OIM to OID direct provisioning to a particular OU

Hello - Can some one suggest if provisioning to a partciluar ou in OID directory is possible from OIM using configuration as oppose to coding?
let say, my DIT looks like this:
dc=abc,dc=com
o=Org-A
-     ou=unit1A
-     ou=unit2A
-     ou=unit10A
o=Org-B
-     ou=unit1B
-     ou=unit2B
-     ou=unit10B
I can provision user account to OID fine OTTB i.e. using the default connector configuration and adding them to cn=users container.
But now if I want to add user to a particular ou in OID then what is required (high level steps would be great).
Just to clarify, I want to pick the ou during user creation e.g. if I want i should be able to pick ou=unit1A or ou=unit1B.
Thank you.
Edited by: user9231583 on 09-Mar-2010 21:08
Just wanted to update the question, after testing few fields I can provision user account to either o=Org-A level or if I can create a new ou under the top node dc=abc,dc=com then I can provision the user but I am not sure what config changes are required to add user under the unit1a or unit2a? Any suggestions please.

Thanks everyone who replied but I guess I have not explained it clearly, The question is how to provision under an ou=Unit1A that is under o=Org-A.
Here is some information that I have configured that might help to point me to the right direction. I would appreciate any help. hopefully it make sense.
The process form contain Container DN field. This field is defined as LookupField in the process form.
The lookup table from which the Container DN gets the value is Lookup.OID.Organization
I have populated my Lookup.OID.Organization with the Organization units that I have created in OID; from my above example it contains values like
Code key Decode
ou=Unit1A unit1A
ou=Unit2A unit2A
ou=Unit1B unit1B
etc
The values for ldapOrgDNPrefix and ldapOrgUnitObjectClass in Lookup.OID.configuration is set as follows:
ldapOrgDNPrefix=ou
ldapOrgUnitObjectClass=organizationalUnit
When I try to provision user to these ou (unit1A or unit1B), i get "no such object" return error which makes sense since OIM is trying to add this user under ou=unit1A,dc=abc,dc=com which does not exist in OID. It should be ou=unit1A,o=org-A,dc=abc,dc=com but I am not sure how to tell that to OIM.
Just to you know:
I can provision either at the o=Org-A level by changing the values in Lookup.OID.configuration lookup table to ldapOrgDNPrefix=o and ldapOrgUnitObjectClass=organization
OR
If i create an organizational unit ou=Test under the top node i.e. dc=abc,dc=com and then change the values in Lookup.OID.configuration lookup table to ldapOrgDNPrefix=ou and ldapOrgUnitObjectClass=organizationalUnit then I can provision to ou=Test.dc=abc,dc=com
but I am not able to provision under ou=unit1A if it is under o=Org-A.
Thank you.

Similar Messages

  • [OIM] Error in Direct Provisioning (with auto save form) - GTC DB App Table

    Hi,
    I am getting an error when setting up direct provision of a GTC DB App Conn using OIM access policy (and group membership) or through manual provisioning with prepopulate and auto save form.
    Manual provisioning with prepopulate ONLY (not with auto save form) WORKS!!!
    Some information about my OIM config:
    - Prepopulate adapters are set up on both forms (parent and child)
    - "Auto prepopulate" and "Auto save form" are set up at Process Definition
    - For direct provisioning, I have created an access policy with an associated group which has a membership rule
    What it is working:
    - Provisioning manually, using prepopulate adapters only, not auto save form. Both tables are updated properly
    - All *3 tasks are called and finished with status=Completed*: "System Validation", "Create User" and "Child Table UD_<connector child table name>_US row Inserted"
    Testing direct provisioning:
    - I have tested adding the resource manually with prepopulate and autosave form configured, and also through access policy/group membership. The error is the same on both tests
    - The resource is displayed as provisioned and it is created an entry in the parent table of the resource, but not on child table
    - I also observed that only: "System Validation" and "Create User" tasks were executed (status=Completed). But it is missing the task "Child Table UD_<connector child table name>_US row Inserted"
    - The error log info displays only an error regarding to UGP table (Groups info) but I am not sure if that is the cause of entry creation on child table.
    It seems the SQL stmt tries to get ugp_name (group name) using ugp_key but that has null value.
    "SELECT ugp_name FROM ugp WHERE ugp_key=java.sql.SQLSyntaxErrorException: ORA-00936: missing expression"
    Note: When testing manually (without auto save form), I got "SELECT ugp_name FROM ugp WHERE ugp_key=1" which it is the same SQL stmt but the value is provided.
    My guess:
    - It seems that error is aborting the whole execution process so "Child Table UD_<connector child table name>_US row Inserted" task does not run, even though previous tasks are finished with the status=Completed. Consequently, the entry is not created on child table.
    Please, any guess or help would be very helpful. In case nothing works, I guess I will have to create and customize a "Update child Form" task as an workaround which would be called after "Create User" task.
    Regards,
    Hugo
    My environment:
    - Windows 2003, WebLogic 10.3.0.0, OIM 9.1.0.2 BL4, Oracle 10g, Java 1.6, DB App Table Connector 9.1.0.2 (from October 2009)
    - Target Resource: Parent and Child Table (Oracle 10g - the same OIM DB)

    An update:
    I solved that error about "ORA-00936: missing expression" applying OIM 9.1.0.2 BP05. That was not impacting my issue regarding direct provisioning with auto save form and child form.
    So please if anyone can confirm:
    - Can I set up prepopulate adapters on child forms AND also use "auto save form" on GTC DB App Table connector?
    If not, any suggestion?
    Regards
    Hugo

  • OIM to OID provisioning

    I have a requirement where users need to be created into OIM bu running a one time Trusted Source Recon. Once the users are created on OIM we want to link the account on OID with the user account created on OIM. When we run a Target Recon for these users the OIM accounts are not getting linked to the OID account.
    Also when i create an user in OIM and try to provision the OID resource to him, he is getting Provisioned, whereas if i try to provision OID to a user created in OIM through Trusted Source Recon the status shows as Provisioning.
    Can anyone please help me out by letting me know what might be the difference between users created manually through OIM admin console and the ones created through Trusted Recon, since provisioning is not working for the second set of users.
    Thanks,
    Partha

    This indicates that your manual provisioning is working, but not target reconciliation.
    When you are running target reconciliation:
    Make sure that the scheduled job that you are running for target recon is given appropriate values in the parameters to be given.

  • Provision a multivalued attribute from OIM to OID

    Hi,
    I have a requirement to provision a new multivalued attribute from OIM to OID.
    Steps followed:
    Created a child form
    Attached child form to the OID Parent form
    Created a process task adapter.
    Created a task in process definition and the attached the adapter
    Adapter code.
    public String addChildData(tcDataProvider ioDatabase, long procInstKey, long childDefKey){
              try{
                   tcFormInstanceOperationsIntf formInstOper = (tcFormInstanceOperationsIntf)tcUtilityFactory.getUtility(ioDatabase, "Thor.API.Operations.tcFormInstanceOperationsIntf");
                   HashMap testval = new HashMap();
                   testval.put("UD_TESTCHIL_TESTGROUP","abcd2134");
                   System.out.println("testval..."+testval);
                   long formreturn = formInstOper.addProcessFormChildData(childDefKey,procInstKey,testval);
                   System.out.println("formreturn" +formreturn);
              catch(Exception e){
                   System.out.println("exce" +e);
              return "Success";
    After attaching while provisioning I am seeing both parent and child forms. I have provided the values and its successfully provisioning.
    But how I can provision the new OID multivalued attribute. We have to do any setting in the lookup?
    Regards,
    KK

    Just create your new adapter for add and delete from this new child table just like the other triggered tasks. If it's a multi value on the user profile, use the adapter for Add Multi Value Attribute that comes with the connector. In the property name, put in your multi value attribute name, and map the value from the child table.
    -Kevin

  • Direct provisioning through API - OIM 11g

    Hi,
    OIM 11g here. I am trying to use the APIs to make direct provisioning. What i have done till now:
    tcUserOperationsIntf userIntf = (tcUserOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");
    ResourceData rd = userIntf.provisionResource(userkey, objectkey);
    now, in the ResourceData object i have two ids, obiKey and ouiKey. Now i need to extract the process instance key with those numbers. How can i do this?
    Using the userIntf getObjects method i can get the list of objects provisioned, iterate over it and retrieve the process instance key of the object which matches obiKey and ouiKey. Is there an easier method to do this?
    Another question, which one is the process instance key, ORC_KEY or ORC_TOS_INSTANCE_KEY ?
    Last, how do i trigger the task responsible for provisioning given the filled process form?
    thx in advance

    Ok, i guess the process instance key is ORC_KEY.
    Now i am trying to provision through APIs a resource object (say AD User) to an OIM user. I have used the provisionResource(userkey, objectkey) method, but the Create User task is not put in the Resource History (there is only the System Validation Task), and i don't know how to look for it's task id to add it manually.

  • OIM-OID 11g provisioning connector

    Hi all,
    we are performing OIM-OID (both 11.1.1.5) user provisioning, please can anybody let me know which version of connector we have to use and provide us the steps to perform the installation of the connector.
    We used 9.0.4.12 connector for OIM 9i. If we have to use different version of connector for 11g other than this please provide the link and version detail of the connector.
    Thank you.

    Hi,
    Where you able to achieve this?? i have similar requirment where, i have added 5 custom attributes in both OIM and OID, when i create the users these attributes doesnot get updated on OID....should i add these UDF in any objectclass which OIM understands??please suggest
    Thanks in advance

  • OIM 11g-configure SoD so that it works for direct provisioning of the roles

    Dear All,
    page 23-3 of Developer's Guide (OIM 11g) provides information regarding configuration of the SoD for Direct provisioning of the resources. How to configure SoD so that it works for direct provisioning of the roles?
    Thank you for your time
    Maria

    Rajiv,
    I did not find the documentation regarding this. But I hoped I will.
    In my project we assign roles directlly, not resources.
    I suspect the integration with Role Manager is required in this case. SoD module in OIA should be used then.
    Maria

  • User Provisioning not working from OIM to OID

    Hi All,
    I am trying to create new user from OIM to OID, am getting following error message on console...
    Response: INVALID_NAMING_ERROR
    Response Description: Naming exception encountered
    Notes:
    In logs files while creation am getting following message....
    INFO,09 Oct 2011 23:37:50,253,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,253,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_ALIAS
    INFO,09 Oct 2011 23:37:50,253,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_CUSTID
    INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_IVRPIN
    INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_USERAPPSTATUS
    INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_CREATEDDATE
    INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_OAMLOCKTIME
    INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_PASSWORD_EXPIRE
    INFO,09 Oct 2011 23:37:50,257,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    Please help me on this....
    Thanks in Advance
    YJR

    That is not the log output of the OID connector. Check the connector docs, and enable the OID logging only. The INVALID_NAMING_ERROR means something is wrong with the naming of your object. Most likely there is an LDAP error output somewhere, but all the output you provided is info level, nothing wrong with it.
    -Kevin

  • Provisoning users from OIM to OID having org other than xellerate users

    Hi,
    when i provision a user belonging to default Xellerate Users organization in OIM to OID, it is done.
    what changes do i need to do if a want to provision a user in any other organization say 'MyCompany' to OID user
    (it gives naming exception error when i try doing so)

    let me explain what I am trying to acheive.
    I create a user using flat file reconciliation such that the user is created in organization say 'XYZ'. Also I've created a group say XYZmember (membership rule is organization name=XYZ)
    I created an access policy such that whenever a user who is a member of XYZmember group(means organization name is XYZ)is created in OIM the user gets provisioned to OID and will be assigned an OID role say role1.
    Now when i create a user with XYZ as organization,he becomes a member of XYZmember group.... according to access policy he should be provisioned to OID user and assigned role1
    But it gives naming exception error.
    i want to know if i create a user in some org other than xellerate users will it get provisioned to OID? and HOW?

  • Bulk Load from OIM to OID

    hi,
    i am trying to figure out how to move existing user from OIM to OID in bulk.
    Is there anyway by which we can move all the existing user in OIM simultaneously rather than one by one through resource profile by provisioning.
    Regards
    Pegasus

    I don't know if I understood the question, ignore me if I'm wrong.
    If you want to provision all your users in a Resource you can do the following:
    1) Create an "Access Policy" through Admin. Console, wich provisions your OID Resource (ensure you check the "Retrofit Access Policy" Checkbox!)
    2) When creating the Policly you'll be asked to select the Users Groups that will be affected by the policy. As all OIM users belong to "ALL USERS" group, you can assign your Access Policy to this group. By the way I would consider to create a new Users Group if there is any chance that you add a user to OIM who you won't need to be provisioned in OID.
    You can have a look to chapters 10 and 11 in the Admin. Console Documentation:
    link
    Shout me if I missunderstood you ;)
    Regards,

  • OIM User Creation Error After OIM and OID Intregation

    Hi,
    I am new in oim and i am getting popup error message for user creation from OIM application after oim and oid intregation through libovd.
    Error message : LDAP create event failed : orclguid attribute has duplicate value.
    please guide me for resolving error.
    Thanks & Regards,
    Rajeev

    Hi,
    Thanks for reply...i checked1307549.1 in metalink, In that link they are telling us to modify some tables in the data base.i have some question regarding the following steps please help.
    === ODM Solution / Action Plan ===
    1. Use the following query to find fields with "plain text" values:
    select svr.svr_name, spd.spd_field_name, svp.svp_key, svp_field_value
    from svp
    inner join spd on spd.spd_key = svp.spd_key
    inner join svr on svr.svr_key = svp.svr_key
    2. Set these plain text values to null after making backup of table.
    *(kashyap:: Which fields values we have to change)*
    3. Edit the Directory Server to re-set values.
    *(kashyap:: could you please explain this)*
    Expected error at this stage:
    -- no "System Error call admin...", but that makes sense since the values in question pertained directly to the Directory Server --

  • Direct Provisioning AD - User Update Question

    Hello,
    I was able to successfully provision user to Active Directory by direct provisioning (Adding AD User from resources tab). However when i update user profile in OIM corresponding AD User resource form data is not getting updated. So when i add the task (through resource history) of updating say first name or email address, the updates are not going through. Am i missing something? how does the AD User resoruce form data get updated.
    thanks in advance,
    Prasad.

    sorry i did not provide all the details i guess. I am getting close i think but here is what i have done so far:
    1. Lookup.USR_PROCESS_TRIGGERS - added USR_EMAIL and "Change Email"
    2. "AD User" Provisioning process definition - Added "Change Email" task (details below)
    General tab - task name (Change Email), conditional - checked, required for completion (checked), allow cancellation while pending (checked), Allow multiple instances (checked), task effect (no effect)
    Integration TAb -
    added "adpADCSCHANGEATTRIBUTE, status ready,
    adapter variable (variable name - adapter return value), (data type - string), Map To (Response Code)
    adapter variable (variable name - sConfigurationLookup, (data type - string), (map to - literal), (Qualifier - String), (Literal Value, Lookup.AD.Configuration)
    adapter variable (variable name - ADServer, (data type - IT Resouce (AD SErver)), (map to - Process Data), (Qualifier - AD Server)
    adapter variable (variable name - processKeyInstance, (data type - string), (map to - Process Data), (Qualifier - process instance)
    adapter variable (variable name - propertyName, (data type - String), (map to - literal), (Qualifier - String), (Literal value - mail)
    Everything else is the default. The task is getting fired and Active directory account is getting an empty field, because the value in OIM attribute is not getting sent to the resource AD User Form. I reused one of AD connector's adpADCSCHANGEATTRIBUTE adapter for this. does this not work, is there anything else that i need to do.
    Created a pre-populate adapter - AD Prepopulate E Mail and addeded ito AD USER form. The form value still is not getting update with OIM value, I am doing something wrong here i guess.
    I can provide more detail if needed.
    Thanks much,
    Prasad.
    Edited by: Prasad on Oct 27, 2011 12:32 PM
    Edited by: Prasad on Oct 27, 2011 2:56 PM

  • Integrate a EBS, OIM ,and OID with orclGUID

    Hi expert,
    I already connect OID and EBS with OIM.
    My scenario is when I provisions user from OIM to OID, OID will generate orclGUID and I want this parameter to get back to OIM.
    Next, I want to provisions user to EBS and insert orclGUID to SSO GUID field to EBS provisioning form.
    My question is "How I get orclGUID from OID to EBS via OIM ?" .
    Noraset,

    Hi Bikash,
    I don't know the way to create task.
    Can you briefly explain to me or provide some document ?
    Thank,
    Noraset
    PS. I found something in EBS IT resource (SSO Enabled, SSO IT Resource, SSO Identifier, SSO Login Attribute) <<< Can it solve my problem ?
    Edited by: Noraset on May 3, 2013 3:51 PM

  • Integration and reconciliation of OIM and OID

    I need to do integration with OID and OIM, when i import the XML file, there are two XML files,
    1) oimOIDuser
    2) oimUser
    which xml should be used for the integration of OIM and OID.
    and for the trusted source Reconciliation.
    -sudhan elango.

    oimOIDUser.xml
    If you are using OIM 9.1.0 or later then you don't have to import the connector
    You can install it by copying the contents of the installation in OIM_HOME/xellerate/ConnectorDefaultDirectory
    and then Deployment Manager-> Install connector and from the connector list select OID connector and Load
    Hope it helps,
    Saggu

  • Creation of users in OIM from OID, where OID is target resource

    Hi,
    I am new to OIM. We have a scenario where we have OIM and OID. The users are being created in OID. Now we need to get these users to the OIM system to use the Change Password, Forgot Password functionalities of OIM. Can we have OID as the target resource for OIM and have a reconciliation done to get all the users from OID and have them created in OIM.
    Or this possible only when OID is the Trusted Source?
    Thanks in advance,

    Re: OIM's Trusted Source

Maybe you are looking for

  • How can I create a diagram where equal data from different cells will be added to one sector?

    Hi, I'm a new Mac user, so I have a lot of problems and questions every day. Moving to Mac from PC is not an easy thing) Here is my problem: I need to create a few diagrams for my science work, but can't correct one mistake. Every time one data from

  • How to validate a date in date picker

    Dear All, ADF BC and ADF faces page, in the page there is a date picker field where i need to apply validation(i.e. select date is greater than the sysdate), i added a validation in the entity object on the corresponding field, using a compare valida

  • How to detect Non-English characters

    I have a report containing Korean language and English in a single column. My requirement is to detect the Korean language and pass it to the place holder column and detect English language and pass it to other place holder column. Please help me guy

  • Oracle 9i Database Registration Key Needed

    Greetings, please email the registration key for the Oracle 9i database software installation so that I may proceed. I received a page not found error when attempting to register.

  • Load Images

    Hello Could you please assist me with such issue I am using a Canvas object like a container for images (Image class). My application loads 500-1000 images (tiles) dynamically and then displays them. Everything works fine but the memory grows up to 3