OIM SSH Connector Primary Groups Lookup Problem

Hello,
we have the following problem:
We need to reconcile groups from different UNIX machines. Many group names and guid are equal in different machines, but for some groups, the name is equal in different machines but the guid is different. During group reconciliation all groups are stored in the same lookup definition: UD_LOOKUP_SSH_PRIMARYGROUPNAMES.
For example, we have two machines M1 and M2. We have an IT Resource for every machine.
In the M1 machine the following groups exist:
GUID Group Name
505 Application1
506 Application2
In the M2 machine the following groups exist:
GUID Group Name
505 Application1
510 Application2
After executing reconciliation from both machines, the contents of the UD_LOOKUP_SSH_PRIMARYGROUPNAMES lookup definition would be the following:
CODE DECODE
505 Application1
506 Application2
510 Application2
The problem is that we can't determine which is the corresponding machine for each group.
Can anyone give us a solution for this problem?
We have tried using a different lookup definition for each machine but another problem appears. For provisioning, in the UD_SSH form, the Primary Group field references the UD_LOOKUP_SSH_PRIMARYGROUPNAMES lookup definition for all machines (IT Resources). Is there any way to make the primary group field read from certain lookup definition depending on the IT Resource field value (depending on the machine we want to provision)?
Thank you very much

Hi
It would be difficult for you as OOTB you can't add prefix.
But there is no other way.
You ca njust give your custom Lookup Name in task sch like Lookup.Machine1 and for another machine Lookup.Machine2
Now you can write few lines of Java Code/Sch Task which will Prefix Group with Machine1- and Machine2- and add these values in lookup UD_LOOKUP_SSH_PRIMARYGROUPNAMES
This is till now. But may be while provisioning you may face issues because Target Application doesn't understand group name Machine1-502
So while adding group membership you have to write your code which will remove Machine1- from group name.

Similar Messages

  • OIM & SSH Connector - Batch does not complete

    Hi All,
    i'm fighiting against a strange behavior.
    I installed the last ssh connector on the Identity Manager. First Lookup (for groups etc...) works fine. When I launch a full reconciliation, the scheduled job produces a reconciliation event for each user that is in the passwd.
    Unfortunately, after the job termination, the system does not provides link ad-hoc functionalities, and if i try to do something on a reconciliation event, the system tell me that "Batch is not completed".
    The last line connector log trace says:
    [2012-03-16T12:37:27.285+01:00] [oim_server1] [NOTIFICATION] [] [OIMCP.TELNETSSH] [tid: Thread-3286] [userId: oiminternal] [ecid: 0000JORBQ9AADSwpGC4Eyf1FOlsL000002,1:29674] [APP: oim#11.1.1.3.0] SSHRecon::running the Recon thread for the ITResource securelog: FINISHED
    Someone has some suggestion to solve thi issue?
    Thanks in advance

    You need Version 9.0.4.2 of the sun connector to use the installer feature.
    check metalink for an update or install the connector "old school" by importing the xml files manually.

  • OIM-OID Connector: OID Group Recon Task and organizations

    Hi,
    I'm evaluating OIM and its OID Connector.
    We have groups in our existing OID. We thought that we could use the OID Connector OID Group Recon Task to import those groups into OIM and make them Groups in OIM.
    However, when we run the task, it appears to import our groups from OID as organizations, not as groups. It's not clear to me from the OID Connector documentation what exactly the OID Group Recon task is supposed to do. That's why we assumed it was an OOTB method for reconciling OID groups into OIM groups.
    What are we doing wrong? Why do we end up with our OID Groups becoming OIM Organizations after running the task?
    We are using version 9.4.11 of the OID Connector.
    Also, a side issue: how can we delete unwanted organizations from OIM? There's a delete option but it just seems to mark the organizations as deleted but they are still there.
    Thanks
    Eric
    Edited by: PeachEye on 17/03/2010 11:49

    Hi,
    I am also facing the similar issue. I want to reconcile OID groups into OIM User Groups menu item. Please suggest how to proceed.
    I ran the schedule task- OID Group Recon Task, but it throws error-
    ERROR,12 Mar 2010 09:16:44,265,[XL_INTG.OID],OID:tcTskOIDGrouporRoleReconTask:pe
    rformReconciliation():com.thortech.xl.integration.OID.util.tcUtilLDAPOperations:
    NamingException :Unable to search LDAP. Check the following values and try agai
    n: Base Search detail: cn=abc,ou=Q System1,dc=xoserve-apps,dc=com, filter expres
    sion is (&(objectClass=groupOfUniqueNames)(modifytimestamp>=19000101010001Z)), A
    ttributes : DN, modifytimestamp, Organization Name, orclguid, cn,]
    ERROR,12 Mar 2010 09:16:44,281,[XL_INTG.OID],===================================
    I want to bring OID groups into OIM so that I can manager those OID groups from OIM. Is there any other way to so this? I have to make changes in the OID object class or in the OID field mappings? I have not done any changes in Lookup OID configuration or LookUp Field map parameters.
    Please help.

  • OIM-OID connector group lookup recon

    Hi Everyone,
    I am trying to run group lookup recon using scheduled job OID Connector Group Lookup Reconciliation. I can run the recon sucesssfully if my base DN for OID is set to dc=com in the IT resource. and does not work when it is "dc=example,dc=com". The error is Failed: Error message can not be retrieved and cannot see any relavant information in the log files.
    Also, I get an ADF error when i try to open the OID Connector OU Lookup Reconciliation.
    java.lang.VirtualMachineError
    ADF_FACES-60097:For more information, please see the server's error log for an entry beginning with: ADF_FACES-60096:Server Exception during PPR, #2
    [2013-01-21T08:22:46.936+09:00] [oim_server1] [ERROR] [] [oracle.adfinternal.view.faces.config.rich.RegistrationConfigurator] [tid: [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 498a5bc255145a67:-60b819ea:13c5a0de041:-8000-0000000000000470,0] [APP: oim#11.1.1.3.0] ADF_FACES-60096:Server Exception during PPR, #2[[
    javax.servlet.ServletException: java.lang.InstantiationError: java.lang.VirtualMachineError
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:341)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
         at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
         at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
         at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
         at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
         at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    Caused by: java.lang.InstantiationError: java.lang.VirtualMachineError
         at sun.reflect.GeneratedSerializationConstructorAccessor251.newInstance(Unknown Source)
         at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
         at java.io.ObjectStreamClass.newInstance(ObjectStreamClass.java:924)
         at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1736)
         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
         at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
         at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
         at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
         at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
         at oracle.iam.scheduler.vo.JobHistory.getExceptionObject(JobHistory.java:79)
         at oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1251)
         at oracle.iam.consoles.faces.utils.CanonicUtils.prepareOperation(CanonicUtils.java:169)
         at oracle.iam.consoles.faces.utils.CanonicUtils.prepareOperation(CanonicUtils.java:179)
         at oracle.iam.consoles.faces.render.canonic.UICursor$TableActionListener.processAction(UICursor.java:855)
         at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
         at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXComponentBase.java:675)
         at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:179)
         at org.apache.myfaces.trinidad.component.UIXCollection.broadcast(UIXCollection.java:148)
         at org.apache.myfaces.trinidad.component.UIXTable.broadcast(UIXTable.java:271)
         at oracle.adf.view.rich.component.UIXTable.broadcast(UIXTable.java:145)
         at oracle.adf.view.rich.component.rich.data.RichTable.broadcast(RichTable.java:402)
         at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
         at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
         at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
         at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
         at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
         at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
         at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
         at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
         at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
         at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
         at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
         at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
         ... 41 more
    Anyone help me in resolving these problems.
    Thanks,
    Bob
    Edited by: user10104431 on Jan 21, 2013 5:04 AM

    Any ideas please..

  • OIM AD connector- Groups added natively in AD getting deleted

    We are facing this issue with the OIM Ad connector- 11.1.1.5.0. The scenario is :
    1. OIM user get created
    2. OIM provisions user to AD and adds user to 2 groups ( 1 and 2)
    3. AD Administrator logs into the AD directly and adds 3 groups to the user ( Group3,Group4 and Group5)
    4. OIM admin goes to the resources tab and adds Group6 to the user from within OIM AD resource
    Shouldn't we see that the user account on AD be a member of group1,group2,group3,group4,group5 and group6. This is the expected behavior
    What we are seeing on the account is that only group1,group2 and group6 are visible.
    I understand the the groups - Group3,Group4 and Group5 will not be visible on the resource form unless we do a recon but OIM should not be DELETING groups added natively on AD
    Any help on this issue will be appreciated

    Thanks everyone. I do agree that the behavior should be such that all 6 groups should be visible on the user on the target (AD) system. However, we are seeing that the groups added natively within AD are getting deleted and OIM is "truing up" the user account with the groups that are added within the process form , i.e. the scenario described above. OIM is actually deleting the groups that were added manually on AD.
    If I do trigger a target recon, then I can see that all the groups are reflected on the user within OIM. However running this task every hour or rather every time I need to add an entitlement on a user is not a feasible solution,would you agree?. Also this is a limitation that cannot be placed on a helpdesk person. Rather , if this is the only solution , it should be a functionality of the connector.
    Please note that the connector deployed is v11.1.1.5.0 and NOT the 9.1.1.7. The 9.x connector did behave as expected , i.e it did not delete any groups. However the new ICF based connector is deleting groups. Is there a setting within the connector configuration to turn on/off this functionality?
    This is what I see in the connector server logs
    <VERBOSE>: Class-> ActiveDirectoryUtils, Method -> GetDnFromPath, Message -> Exiting the method. Returning the value = CN=TEST6,CN=Users,DC=OIM,DC=Test,DC=com
    <VERBOSE>: Class-> CustomAttributeHandlers, Method -> UpdateDeFromCa_OpAtt_Groups, Message -> DirectoryEntry path = LDAP://xx.xx.xx.xxx/CN=Print,DC=OIM,DC=Test,DC=com. Removing: CN=TEST6,CN=Users,DC=OIM,DC=Test,DC=com from the property: member
    "PRINT" is the group that was added natively on AD.

  • OIM-OID Provisioning - OID Group PrePopulate Approach :

    Hi,
    I am working on OID Connector 9.0.1.14 with OIM 11.1.1.5.
    I have reconciled all the Roles and Groups from OID to OIM and can successfully provision users to the OID along with membership to these specific Roles and Groups.
    I want to prepopulate the OID Group based on certain attribute from the OIM User form. My Approach so far is :
    1) Created an Entity Adapter with a variable : say Org and GroupName.
    2) Set the Logic as if Org = XYZ (+XYZ does exist on OIM+) set GroupName as = "OID Group 1" else set GroupName as = "OID Group 2"
    3) Attached this adapter to the "OID User Group" form on the "Data Object Manager" at the pre-insert stage.
    4) Mapped the Adapter variable as :
    a) Org Maps to "Organization Definition" with the qualifier "Organization Name"
    b) GroupName maps to the "Entity Field" with the qualifier "UD_OID_GRP_GROUP_NAME"
    However nothing seems to happen when I create/modify a user with Orgization Name as XYZ and manually Provision the OID Resource. I can see the form but nothing is populated in the Group Field. Upon completing the request, I get the user provisioned to OID but without any Group information..
    Is my approach right ? Am I missing something ?

    Here is what I have done for a client. My requirement was for a given department, a user must have a list of groups provisioned to them. So here is what i've done:
    1. Create a lookup that has Code Key = Department, Decode = CN of the groups in a delimited format.
    2. Create a provisioning task that will look at the department code from the user form, reference the lookup and find the decode values. Split them based on a delimiter. Then using each value, lookup the code key value from the real lookup that contains the full distinguished name of the group in the OID Group lookup. I even appened the IT Resource Key and ~ so that my search would be Decode or Code = "IT Resource Name~CN=<CN VALUE>%". This would return only the single group code key value. And then i add it to the child table. Repeat this for all the values in the delimited field.
    3. Create a provisioning task that removes the values from the child table based on the delimited value. You'll need to search through the existing child table values.
    Once you have the 2 tasks, you'll want to add a value to the your Lookup.USR_PROCESS_TRIGGERS that is your group determining field. Create your task name in this lookup. On your provisioning workflow, for the Adding of the groups task, make this unconditional, and have a preceding task of the Create User. Give it the name from your Lookup.USR_PROCESS_TRIGGERS and append " - Add Groups" to the task name. Create another task called the same, but append " - Delete Groups" to the task name. On the Add Groups task, make the preceding task the Delete groups. When you map your inputs to the adapters, on the delete, select the old value check box from the User Form so that you get the old value. Now, when the value changes on the user form, it will first remove the old groups, then add the new ones. All this will be done using the child table APIs, so that the existing Insert and Delete task triggers for your child table will run.
    -Kevin

  • OIM 11g:  Connector based on SEND / EXPECT or scripting

    Hello
    I have a system that I need to integrate into OIM 11g. (11.1.1.5.2) The application has a scripting engine to perform all user management functions. For example, on the system itself you would run the following from the command line:
    account create 'bsmith'
    account password 'password'
    account permission 'login'
    account group default 'enduser'
    account description 'Bob Smith'
    account firstname 'Bob'
    account lastname 'Smith'
    The account repository is a custom format, and I cannot provisioning directly to it via the DB tables, or flat file etc etc. The system, however, is running on a standard UNIX platform, so I have access to SSH into the box and issue the commands.
    Question: What is the best way to implement a connector to an application that only uses a scripting engine for account management? Is there an OOTB connector that can use UNIX send/expect? What about executing a shell script with inputs for the variables needed? Can I use the standard SSH connector, and override the 'user add' command?
    Thank you.

    Following are the the list of mappings. The ones wth similar names are easy to guess. Notice that USR_COUNTRY is missing in the list. I have requested Oracle to log a bug for this and for any other missing fields. If accepted this should be available in the next patch.
    (Mapping between user definition qualifiers on data object manager form and actual USR fields)
    === Process Definition ===
    Name -> pkg_name
    Type -> pkg_type
    === Object Definition ===
    Object Name -> obj_name
    Object Type -> obj_type
    Object Target Type -> obj_order_for
    === Organization Definition ===
    Organization Name -> act_name
    Organization ID -> act_key
    Organization Type -> act_cust_type
    Organization Status -> act_status
    Organization Parent ID -> parent_key
    + Organization UDFs
    === User Definition ===
    User Key -> usr_key
    Request Key -> req_key
    Identity -> usr_fss
    User Login -> usr_login
    Role -> usr_emp_type
    Password -> usr_password
    First Name -> usr_first_name
    Middle Initial -> usr_middle_name
    Last Name -> usr_last_name
    Disabled -> usr_disabled
    Type -> usr_type
    User Status -> usr_status
    Manager -> usr_manager_key
    Organization -> act_key
    Start Date -> usr_start_date
    End Date -> usr_end_date
    Provisioning Date -> usr_provisoning_date
    Deprovisioning Date -> usr_deprovisioning_date
    Provisioned Date -> usr_provisioned_date
    Deprovisioned Date -> usr_deprovisioned_date
    Email Address -> usr_email
    Email -> usr_email
    + User UDFs

  • OIM: OID Connector Issue

    Hey all,
    I downloaded and installed the new 11g version of the OID 11.1.1.5 connector without the connector server on OIM 11g BPO5. While trying to run the group lookup reconciliation scheduled task, it fails with below error:
    <Oct 30, 2012 8:51:01 PM PDT> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.RECON.LOOKUPRECONTASK> <BEA-000000> <oracle.iam.connectors.icfcommon.recon.LookupReconTask : execute : Error during execution
    org.identityconnectors.framework.common.exceptions.ConnectorException: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; Remaining name: *'dc=mycompanydc=statedc=*type'
    at org.identityconnectors.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:71)
    at org.identityconnectors.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:59)
    at org.identityconnectors.ldap.search.LdapSearch.execute(LdapSearch.java:131)
    at org.identityconnectors.ldap.LdapConnector.executeQuery(LdapConnector.java:115)
    at org.identityconnectors.ldap.LdapConnector.executeQuery(LdapConnector.java:59)
    at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:105)
    at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:82)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:600)
    at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:93)
    at $Proxy336.search(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:600)
    at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:107)
    at $Proxy336.search(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:600)
    at org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:162)
    Caused By: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; Remaining name: *'dc=mycompanydc=statedc=*type'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3092)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:245)
    at org.identityconnectors.ldap.search.DefaultSearchStrategy.doSearch(DefaultSearchStrategy.java:60)
    at org.identityconnectors.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:66)
    at org.identityconnectors.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:59)
    at org.identityconnectors.ldap.search.LdapSearch.execute(LdapSearch.java:131)
    at org.identityconnectors.ldap.LdapConnector.executeQuery(LdapConnector.java:115)
    at org.identityconnectors.ldap.LdapConnector.executeQuery(LdapConnector.java:59)
    at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:105)
    at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:82)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:600)
    at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:93)
    at $Proxy336.search(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:600)
    at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:107)
    at $Proxy336.search(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:600)
    at org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:162)
    >
    <Oct 30, 2012 8:51:01 PM PDT> <Warning> <oracle.iam.scheduler.vo> <IAM-1020035> <Error in exception object for job {0}
    java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx
    at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1173)
    at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1527)
    at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1492)
    at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1409)
    at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1167)
    at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1527)
    at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:428)
    at java.lang.Throwable.writeObject(Throwable.java:293)
    at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:600)
    at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1001)
    at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1478)
    at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1409)
    at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1167)
    at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1527)
    at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:428)
    at java.lang.Throwable.writeObject(Throwable.java:293)
    at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:600)
    at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1001)
    at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1478)
    at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1409)
    at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1167)
    at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:336)
    at oracle.iam.scheduler.vo.TaskSupport.populateJobHIstory(TaskSupport.java:321)
    at oracle.iam.scheduler.vo.TaskSupport.logJobExecution(TaskSupport.java:206)
    at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:153)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:600)
    at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
    Another thing is, the logs is not showing the basecontext properly i.e., *'dc=mycompanydc=statedc=*type' instead of *'dc=mycompany,dc=state,dc=*type'. The ',' seems to be missing in the logs.
    Please help.
    Regards,
    Sunny

    Whats is the value in SearchContext attribute value in scheduled task.
    It should be dc=mycompany,dc=state,dc=type
    And it should be present in your OID.

  • Weird data obtained when running Task: AD Group Lookup Recon

    Hi,
    Im running the scheduled task named: AD Group Lookup Recon
    It works. and populates the lookup named Lookup.ADReconciliation.GroupLookup
    but when lookin in the design console, the Code Key and the Decode values have weird data ie:
    code key: 2~CN=TelnetClients,CN=Users,DC=adtest,DC=com     
    Decode: ADITResource~CN=TelnetClients,CN=Users,DC=adtest,DC=com
    in the code key there is an extra *2~*
    in the Decode is an extra ADITResource~
    I may think that it is some kind of coding for connector commands used in provision tasks, when I'm trying to provision an OIM user to Active Directory (in the Organization Lookup field) i get this data
    this is just one line:
    Value: 2~CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=System,DC=adtest,DC=com      
    Description: ADITResource~CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=System,DC=adtest,DC=com
    Any Ideas?
    Thank You.

    yes you are right, code key and decode key is because of the coding in the connector to distinguish lookup values coming from multiple IT resources.
    If you want to get rid of this [IT Resource~] you will have to modify the connector.
    One more thing looks like the base dn you have specified for lookup reconciliation is DC=adtest,DC=com with generic filter thats why you are getting entries like 2~CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=System,DC=adtest,DC=com which may not be a group you want
    Hope this helps,
    Sagar

  • Userprefs don't depend on primary group?

    I have users (student1, student2, etc) setup in two groups each, (their grade: ie, "Grade3", and "Students")   For this problem, it doesn't matter what primary group I set for them.  They are asked upon logon, to choose "grade3" or "students" as their primary workgroup.
    It seems that user prefs I set will only take effect for the group that the user (ie, studen1) selects when they are presented with the choice when logging on, not both groups I set prefs.
    ie, I set "restrict website xyz.com" in group "grade3" (for all grade3 students) and set "restrict facebook.com" in group (students) for all students in the school.
    When a grade 3 student logs on, they are asked to select a workgroup: grade3 or student.   If they select grade3, they are only restricted from xyz.com, but not facebook, and if they select students, they are restricted from facebook, but not xyz.com.
    Is this normal, or am I doing something wrong?
    Should users not be members of more than one group?
    Which is best to make their primary group, "grade3" or "students"?

    You can achieve this using rs.exe
    Datasource name can be made dynamic by using expression based connection strings
    see
    http://blogs.msdn.com/b/johndesch/archive/2012/12/17/using-the-rs-exe-utility-to-deploy-a-report-server-project-and-shared-dataset.aspx
    Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs

  • Ldap group lookups very slow

    We are currently testing Solaris 11 on one of our servers. We are encountering the problem that
    ldap group lookups are very slow. This didn't occur under Solaris 10. The ldap information is held
    in Active Directory with all unix information held in a relatively small separate branch, except for passwd information,
    which is held in the main very large part of AD (using the same user object for unix as used for the equivalent Windows user but
    with the added unix posixAccount attributes). What appears to be happening is that the first search is very
    quick when it accesses posixGroup information from the unix branch but it then tries to perform a memberOf
    search which must be using the passwd search base which then searches the whole of the AD and it is this
    part which is extremely slow. Is there any way of disabling the memberOf search ?
    The following snoop information is an example of the problem search ....
    LDAP: Operation *[APPL 3: Search Request]
    LDAP: [Base Object]
    LDAP: ou=uol,dc=livad,dc=liv,dc=ac,dc=
    LDAP: uk
    LDAP: [Scope]
    LDAP: wholeSubtree
    LDAP: [DerefAliases]
    LDAP: derefAlways
    LDAP: [SizeLimit]
    LDAP: [TimeLimit]
    LDAP: [TypesOnly]
    LDAP: Extensible Match *[9]
    LDAP: MatchingRule [1]
    LDAP: 1.2.840.113556.1.4.1941
    LDAP: Type [2]
    LDAP: memberOf
    LDAP: MatchValue [3]
    LDAP: CN=eme,OU=Group,OU=Unix,OU=UOL
    LDAP: ,DC=livad,DC=liv,DC=ac,DC=uk
    LDAP: dnAttributes [4]
    LDAP: *[Sequence]
    LDAP: [OctetString]
    LDAP: sAMAccountName
    LDAP: [OctetString]
    LDAP: objectClass
    LDAP: Controls List *[0]
    LDAP: *[Control]
    LDAP: [LDAP OID]
    LDAP: 1.2.840.113556.1.4.473
    LDAP: [Criticality]
    LDAP: [Control value]
    LDAP: *[Control]
    LDAP: [LDAP OID]
    LDAP: 2.16.840.1.113730.3.4.9
    LDAP: [Criticality]
    LDAP: [Control value]
    This is our ldap_client_file
    NS_LDAP_FILE_VERSION= 2.0
    NS_LDAP_AUTH= simple
    NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=user
    NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=user
    NS_LDAP_OBJECTCLASSMAP= group:posixGroup=group
    NS_LDAP_SEARCH_BASEDN= ou=unix,ou=uol,dc=livad,dc=liv,dc=ac,dc=uk
    NS_LDAP_CREDENTIAL_LEVEL= proxy
    NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=uol,dc=livad,dc=liv,dc=ac,dc=uk?sub
    NS_LDAP_SERVICE_SEARCH_DESC= group:ou=Group,ou=unix,ou=uol,dc=livad,dc=liv,dc=ac,dc=uk?sub
    NS_LDAP_BIND_TIME= 5
    NS_LDAP_SEARCH_SCOPE= sub
    NS_LDAP_SERVERS= bhdc01.livad.liv.ac.uk
    NS_LDAP_ATTRIBUTEMAP= passwd:gecos=cn
    NS_LDAP_ATTRIBUTEMAP= passwd:uid=sAMAccountName
    NS_LDAP_ATTRIBUTEMAP= passwd:homedirectory=unixHomeDirectory
    NS_LDAP_ATTRIBUTEMAP= shadow:uid=sAMAccountName
    NS_LDAP_SEARCH_TIME= 8
    NS_LDAP_CACHETTL= 0

    Are you testing on the same machine?? or you're testing the SQL*Plus on the database machine directly??
    Tony

  • OIM DBUM connector error

    Hi All,
    I have instlalled the OIM DBUM connector for Oracle databse. I have provided all the parametrs except connectionproperties column while configuring the itresource for the connector.when trying to run the schedulers OOTB to populate lookups synchronized with target iam getting the following error.please help me out.
    oracle.iam.connectors.icfcommon.exceptions.OIMException: Thor.API.Exceptions.tcAPIException: Row index out of bounds
    thanks.

    Hi Ketan,
    I have installed DBUM *11.1.1.6* on OIM *11.1.1.5* locally.
    in the connector guide i followed below steps.
    1. Sec:2.2.1 Installing the Connector in Oracle Identity Manager
    2. Sec:2.3 Postinstallation
    Section 2.3.1, "Postinstallation on Oracle Identity Manager"
    Section 2.3.1.1, "Configuring the Target System As a Trusted Source"-notdone
    Section 2.3.1.2, "Changing to the Required Input Locale" -----left it with default values
    Section 2.3.1.3, "Clearing Content Related to Connector Resource Bundles from the
    Server Cache"
    Section 2.3.1.4, "Creating the Administrator Account on Oracle Database Vault"-----not done
    Section 2.3.1.5, "Setting up the Lookup Definition for Connection Pooling"---not done
    Section 2.3.1.6, "Enabling Logging for Oracle Identity Manager"
    Section 2.3.2 Configuring the IT Resource for the Target System
    In this we have a parameter text field called Connection Properties ----I left it blank and dont know what needs to be filled.
    Remaining parameters are set
    Database Name-IP of DB machine
    DB Type
    JDBC Driver
    JDBC URL
    Login Password
    Login User
    I could see connector installation success message. But when I am trying to run the scheduled jobs configured to populate the lookups , getting the above mentioned error.
    Thanks.
    Section 2.3.2, "Configuring the IT Resource for the Target System"
    Section 2.3.3, "Configuring the Connector to Support Multiple Versions of the
    Target System"------------------->not done
    Edited by: Powerlad on Sep 2, 2012 11:55 PM

  • OIM PoepleSoft Connector

    Hi All,
    I am installing OIM - PeopleSoft connector for Employee Reeconciliation. As part of Target System Configuration for Full Reconciliation(Trusted Source) i performed all the steps specified in Connector documentation on Target System. Summary of the steps is Full publish of Person Data in PeopleSoft as xml files and feeding these xml as initial data load to OIM. After running the process scheduler for Data Publish of PERSON_BASIC_FULLSYNC message i dont see any xml files being generated. Rather it only gives me one log file and a .trc file. The log file says the process has ran successfully. But no expected out.
    Any one who previously performed these steps successfully please share your experience and pointer would be appreciated
    PeopleSoft HRMS 8.8
    People Tools : 8.9.26
    OIM 11g.
    Connector : 9.1.1.6
    Connector Documnetation Followed : http://download.oracle.com/docs/cd/E11223_01/doc.910/e11205/deploy.htm#BIHFHICC
    Regards,
    Ashok

    i'm face the same problem, have u soloved this problem . can u share me with it ?

  • Getting a user's primary group from Active Directory

    I'm coding a java web app that should authenticate a user to Active Directory and return his primary group.
    Using JNDI apis I realized the first part (authentication) and functions well but still having problems with the second part (getting the user's primary group).
    Is there somebody who knows/gets some codes for getting this info from Active Directory using java?
    Thanks a lot.
    Regards.
    John.

    I'm coding a java web app that should authenticate a user to Active Directory and return his primary group.
    Using JNDI apis I realized the first part (authentication) and functions well but still having problems with the second part (getting the user's primary group).
    Is there somebody who knows/gets some codes for getting this info from Active Directory using java?
    Thanks a lot.
    Regards.
    John.

  • How do i use WGM or dcsl to change the primary groups of users, defined by another group?

    i've got a ton of users, whose primary group is "current student". they all belong to the other group "year 13"
    they've left school, so i thought it would be easy to do a search of users with GID equal to or containing the GID for "year 13" (in this case 1121) and then change their primary group to "left school"
    except that doesn't work. i can only search for them in WGM by primary group, it seems. therefore i cannot do any batch operations on a secondary group.
    so. how do i do this? is there a way of scripting dcsl to find users by 'other group' and then change the primary group attribute?
    i'm going to need to be doing a lot of this (changing the other gropus of a school full of students). bit stumped.
    help!

    ok. for some reason neitehr root nor my account (which is part of the open directory admin group) can make changes using dscl.
    when addingremoving users from groups, remember that teh UUID has to be added/removed too
    this is getting there:
    old=year11
    new=year12
    for item in `dscl /LDAPv3/127.0.0.1/ read /Groups/$old GroupMembership | cut -d: -f2`
    do
    echo $item
    UUID=`dsmemberutil getuuid -U $item`
    case "$UUID"
              in
              "There is no uuid for user $item")
                        echo "user $item need personal attention"
                        dscl -u diradmin -P 'somepassword'  /LDAPv3/127.0.0.1 append /Groups/$new GroupMembership $item
                        dscl -u diradmin -P 'somepassword'  /LDAPv3/127.0.0.1 append /Groups/$new GroupMembers $UUID
                        if [ "`dsmemberutil checkmembership -U $item -G $new`" == "user is a member of the group" ]  ; then
                        echo "$item added to $new"
                        dscl -u diradmin -P 'somepassword'  /LDAPv3/127.0.0.1 delete /Groups/$old GroupMembership $item
                        dscl -u diradmin -P 'somepassword'  /LDAPv3/127.0.0.1 delete /Groups/$old GroupMembers $UUID
                                  if [ "`dsmemberutil checkmembership -U $item -G $old`" == "user is a member of the group" ]  ; then
                                  echo "removal of $item from $old failed"
                                  else
                                  echo "removal of $item from $old succeded"
                                  fi
                        else echo "append of $item to $new failed"
                        fi
              esac
    done

Maybe you are looking for

  • HP LaserJet M1120n Multifunction Printer, control panel display

    Hi, Yesterday here was an electrisity cut. After that all devices worked normally, except the printer. Control panel display of the printer was out of function and control panel buttons  didn't work. I turned  the printer off and waited some time. Af

  • How can I add metadata to a MTS-file in Adobe Bridge?

    Hello, I want to add some tags to my Videos. Those are MTS-files. Is this possible in Bridge? How can I do this? Or do I need another programm for this? Thanks for your help!

  • Jpegs 'missing' in edit mode

    Since upgrading to iPhoto 08 I have found a couple of problems. This one is the worst; Some jpegs show when browsing but will not display (their RAW versions will be okay). All of their information is there & their files are in the right place but iP

  • Still have not heard anything from anyone at Verizon

    I am still waiting.  I have followed.  I have been ignored.  I followed another person.  Nothing.  Please help me!!!  I have a $200.00 credit that is due me.  It has been months and I am only home at night.  I can't follow anyone during the day. Is t

  • IDs of DraftMessage-Reference changing after Message.Refresh

    Hello, we have a very weird behavior when accessing messages in the Mailbox folder with 660048 incoming messages and 48 outgoing messages. We retrieve a reference to a draft message by creating it with the following code: Mail5 draftmsg = (GroupwareT