Messages

  • OIM 10G OID user account / group membership reconciliation

    Hello
    I have an OID environment that is used for OAM access to applications within the environment. I need to be able to reconcile users from OID into OIM along with their group membership so that roles for users are maintained and updated. I have ORM integrated within the environment so entitlements would need to flow to orm to document that users are members of a role / OIM group. Not sure if this is possible through the trusted reconciliation or if there is a user / group target reconciliation that can be used for this. Any help you can give for this would be appreciated.
    Thanks

    When i use ADCS timestamp as 0 (to capture changes from the beginning and not necessarily after the group change event occured on the AD side) and run AD user target recon this is getting updated. Is this correct and if so how can i always default ADCS timestamp as 0 in the scheduled task and are there any side effects for this sort of approach.
    Prasad.
    Edited by: Prasad on Nov 7, 2011 12:31 PM

  • OIM to OID provisioning

    I have a requirement where users need to be created into OIM bu running a one time Trusted Source Recon. Once the users are created on OIM we want to link the account on OID with the user account created on OIM. When we run a Target Recon for these users the OIM accounts are not getting linked to the OID account.
    Also when i create an user in OIM and try to provision the OID resource to him, he is getting Provisioned, whereas if i try to provision OID to a user created in OIM through Trusted Source Recon the status shows as Provisioning.
    Can anyone please help me out by letting me know what might be the difference between users created manually through OIM admin console and the ones created through Trusted Recon, since provisioning is not working for the second set of users.
    Thanks,
    Partha

    This indicates that your manual provisioning is working, but not target reconciliation.
    When you are running target reconciliation:
    Make sure that the scheduled job that you are running for target recon is given appropriate values in the parameters to be given.

  • OIM to OID Provisioning - Userid getting 'null' in OID

    OIM provisioned to OID. When Im creating a user in OIM and provisioning the OID resource, the userid is getting 'null' value in OID.
    Any reasons? How to fix this ?
    I have checked the design console and the ldapuserDNPrefix is mapped to uid.

    Hi,
    You have to had an another atrribute in order to make it work:
    Solution
    While creating a user account on Oracle Internet Directory through Oracle Identity Manager, the
    user ID that you specify is assigned to the cn field of Oracle Internet Directory.
    If required, you can customize the mapping so that the user ID is assigned to the uid field of
    Oracle Internet Directory.
    1.In the Design Console, open the AttrName.Prov.Map.OID lookup definition.
    2.Change the decode value of the ldapUserDNPrefix code key to uid.
    *3.Add the following item to AttrName.Prov.Map.OID lookup defintion*
    Code key "User ID", decode value "uid".
    Please note that Key is case sensitive.

  • OID provisioning via OIM

    OID provisioning from OIM
    i have deployed and configured OID connector but users not provisioned to OID. it gives INVALID_NAMING_ERROR. what could be the possible reason.

    please check and reply :
    View IT Resource Details and Parameters
    IT Resource Name OID IT Resource
    IT Resource Type OID Server
    Port 389
    Use XL Org Structure false
    Last Trusted Delete Recon TimeStamp
    CustomizedReconQuery
    SSL false
    Server Address 10.76.118.72
    Recon Attribute Lookup Code AttrName.Recon.Map.OID
    Root DN dc=ad,dc=infosys,dc=com
    Admin Id cn=orcladmin,cn=Users,dc=ad,dc=infosys,dc=com
    Last Target Recon TimeStamp
    Last Target Delete Recon TimeStamp
    Last Trusted Recon TimeStamp
    Admin Password *********
    Prov Attribute Lookup Code AttrName.Prov.Map.OID

  • OIM-OID Connector: OID Group Recon Task and organizations

    Hi,
    I'm evaluating OIM and its OID Connector.
    We have groups in our existing OID. We thought that we could use the OID Connector OID Group Recon Task to import those groups into OIM and make them Groups in OIM.
    However, when we run the task, it appears to import our groups from OID as organizations, not as groups. It's not clear to me from the OID Connector documentation what exactly the OID Group Recon task is supposed to do. That's why we assumed it was an OOTB method for reconciling OID groups into OIM groups.
    What are we doing wrong? Why do we end up with our OID Groups becoming OIM Organizations after running the task?
    We are using version 9.4.11 of the OID Connector.
    Also, a side issue: how can we delete unwanted organizations from OIM? There's a delete option but it just seems to mark the organizations as deleted but they are still there.
    Thanks
    Eric
    Edited by: PeachEye on 17/03/2010 11:49

    Hi,
    I am also facing the similar issue. I want to reconcile OID groups into OIM User Groups menu item. Please suggest how to proceed.
    I ran the schedule task- OID Group Recon Task, but it throws error-
    ERROR,12 Mar 2010 09:16:44,265,[XL_INTG.OID],OID:tcTskOIDGrouporRoleReconTask:pe
    rformReconciliation():com.thortech.xl.integration.OID.util.tcUtilLDAPOperations:
    NamingException :Unable to search LDAP. Check the following values and try agai
    n: Base Search detail: cn=abc,ou=Q System1,dc=xoserve-apps,dc=com, filter expres
    sion is (&(objectClass=groupOfUniqueNames)(modifytimestamp>=19000101010001Z)), A
    ttributes : DN, modifytimestamp, Organization Name, orclguid, cn,]
    ERROR,12 Mar 2010 09:16:44,281,[XL_INTG.OID],===================================
    I want to bring OID groups into OIM so that I can manager those OID groups from OIM. Is there any other way to so this? I have to make changes in the OID object class or in the OID field mappings? I have not done any changes in Lookup OID configuration or LookUp Field map parameters.
    Please help.

  • OIM - OID provisioning How to kill formatOrgDN ?

    Hello friends,
    few rows from OIM log :
    XL_INTG.OID OID:tcUtilLDAPOperations -> ~~~~~~~~~~Leaving getPath() with dc=company,dc=com~~~~~~~~~~
    XL_INTG.OID the initial pContainerDN is:cn=Users
    XL_INTG.OID tcUtilOIDUserOperations -> Entering formatOrgDN(s,s)
    XL_INTG.OID tcUtilOIDUserOperations -> with Parameters
    XL_INTG.OID tcUtilOIDUserOperations -> [pOrgDNcn=Users
    XL_INTG.OID tcUtilOIDUserOperations -> pRootDNdc=company,dc=com]
    XL_INTG.OID OID:tcUtilLDAPOperations -> ~~~~~~~~~~Entering getPath() with ou=users~~~~~~~~~~
    XL_INTG.OID OID:tcUtilLDAPOperations -> ~~~~~~~~~~Leaving getPath() with ou=Users,dc=company,dc=com~~~~~~~~~~
    so formatOrgDN changes orgDN from cn=Users to ou=Users.
    Maybe someone can help me, where can i disable this formatting ?
    OIM 9.1.0.0
    OID connector : 9.0.4.1
    Thanx!

    Check IT Resource configuration put root dn for your identities, then searh in AttrName.Prov.Map.OID lookup change ldapOrgDNPrefix with your entry name and
    ldapOrgUnitObjectClass for your organization ldap class

  • OIM provsioning to OID

    Hi,
    I am trying provision to OID, I am able to provision and but my problem is..there is one folder with name abcd and i want to provision user from OIM to OID to the abcd folder only.
    Early response is appreciated

    Hi,
    we have create group with name portal users in OID under cn=groups , we are able to reconcile that groups into OIM and wn we create a user in OIM by adding the user to portal users group in OIM and tried provisioning, but we are getting some error like:
    response:Invalid Naming Error
    Response Description:Naming exception encountered
    we are able to provison to cn=users with out any problem...but getting exception while we try to provision the user to a particular group....
    early response is appreciated......

  • OIM - Provisioning in Groups

    Hi,
    How can we provision from OIM to OID in "cn=Groups" node.
    "cn=Groups" is using out of the box "GorupOfUniqueNames" class.
    Please suggest.
    Thanks.
    Edited by: ASA on 28/07/2010 20:47

    The ObjectClass should be configured in this lookup Lookup.Configuration.ActiveDirectory
    Check below
    http://docs.oracle.com/cd/E22999_01/doc.111/e20347/extnd_func.htm#sthref221
    4.6 Configuring the Connector for User-Defined Object Classes

  • Collection assign issue in OID provisioning environment

    Hy Tom,
    I am interested in LDAP with OID PROVISIONING in portal 10g application.
    we create a register procedure.
    however. i got an error message as ORA-06502: PL/SQL: numeric or value error: NULL index table key value.
    After debuging, we found that issue result assign null value .
    when we assign as
    user_vals(counter2) := entry.attr(counter1).attrval(counter2);
    It seems that that we can not assign entry.attr(counter1).attrval(counter2) to other var two time in procedure.
    It is server configuration issue or code issue.
    Thanks
    Newweber
    *********************** Code
    PROCEDURE pre_add (     ldapplugincontext IN ODS.plugincontext,
                   dn IN VARCHAR2,
                   entry IN ODS.entryobj,
                   rc OUT INTEGER,
                   errormsg OUT VARCHAR2
    IS
    ret                INTEGER;
    l_portal_user      wwsec_person.USER_NAME%type;
    l_first_name      wwsec_person.FIRST_NAME%type;
    l_last_name      wwsec_person.LAST_NAME%type;
    l_email      wwsec_person.EMAIL%type;
    l_work_phone      wwsec_person.WORK_PHONE%type;
    l_mobile      wwsec_person.MOBILE_PHONE%type;
    counter1           pls_integer;
    counter2           pls_integer;
    retval                pls_integer := -1;
    s                integer;
    user_session           DBMS_LDAP.session;
    user_dn           varchar(256);
    user_array           DBMS_LDAP.mod_array;
    user_vals           DBMS_LDAP.string_collection;
    user_binvals           DBMS_LDAP.blob_collection;
    indx                number := 1;
    BEGIN
    l_portal_user      :=null;
    l_first_name      :=null;
    l_last_name      :=null;
    l_email      :=null;
    l_work_phone      :=null;
    l_mobile      :=null;
    l_description      :=null;
    rc := 0;
    errormsg :=null;
    -- Create a mod_array
    user_array := dbms_ldap.create_mod_array(entry.binattr.count + entry.attr.count);
    -- Create a user_dn
    user_dn := substr(dn,1,instr(dn,',',1,1))||'cn=users,dc=e-hms,dc=net';
    FOR l_counter1 IN 1..entry.attr.COUNT LOOP
         FOR l_counter2 IN 1..entry.attr(l_counter1).attrval.COUNT LOOP
         ckerror('second loop get value--'|| entry.attr(l_counter1).attrname || '[' || l_counter1 || ']' ||'.val[' || l_counter2 || '] = ' ||entry.attr(l_counter1).attrval(l_counter2));                                   
    if entry.attr(l_counter1).attrval(l_counter2)     is null then
    ckerror('handle null attribule ');
    else                    
    -- get value
              ckerror('get value2'||entry.attr(l_counter1).attrname);
    IF entry.attr(l_counter1).attrname ='givenname' then           
                   l_first_name :=entry.attr(l_counter1).attrval(l_counter2);
                   ckerror('givename/firstname--'||l_first_name);
         elsif entry.attr(l_counter1).attrname ='sn' then           
                   l_last_name :=entry.attr(l_counter1).attrval(l_counter2);
                   ckerror('sn/lastname--'||l_last_name);
              elsif entry.attr(l_counter1).attrname ='mail' then
                   l_email := entry.attr(l_counter1).attrval(l_counter2);
                   ckerror(' email--'||l_email);
              elsif entry.attr(l_counter1).attrname ='mobile' then           
                   l_mobile :=entry.attr(l_counter1).attrval(l_counter2);
                   ckerror('mobile--'||l_mobile);
              elsif entry.attr(l_counter1).attrname ='telephonenumber' then           
                   l_work_phone :=entry.attr(l_counter1).attrval(l_counter2);
                   ckerror('work telphone--'||l_work_phone);
              elsif entry.attr(l_counter1).attrname ='cn' then           
                   l_portal_user :=entry.attr(l_counter1).attrval(l_counter2);
                   ckerror('cn/username--'||l_portal_user);
              elsif entry.attr(l_counter1).attrname ='description' then           
                   l_description :=entry.attr(l_counter1).attrval(l_counter2);
                   ckerror('description--'||l_description );
              else
              ckerror('handle other entry name--'||     entry.attr(l_counter1).attrname);
              ckerror('handle other entry--'||entry.attr(l_counter1).attrval(l_counter2) );
              end if;
    end if;
    ckerror('end compare at second loop');
    ckerror('NULL ASSIGN ISSUE FOR 72 --'||entry.attr(counter1).attrval(counter2));
    user_vals(counter2) := entry.attr(counter1).attrval(counter2);
    END LOOP;
    ckerror('end first loop');
    --- put ldap
    dbms_ldap.populate_mod_array(user_array,DBMS_LDAP.MOD_ADD, entry.attr(counter1).attrname,user_vals);
    user_vals.delete;
    END LOOP;
    processs other (l_firstname...) vars in SQL sataement
    EXCEPTION
    WHEN OTHERS THEN
    ckerror( 'Exception in PRE_ADD plugin. Error code is ' || TO_CHAR(SQLCODE));
    ckerror( ' ' || Sqlerrm);
    rc := 909;
    errormsg := 'Error code:'|| rc||' exception: pre_add data';
    END;

    Hy Tom,
    I am interested in LDAP with OID PROVISIONING in portal 10g application.
    we create a register procedure.
    however. i got an error message as ORA-06502: PL/SQL: numeric or value error: NULL index table key value.
    After debuging, we found that issue result assign null value .
    when we assign as
    user_vals(counter2) := entry.attr(counter1).attrval(counter2);
    It seems that that we can not assign entry.attr(counter1).attrval(counter2) to other var two time in procedure.
    It is server configuration issue or code issue.
    Thanks
    Newweber
    *********************** Code
    PROCEDURE pre_add (     ldapplugincontext IN ODS.plugincontext,
                   dn IN VARCHAR2,
                   entry IN ODS.entryobj,
                   rc OUT INTEGER,
                   errormsg OUT VARCHAR2
    IS
    ret                INTEGER;
    l_portal_user      wwsec_person.USER_NAME%type;
    l_first_name      wwsec_person.FIRST_NAME%type;
    l_last_name      wwsec_person.LAST_NAME%type;
    l_email      wwsec_person.EMAIL%type;
    l_work_phone      wwsec_person.WORK_PHONE%type;
    l_mobile      wwsec_person.MOBILE_PHONE%type;
    counter1           pls_integer;
    counter2           pls_integer;
    retval                pls_integer := -1;
    s                integer;
    user_session           DBMS_LDAP.session;
    user_dn           varchar(256);
    user_array           DBMS_LDAP.mod_array;
    user_vals           DBMS_LDAP.string_collection;
    user_binvals           DBMS_LDAP.blob_collection;
    indx                number := 1;
    BEGIN
    l_portal_user      :=null;
    l_first_name      :=null;
    l_last_name      :=null;
    l_email      :=null;
    l_work_phone      :=null;
    l_mobile      :=null;
    l_description      :=null;
    rc := 0;
    errormsg :=null;
    -- Create a mod_array
    user_array := dbms_ldap.create_mod_array(entry.binattr.count + entry.attr.count);
    -- Create a user_dn
    user_dn := substr(dn,1,instr(dn,',',1,1))||'cn=users,dc=e-hms,dc=net';
    FOR l_counter1 IN 1..entry.attr.COUNT LOOP
         FOR l_counter2 IN 1..entry.attr(l_counter1).attrval.COUNT LOOP
         ckerror('second loop get value--'|| entry.attr(l_counter1).attrname || '[' || l_counter1 || ']' ||'.val[' || l_counter2 || '] = ' ||entry.attr(l_counter1).attrval(l_counter2));                                   
    if entry.attr(l_counter1).attrval(l_counter2)     is null then
    ckerror('handle null attribule ');
    else                    
    -- get value
              ckerror('get value2'||entry.attr(l_counter1).attrname);
    IF entry.attr(l_counter1).attrname ='givenname' then           
                   l_first_name :=entry.attr(l_counter1).attrval(l_counter2);
                   ckerror('givename/firstname--'||l_first_name);
         elsif entry.attr(l_counter1).attrname ='sn' then           
                   l_last_name :=entry.attr(l_counter1).attrval(l_counter2);
                   ckerror('sn/lastname--'||l_last_name);
              elsif entry.attr(l_counter1).attrname ='mail' then
                   l_email := entry.attr(l_counter1).attrval(l_counter2);
                   ckerror(' email--'||l_email);
              elsif entry.attr(l_counter1).attrname ='mobile' then           
                   l_mobile :=entry.attr(l_counter1).attrval(l_counter2);
                   ckerror('mobile--'||l_mobile);
              elsif entry.attr(l_counter1).attrname ='telephonenumber' then           
                   l_work_phone :=entry.attr(l_counter1).attrval(l_counter2);
                   ckerror('work telphone--'||l_work_phone);
              elsif entry.attr(l_counter1).attrname ='cn' then           
                   l_portal_user :=entry.attr(l_counter1).attrval(l_counter2);
                   ckerror('cn/username--'||l_portal_user);
              elsif entry.attr(l_counter1).attrname ='description' then           
                   l_description :=entry.attr(l_counter1).attrval(l_counter2);
                   ckerror('description--'||l_description );
              else
              ckerror('handle other entry name--'||     entry.attr(l_counter1).attrname);
              ckerror('handle other entry--'||entry.attr(l_counter1).attrval(l_counter2) );
              end if;
    end if;
    ckerror('end compare at second loop');
    ckerror('NULL ASSIGN ISSUE FOR 72 --'||entry.attr(counter1).attrval(counter2));
    user_vals(counter2) := entry.attr(counter1).attrval(counter2);
    END LOOP;
    ckerror('end first loop');
    --- put ldap
    dbms_ldap.populate_mod_array(user_array,DBMS_LDAP.MOD_ADD, entry.attr(counter1).attrname,user_vals);
    user_vals.delete;
    END LOOP;
    processs other (l_firstname...) vars in SQL sataement
    EXCEPTION
    WHEN OTHERS THEN
    ckerror( 'Exception in PRE_ADD plugin. Error code is ' || TO_CHAR(SQLCODE));
    ckerror( ' ' || Sqlerrm);
    rc := 909;
    errormsg := 'Error code:'|| rc||' exception: pre_add data';
    END;

  • AD-OID Synchronization with groups

    Hi,
    I've successfully synchronized users form AD to OID
    Groups are also well integrated but there is an attribute that is not
    properly synchronized from AD to OID. I have created a group with its users in
    AD. The group and all users are reachable from OID. However, in OID there is no
    relation between the users and the group they belong to. That is,the attribute
    uniquemember of the group is empty in OID.
    In the mapping file, the corresponding rules are well stablished:
    member: : :group:uniquemember: :groupofUniqueNames
    Does anybody know why the uniquemember attribute is empty?
    Thanks in advance,
    Cristina

    Hello Cristina:
    Hope you would be able to get your uniquemember mapping working by now.
    I was able to do so using the out-of-box mapping provided by OID with AD.
    However, I have a different problem while synching the AD groups with OID groups.
    Let me try and explain my problem in more detail:
    AD DIT:
    cn=sd_groups,ou=sandiego,ou=sites,dc=mycompany,dc=com
    OID DIT:
    cn=groups,dc=mycompany,dc=com
    In the process of syncing when the groups are brought over from AD to OID the uniquemember (members of the groups) also comes over. But when I try to delegate this group users it does not see those users (which has come over from AD) as they follow a totally different DIT as mentioned above. However, to mimic the DIT as in AD on the OID side. I tried to add an organizationalunit into the OID realm and it errors out. In other words that did not work.
    It would be really nice to hear from someone who has done a similar implementation.
    And also would be interested in hearing if somebody has done an export of groups and users into AD from OID.
    Thanks,
    Himanshu

  • Auto provision different groups in oim 11g

    Hi,
    While provisioning a user to AD, I need to add few different different groups based on the user's dept code.
    We have around 250 dept codes and I dont want to create 250 access policies to provision different groups based on the dept code.
    Is there any other way to resovle my issue?
    I am using OIM11g. Please let me know.

    Adding more to Bikash Reply...
    Create a Lookup with codekey as Dept Code and Decode as Groups like
    Dept1->Group1
    Dept1->Group2
    Dept1->Group3
    Write a code which retrieves the groups for corresponding dept code from the lookp, and in the same code call addProcessFormChildData(under tcFormInstanceOperationsIntf) for each group retrieved from lookup. Attach this adpater to new process task and call this task on success of create user task.
    Reference:
    JavaTask to be called after AD User provisioning succeeds
    HTH

  • Provision a group

    Hi,
    How to provision a resource with process information using a java program?
    Resource does not have a resource form.
    Thanks

    To directly provision a group in OID you need to use following oim api's
    1. Get the factory instance
    tcUtilityFactory oimUtilityFactory =new tcUtilityFactory(env, moSig);
    1. Get the organization key
    tcOrganizationOperationsIntf orgOpInterface =(tcOrganizationOperationsIntf) oimUtilityFactory.getUtility("Thor.API.Operations.tcOrganizationOperationsIntf");
    HashMap orgReq = new HashMap();
    orgReq.put("Organizations.Organization Name", "Name of the Organization");
    tcResultSet tcResultDetails = orgOpInterface.findOrganizations(orgReq);
    organizationKey = tcResultDetails.getLongValue("Organizations.Key" );
    2. Get the Resource object key
    tcObjectOperationsIntf oimObjectInterface == (tcObjectOperationsIntf)oimUtilityFactory.getUtility("Thor.API.Operations.tcObjectOperationsIntf");
    long [] arr = new long[1];
    arr[0] = organizationKey;
    tcResultDetails = oimObjectInterface.findProvisionableObjectsForOrganizations(arr);
    long provisionObjectKey = -1;
    +//Get the key of the resource object to be provisioned+
    for (int i=0; i<tcResultDetails.getRowCount(); i+){+
    tcResultDetails.goToRow(i);
    if("OID Group".equalsIgnoreCase(tcResultDetails.getStringValue("Objects.Name")))
    +{+
    provisionObjectKey = tcResultDetails.getLongValue("Objects.Key");
    break;
    +}+
    +}+
    3. Provision the resource
    long objectInstanceKey = orgOpInterface.provisionObject(organizationKey,provisionObjectKey);
    4. Get the process instance key
    tcResultDetails = orgOpInterface.getObjects(organizationKey);
    long processInstanceKey = -1;
    for (int i=0; i<tcResultDetails.getRowCount(); i+){+
    tcResultDetails.goToRow(i);
    if(objectInstanceKey == tcResultDetails.getLongValue("Organization-Object Instance-Process Instance.Key"))
    +{+
    processInstanceKey = tcResultDetails.getLongValue("Process Instance.Key");
    +}+
    +}+
    5. Set the process form
    tcFormInstanceOperationsIntf oimFormUtility =(tcFormInstanceOperationsIntf) oimUtilityFactory.getUtility("Thor.API.Operations.tcFormInstanceOperationsIntf");
    HashMap groupDetails = new HashMap();
    +//fill up hashmap with all the required values from process form of OID group+
    oimFormUtility.setProcessFormData(processInstanceKey,groupDetails );
    Hope this helps,
    Sagar

  • How OIM user provisioning automatically

    Hi,all
    I have integrated OIM with OID by OID connector,now I want to implement that OIM user is provisioned automatically to oracle ldap as soon as i create a user account through OIM admin console,what should i do?could u give me some detailed instrution?
    Thanx in advance.

    Hi,
    Go to design console->Resource Management->Rule Designer
    .Give the Name of Rule
    .Select General as Type
    .Click on Add Rule and then slelect the user profile data and give the value on which you want auto membership.
    You can define your rule there.For example
    Organization Name= IT
    Please let me know if you have clarification.
    Regards
    Nitesh
    .

  • OIM approval / provisioning workflows

    Hi All
    I have a query about OIM approval / provisioning workflows.
    Application X (e.g. Active Directory) has an OOTB connector which can provision the user and manage his role in the application. The user can raise request for role change via OIM Admin console.
    My query - Can I configure access policy/user group for creation of a base user identity in the application X. This will create user identities for all users in application X without any roles. Later user should be able to request for roles and upon approval, his role should be updated in application X.
    Can this scenario can be implemented with any OOTB connector with provisioning and role approval workflows in place. Do you see any complexity in this. Please provide your comments.

    The base provisioning van be done using access policies.
    If you want request based role management in pre OIM 11g you would have to do it over custom ROs. There are a couple of ways to do this.
    The easiest way to do is to combine the approaches in these two postings and create a custom RO that moves the user into an OIM group that has an attached access policy that manipulates the child table on the base target system RO.
    http://iamreflections.blogspot.com/2010/09/oim-howto-one-resource-object-per.html
    http://iamreflections.blogspot.com/2010/09/oim-howto-target-system-group.html
    Please take a look and see if this is understandable. I probably should write another entry that addresses this specific use case.
    /Martin

Maybe you are looking for

  • Get iViews from Role

    Hi I want to find out on which page a specific iViews is used, that means, where in the (user specific) navigation the iView will be displayed. When I traverse the navigation nodes, I get with getName() something like "ROLES://portal_content/folder/p

  • Group Currency mismatch - FC Valuation Reversal

    Good Day! After running reversal for foreign currency valuation (new GL), we noticed that Group currency was not populated causing a small mismatch. We ran valuation again after reversal and the open item was still valuated properly. Do you have any

  • Holiday effect on Purchase orders

    Hi All, There is a situation where holiday for 12th may 2008 is declared, this holiday is not considered in factory calendar. What can be the possible effects on Purchasing documents in this case. Amit

  • Getting kicked off CC every time I sign in

    Each time I try to sign into my CC account on the app, it seemingly works, but then I get the message "You've been signed out. Please sign in to continue." Have reset my password several times. Since I can't get in, I can't update any apps or access

  • How to add Crystal Report Basic 2008 in SAP B1 2005 B

    Hi All Experts, I have installed Crystal Report Basic 2008 in SAP B1 2005 B PL 25. But I dont know how to add this in addon. Can any body guide me to do plz. With Warm Regards, Chintesh Soni