OIM to OID Provisioning to cn=groups

We want to provision a user in to cn=groups in addition to cn=Users in OID.
Flow is like, when we provision a user into OID. It is getting provisioned into cn=Users.
But now depending on this user's User Type: If User Type is A or B. We want to provision this into cn=Groups (Which has two nodes cn=A and cn=B).
So if the user created & Provisioned has User Type=A, it should be added to cn=A in cn=groups and same for userType=B.
Requirement is we should have all the users of User Type=A in cn=A and similar for B. Please suggest the best approach to achieve this.
Thanks.
Regards,
Nitin

Hi,
Problem still exists: I've reconciled groups from OID to OIM running this task: OID Group Lookup Reconciliation Task.
Now i am able to see OID groups in Lookup.OID.Group. but when i try to add these groups from access policy/or during manual prov from OID User Group lookup search option, it is showing no value.
I tried checking UD_OID_USR from, it has UD_OID_GRP as child table. And when i preview UD_OID_GRP from design console, i am able to query OID Groups that i reconciled.
Also checked value of linked lookup in UD_OID_GRP: Lookup.OID.Group which is correct and populated good.
But not able to see same user groups through Admin console. It throws this error on search:
ERROR,28 Jul 2010 11:40:22,632,[XELLERATE.WEBAPP],Class/Method: tcLookupFieldAction/lookupByColumn encounter some problems: lookup Error
ERROR,28 Jul 2010 11:40:24,820,[XELLERATE.WEBAPP],Class/Method: tcLookupFieldAction/lookupByColumnFiltered encounter some problems: No Values Present
ERROR,28 Jul 2010 11:47:08,937,[XELLERATE.WEBAPP],Class/Method: tcLookupFieldAction/lookupByColumn encounter some problems: lookup Error
ERROR,28 Jul 2010 11:47:10,386,[XELLERATE.WEBAPP],Class/Method: tcLookupFieldAction/lookupByColumnFiltered encounter some problems: No Values Present
Help required urgently.
Regards,
Nitin

Similar Messages

  • OIM to OID provisioning

    I have a requirement where users need to be created into OIM bu running a one time Trusted Source Recon. Once the users are created on OIM we want to link the account on OID with the user account created on OIM. When we run a Target Recon for these users the OIM accounts are not getting linked to the OID account.
    Also when i create an user in OIM and try to provision the OID resource to him, he is getting Provisioned, whereas if i try to provision OID to a user created in OIM through Trusted Source Recon the status shows as Provisioning.
    Can anyone please help me out by letting me know what might be the difference between users created manually through OIM admin console and the ones created through Trusted Recon, since provisioning is not working for the second set of users.
    Thanks,
    Partha

    This indicates that your manual provisioning is working, but not target reconciliation.
    When you are running target reconciliation:
    Make sure that the scheduled job that you are running for target recon is given appropriate values in the parameters to be given.

  • OIM to OID Provisioning - Userid getting 'null' in OID

    OIM provisioned to OID. When Im creating a user in OIM and provisioning the OID resource, the userid is getting 'null' value in OID.
    Any reasons? How to fix this ?
    I have checked the design console and the ldapuserDNPrefix is mapped to uid.

    Hi,
    You have to had an another atrribute in order to make it work:
    Solution
    While creating a user account on Oracle Internet Directory through Oracle Identity Manager, the
    user ID that you specify is assigned to the cn field of Oracle Internet Directory.
    If required, you can customize the mapping so that the user ID is assigned to the uid field of
    Oracle Internet Directory.
    1.In the Design Console, open the AttrName.Prov.Map.OID lookup definition.
    2.Change the decode value of the ldapUserDNPrefix code key to uid.
    *3.Add the following item to AttrName.Prov.Map.OID lookup defintion*
    Code key "User ID", decode value "uid".
    Please note that Key is case sensitive.

  • OIM-OID Provisioning - OID Group PrePopulate Approach :

    Hi,
    I am working on OID Connector 9.0.1.14 with OIM 11.1.1.5.
    I have reconciled all the Roles and Groups from OID to OIM and can successfully provision users to the OID along with membership to these specific Roles and Groups.
    I want to prepopulate the OID Group based on certain attribute from the OIM User form. My Approach so far is :
    1) Created an Entity Adapter with a variable : say Org and GroupName.
    2) Set the Logic as if Org = XYZ (+XYZ does exist on OIM+) set GroupName as = "OID Group 1" else set GroupName as = "OID Group 2"
    3) Attached this adapter to the "OID User Group" form on the "Data Object Manager" at the pre-insert stage.
    4) Mapped the Adapter variable as :
    a) Org Maps to "Organization Definition" with the qualifier "Organization Name"
    b) GroupName maps to the "Entity Field" with the qualifier "UD_OID_GRP_GROUP_NAME"
    However nothing seems to happen when I create/modify a user with Orgization Name as XYZ and manually Provision the OID Resource. I can see the form but nothing is populated in the Group Field. Upon completing the request, I get the user provisioned to OID but without any Group information..
    Is my approach right ? Am I missing something ?

    Here is what I have done for a client. My requirement was for a given department, a user must have a list of groups provisioned to them. So here is what i've done:
    1. Create a lookup that has Code Key = Department, Decode = CN of the groups in a delimited format.
    2. Create a provisioning task that will look at the department code from the user form, reference the lookup and find the decode values. Split them based on a delimiter. Then using each value, lookup the code key value from the real lookup that contains the full distinguished name of the group in the OID Group lookup. I even appened the IT Resource Key and ~ so that my search would be Decode or Code = "IT Resource Name~CN=<CN VALUE>%". This would return only the single group code key value. And then i add it to the child table. Repeat this for all the values in the delimited field.
    3. Create a provisioning task that removes the values from the child table based on the delimited value. You'll need to search through the existing child table values.
    Once you have the 2 tasks, you'll want to add a value to the your Lookup.USR_PROCESS_TRIGGERS that is your group determining field. Create your task name in this lookup. On your provisioning workflow, for the Adding of the groups task, make this unconditional, and have a preceding task of the Create User. Give it the name from your Lookup.USR_PROCESS_TRIGGERS and append " - Add Groups" to the task name. Create another task called the same, but append " - Delete Groups" to the task name. On the Add Groups task, make the preceding task the Delete groups. When you map your inputs to the adapters, on the delete, select the old value check box from the User Form so that you get the old value. Now, when the value changes on the user form, it will first remove the old groups, then add the new ones. All this will be done using the child table APIs, so that the existing Insert and Delete task triggers for your child table will run.
    -Kevin

  • OIM-OID provisionning issue with external plug in with AD

    Hi OIM/OID Guru's,
    We are using OIM with OID connector and having external authentication plug-in feature of OID with AD. Here we are using OID for user profile storage and doing password validation by using external plugin through AD however we have been
    facing one issue which is mentioned below :-
    Whenever we are creating any user in through OIM and found that user is provisioned to the OID target source but populating wrong value of attribute orclSourceObjectDN in OID process form:-
    orclSourceObjectDN = cn=OIDTEST3,CN=Users,DC=oracle-test,DC=oracle,DC=com
    correct value should be orclSourceObjectDN =cn=OIDTEST3,CN=Users,DC=oracle,DC=com
    we don't have any container in OID with DC=oracle-test however not sure how the process form is picking up this value?
    However could you please put more light why it is appending wrong DN in OIM process form? Where should i check for this from OIM side?

    Hi Dear,
    thanks for your reply and we are using OIM 9.x version. Checked Root DN value as you suggested (see below snap shot for oid resource definition):-
    Admin Id     cn=username
    Admin Password     *******
    Group Reconciliation Time Stamp     
    Last Target Delete Recon TimeStamp     
    Last Target Recon TimeStamp     
    Last Trusted Delete Recon TimeStamp     
    Last Trusted Recon TimeStamp     
    Port     6060
    Prov Attribute Lookup Code     AttrName.Prov.Map.OID
    Prov Group Attribute Lookup Code     AttrName.Group.Prov.Map.OID
    Prov Role Attribute Lookup Code     AttrName.Role.Prov.Map.OID
    Role Reconciliation Time Stamp     
    Root DN     DC=oracle,DC=com
    SSL     false
    Server Address     My server name
    Use XL Org Structure     false

  • Provision a multivalued attribute from OIM to OID

    Hi,
    I have a requirement to provision a new multivalued attribute from OIM to OID.
    Steps followed:
    Created a child form
    Attached child form to the OID Parent form
    Created a process task adapter.
    Created a task in process definition and the attached the adapter
    Adapter code.
    public String addChildData(tcDataProvider ioDatabase, long procInstKey, long childDefKey){
              try{
                   tcFormInstanceOperationsIntf formInstOper = (tcFormInstanceOperationsIntf)tcUtilityFactory.getUtility(ioDatabase, "Thor.API.Operations.tcFormInstanceOperationsIntf");
                   HashMap testval = new HashMap();
                   testval.put("UD_TESTCHIL_TESTGROUP","abcd2134");
                   System.out.println("testval..."+testval);
                   long formreturn = formInstOper.addProcessFormChildData(childDefKey,procInstKey,testval);
                   System.out.println("formreturn" +formreturn);
              catch(Exception e){
                   System.out.println("exce" +e);
              return "Success";
    After attaching while provisioning I am seeing both parent and child forms. I have provided the values and its successfully provisioning.
    But how I can provision the new OID multivalued attribute. We have to do any setting in the lookup?
    Regards,
    KK

    Just create your new adapter for add and delete from this new child table just like the other triggered tasks. If it's a multi value on the user profile, use the adapter for Add Multi Value Attribute that comes with the connector. In the property name, put in your multi value attribute name, and map the value from the child table.
    -Kevin

  • Extend Provisioning (from OIM to OID) for already provisioned resources

    We use OIM 9.1.0 to provision users to several target systems, for example OID. Not all information stored for a user in OIM is also provisioned to OID (for example department or location or phone is only stored in OIM). The provisionig task automatically is created via access policys.
    This works fine.
    Now we want to provision some more data (including department and location) to OID. So I changed the oid connector configuration to also provision these fields. This works fine for new users (which are not already provisioned to oid).
    But we also need these additional fields in OID for users which have already been provisioned in the past. How can this requirement be implemented? Is there a way to resubmit these provisiong tasks oder to automatically update the process form.

    Create a schedule task which will read the data from OIM User Profile and update the process form using tcFormInstanceOperationsIntf OIM APIs.
    Also create their Label Name updated task in OID Workflow (Process Defintion)

  • EBS 12.1.3 Security - Provision the complete group in OID as responsibilities in EBS

    I need some help on EBS related security. • Running EBS - 12.1.3, OID, OAM, DIP provisioning profile • Have a BI tool which adds user responsibilities in OID groups. • Users are added as members to group in OID. • Right now only the user names in OID are provisioned to EBS. • Is there a way to provision the complete group in OID as responsibilities in EBS? • Does EBS 12.1.3 Security architecture allow this ?  Any kind of documents related to this would be helpful. Thanks

    Our hosting provider has now setup "pdf2ps" on AIX level. It works correctly with "root" user. But with "applmgr" user, it gives the following error:
    Does "<10.1.2 OH>/jdk/jre/bin/libjpeg.a" exist?
    Do you have "libjpeg.so.62" package installed?
    Can you compare the PATH settings for both root and applmgr user and see if there is a difference?
    Have you reviewed (How To Print XML Publisher PDF Reports From The Concurrent Manager (Doc ID 338990.1))?
    Thanks,
    Hussein

  • Queuing/Retrying 'Rejected' status OID Process Tasks: OIM-OID provisioning

    Hello Gurus,
    I have already up and running environment with OIM, OID connector pack and OID as the target system. So when a user data (for e.g. a UDF) is being provisioned from OIM to OID target system; if a process task comes back with 'rejected' status due to target unavailability/OID down; then is there any settings that we can configure within OIM design console that queues up and retries these 'rejected' tasks related to each individual user?
    Is there any setting within any of the OID lookups such that we can set a retry count for such process tasks?
    The goal is without human intervention all these 'rejected' process tasks should run successfully and be set to 'completed' status. If the target system is unavailable then there should be a way to run all these failed tasks - is my assumption.
    Is it by anyway related to 'Offline Provisioning'?
    Please provide some guidelines.
    Thanks,
    - oidm.
    Edited by: oidm on Mar 16, 2010 10:34 PM

    But it'll only allow us to 'retry' those specific tasks for a limited number of times and limited period of time. And will this task be retried only if its 'rejected' or it'll be retried for whatever number of times we specified?
    What if the target system doesn't come up for the whole day? Can we specify some value for the same in 'Duration' fields?
    So all in all if we talk about retrying the failed/rejected tasks we just have these options in hand as far as task 'status' is concerned?
    Thanks,
    - oidm.

  • OID provisioning via OIM

    OID provisioning from OIM
    i have deployed and configured OID connector but users not provisioned to OID. it gives INVALID_NAMING_ERROR. what could be the possible reason.

    please check and reply :
    View IT Resource Details and Parameters
    IT Resource Name OID IT Resource
    IT Resource Type OID Server
    Port 389
    Use XL Org Structure false
    Last Trusted Delete Recon TimeStamp
    CustomizedReconQuery
    SSL false
    Server Address 10.76.118.72
    Recon Attribute Lookup Code AttrName.Recon.Map.OID
    Root DN dc=ad,dc=infosys,dc=com
    Admin Id cn=orcladmin,cn=Users,dc=ad,dc=infosys,dc=com
    Last Target Recon TimeStamp
    Last Target Delete Recon TimeStamp
    Last Trusted Recon TimeStamp
    Admin Password *********
    Prov Attribute Lookup Code AttrName.Prov.Map.OID

  • OIM OID PROVISIONING-RECONCILIATION

    hi
    i m using OIM with OID for provisioning and reconciliation
    while i reconcile from OID to OIM changes are reflected in OIM user profile
    while provisioning from OIM to OID ,when i make some changes in user profile, it does not get reflected in process form. i need to make the changes again in process form ,then only it gets reflected in OID.
    the process becomes very cumbersome. how this can be resolved ?

    Well for that you need to configure proper Change Field type process tasks which will actually transfer information from User Profile to process form.
    Refer look up USR_PROCESS_TRIGGERS for more details. You might also have a look at similar threads like following.
    Re: Password Update Task for OID Process form
    Thanks
    Sunny

  • User Provisioning not working from OIM to OID

    Hi All,
    I am trying to create new user from OIM to OID, am getting following error message on console...
    Response: INVALID_NAMING_ERROR
    Response Description: Naming exception encountered
    Notes:
    In logs files while creation am getting following message....
    INFO,09 Oct 2011 23:37:50,253,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,253,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_ALIAS
    INFO,09 Oct 2011 23:37:50,253,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_CUSTID
    INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_IVRPIN
    INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_USERAPPSTATUS
    INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_CREATEDDATE
    INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_OAMLOCKTIME
    INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
    INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_PASSWORD_EXPIRE
    INFO,09 Oct 2011 23:37:50,257,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
    Please help me on this....
    Thanks in Advance
    YJR

    That is not the log output of the OID connector. Check the connector docs, and enable the OID logging only. The INVALID_NAMING_ERROR means something is wrong with the naming of your object. Most likely there is an LDAP error output somewhere, but all the output you provided is info level, nothing wrong with it.
    -Kevin

  • OIM - Provisioning of a Group to Active Directory

    Hallo,
    When I provision a AD Group resource I get the following exception:
    08/06/02 11:44:40 Running Get Attribute Map
    08/06/02 11:44:40 Running Get Path
    08/06/02 11:44:40 Running Create Group
    ERROR,02 Jun 2008 11:44:41,600,[XL_INTG.ACTIVEDIRECTORY],Problem creating object: javax.naming.directory.InvalidAttributeValueException: [
    LDAP: error code 21 - 00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece^@]; remaining name
    'cn=Xellerate Users'
    I am using the standard form that is provided with the Connector for Microsoft Active Directory 9.0.4.
    Thanks

    The group name wasn't too long. There was a problem in Lookup Definition of the Group Type. I could solve this problem.
    Best regards

  • Provisoning users from OIM to OID having org other than xellerate users

    Hi,
    when i provision a user belonging to default Xellerate Users organization in OIM to OID, it is done.
    what changes do i need to do if a want to provision a user in any other organization say 'MyCompany' to OID user
    (it gives naming exception error when i try doing so)

    let me explain what I am trying to acheive.
    I create a user using flat file reconciliation such that the user is created in organization say 'XYZ'. Also I've created a group say XYZmember (membership rule is organization name=XYZ)
    I created an access policy such that whenever a user who is a member of XYZmember group(means organization name is XYZ)is created in OIM the user gets provisioned to OID and will be assigned an OID role say role1.
    Now when i create a user with XYZ as organization,he becomes a member of XYZmember group.... according to access policy he should be provisioned to OID user and assigned role1
    But it gives naming exception error.
    i want to know if i create a user in some org other than xellerate users will it get provisioned to OID? and HOW?

  • Bulk Load from OIM to OID

    hi,
    i am trying to figure out how to move existing user from OIM to OID in bulk.
    Is there anyway by which we can move all the existing user in OIM simultaneously rather than one by one through resource profile by provisioning.
    Regards
    Pegasus

    I don't know if I understood the question, ignore me if I'm wrong.
    If you want to provision all your users in a Resource you can do the following:
    1) Create an "Access Policy" through Admin. Console, wich provisions your OID Resource (ensure you check the "Retrofit Access Policy" Checkbox!)
    2) When creating the Policly you'll be asked to select the Users Groups that will be affected by the policy. As all OIM users belong to "ALL USERS" group, you can assign your Access Policy to this group. By the way I would consider to create a new Users Group if there is any chance that you add a user to OIM who you won't need to be provisioned in OID.
    You can have a look to chapters 10 and 11 in the Admin. Console Documentation:
    link
    Shout me if I missunderstood you ;)
    Regards,

Maybe you are looking for

  • How can I use apps downloaded by different users on the same iPad?

    I have a 'work' iPad so the apps on it have been downloaded using two different accounts. Which was fine until I did an update at the weekend and suddenly I can only use the one's I downloaded. Is there anyway of 'sharing' these apps so who logs in c

  • Best Practice on using and refreshing the Data Provider

    I have a �users� page, that lists all the users in a table - lets call it master page. One can click on the first column to of the master page and it takes them to the �detail� page, where one can view and update the user detail. Master and detail us

  • Unable to install itunes error 7 and windows error 193

    I could not update my itunes. I have Windows 7. I got an error 7 and windows error 193. I followed itunes Microsoft.Net fix but it did not work. I get a message to reinstall. Itunes is successfully installed. But then there is a message that I need t

  • Reading in a File Locally and outputting to XML

    Hello all, I want to read in a local file and output it to a JDOM document. Can anyone provide assistance. Thanks!

  • Loading photos from a flash drive into my Catalog

    I am a "neophyte" Photoshop Elements 10 user.  I installed over 14,000 original digital photos from CDs and DVDs into my Catalog without any problems.  My wife copied some very old (scanned) family photos (black & white, pre-1930) onto a flash drive