OIM Unix Connector : creating mirror shadow ,passwd file

Hi ,
I am deploying unix ssh connector and want to understand why I should create mirror file? reason for asking this is if I create user with password and that password is going to be in mirror file then who / how we make system to recognize that user is created with xxxx password.
Thanks In Advance.
Regards,
Ankit

How the code works, you need to at least have the files there. The code will copy and sort those files and compare with the passwd and shadow file to determine if any new users have been added.
And to perform a full recon, you must make sure the passwd1 file is empty.
-Kevin

Similar Messages

  • OIM 11.1.1.5.0 BP02 Generic UNIX Connector Configuration Problem

    I have an inquiry regarding the configuration of the Generic UNIX Connector on 11.1.1.5 of OIM. Basically, when I try to do Primary Group Recon and Shell Recon, I get an error saying:
    Oracle.iam.connectors.icfcommon.exceptions.IntegrationException: The value for a key [Host] is not defined in the provided map.
    I have followed the documentation of the UNIX guide connector and also created an attribute in OIM Design Console called privateKey[LOADFROMFILE] containg a value of file:\\\home\oracle\Oracle\Middleware\Oracle_OIM1\server\ConnectorDefaultDirectory\SSH\config\oim_rsa.
    I also tried to provisioned a user with the UNIX resource but I get an error message saying:
    Running CREATEUSER
    Target Class = oracle.iam.connectors.icfcommon.prov.ICProvisioningManager
    <Jul 2, 2012 6:20:32 PM PHT> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER> <BEA-000000> <oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user
    oracle.iam.connectors.icfcommon.exceptions.IntegrationException: The value for a key [Host] is not defined in the provided map.
    at oracle.iam.connectors.icfcommon.util.MapUtil.getRequiredValue(MapUtil.java:94)
    at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:122)
    at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:133)
    at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:141)
    at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.createObject(ICProvisioningManager.java:253)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpUNIXCREATEUSER.CREATEUSER(adpUNIXCREATEUSER.java:109)
    at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpUNIXCREATEUSER.implementation(adpUNIXCREATEUSER.java:54)
    at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
    at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
    at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2917)
    at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:547)
    at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
    at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
    at com.thortech.xl.ejb.beansimpl.tcProvisioningOperationsBean.retryTasks(tcProvisioningOperationsBean.java:4042)
    at Thor.API.Operations.tcProvisioningOperationsIntfEJB.retryTasksx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
    at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
    at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at $Proxy329.retryTasksx(Unknown Source)
    at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
    at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
    at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.retryTasksx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
    at $Proxy167.retryTasksx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
    at $Proxy328.retryTasksx(Unknown Source)
    at Thor.API.Operations.tcProvisioningOperationsIntfDelegate.retryTasks(Unknown Source)
    at com.thortech.xl.webclient.actions.ResourceProfileProvisioningTasksAction.retryTasks(ResourceProfileProvisioningTasksAction.java:702)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
    at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
    at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
    at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
    at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
    at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
    at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
    at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
    at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
    at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
    at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
    at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:108)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    >
    I would like to ask if there some configuration step I have missed upon which causes this error?
    Thanks in advance!

    Thanks for the reply! found out that I populated Connector Server with a value hence it was giving out this error. Thanks!
    Edited by: 940359 on Jul 2, 2012 9:08 PM

  • OIM 11GR2 UNIX Connector Reconcile users from UNIX inquiry

    Good Day!
    I would like to ask whether there is a way in OIM that when I reconcile all new users from my UNIX server, OIM will also create the resource which this user is provisioned upon?
    Here is my scenario:
    1.) Freshly installed OIM 11GR2.
    2.) Installed UNIX connector on OIM 11GR2.
    3.) Configured UNIX TRUSTED Resource
    4.) Reconciled all the UNIX users into OIM. (New users are created since my OIM doesn't have any user)
    5.) The problem is when the new users are now created in OIM, they don't have entitlements or accounts linked to the UNIX server which they have been pulled upon.
    I would like to ask whether I need to configure something to have the entitlements/accounts linking possible?
    If not, what are the ways I can achieve this?
    The only way I can think of is have the UNIX users be created in a flat file first then load via GTC then have reconciliation to have OIM to link these users to UNIX which I believe should be able to do the scenario I am asking upon.
    Thanks in advance!
    Regards,
    Jeff

    By the way, checking target resource recon by default will not create new users when OIM is not able to establish a link.
    In my case, OIM doesn't have any users since this is a fresh install hence even running target resource at start will won't create the new users in OIM right?
    based from this:
    "You configure application (AD, OID, OVD, HR) etc in Target Resource Mode if that OIM is source of truth for user provisioning (All users are created in OIM and OIM then provision accounts in Application. Any changes in Application are reconciled back to OIM)."

  • Deploying the UNIX connector in OIM

    Hi All
    Am trying to deploy the UNIX connector for OIM. The connector is deployed to connect to Red hat Linux 3.0 but am having difficulties in confinguring ssh. Am using the documetation provided by the connector. But when i try to test for connectivity it is always asking for the passphrase and sometimes the root user password
    Is there another doc that i can use to configure the same?
    Or does any one know of a proper way?
    Please.
    Thank you.

    Thanks for the heads up atleast now after changing the shell to $ and not using the private key we were able to see some progress from jboss even though when try to provision the user, the user is not being created. The promising message we are getting from
    [STDOUT] Target Class = com.thortech.xl.integration.telnetssh.helper.SSHProvisioning
    [TELNETSSH] Setting targetEnglishLocale:export LANG=en_US.UTF-8
    [TELNETSSH] ***SSHRecon:Init: Entered Method
    [TELNETSSH] ***SSHRecon:execute: Entered Method
    [TELNETSSH] Setting targetEnglishLocale:export LANG=en_US.UTF-8
    [TELNETSSH] in ssh
    [TELNETSSH] TelnetSSHUtil/executeCommand :login success
    [TELNETSSH] in ssh
    [TELNETSSH] TelnetSSHUtil/executeCommand :login success
    [TELNETSSH] in ssh
    [TELNETSSH] TelnetSSHUtil/executeCommand :login success
    [TELNETSSH] in ssh
    [TELNETSSH] TelnetSSHUtil/executeCommand :login success
    [TELNETSSH] in ssh
    [TELNETSSH] TelnetSSHUtil/executeCommand :login success
    [TELNETSSH] Recon Ends
    [STDOUT] Running SSHCREATEUSER
    [STDOUT] Target Class = com.thortech.xl.integration.telnetssh.helper.SSHProvisioning
    [TELNETSSH] Setting targetEnglishLocale:export LANG=en_US.UTF-8
    [STDOUT] Running SSHCREATEUSER
    [STDOUT] Target Class = com.thortech.xl.integration.telnetssh.helper.SSHProvisioning
    [TELNETSSH] Setting targetEnglishLocale:export LANG=en_US.UTF-8
    But was unable to verify that the allow root login was set. How do i verify this and where?
    Thanks

  • Can anyone help me?Creating the shadow copies in the file server cluster ,there are some errors occured, OS version is WSS 2012

    I construct a failover cluster(file server,AP module) for sharing files by WSS 2012,and I want to use the shadow copies to backup my data,but when making  a shadow copies on the volume which  is added to the cluster(not the CSV,just add
    it to the cluster and use it to share files,it plays the role of file server),there are some errors occured, these errors result in the shadow copies failed,error likes the following pictures:
    1: the disk F is added to the cluster,first I make the shadow copies by click the right key of mouse on the disk F,and chouse the configeration shadow copies,and click the settings, then click the schedule , and I wait just a few seconds, the error is appeared,like
    this picture 1, the wait operation timed out,and then ,
    I click the schedule button once again,a different error occured,like the following picture," the object already exists",if i don't set the schedule at first ,use the default shedule,and click the enable button also the same  error must 
    accure
    but the only diffrence is that, a shadow copy time point is created, also ,you can make the shadow copies by click " create now", that is creating the shadow copies manually. Although it can succesfully make the shadow copies, but when I select
    a time point to revert, error  occured, "A volume that contains operating system files or resides on a cluster shared disk cannot be reverted" 
    In a word,all the errors above make the shadow copies by schedulling failed,except making the shadow copies manually,but what makes me confused is that I have ever maked the shadow copies succesfully by schedul a policy,I don't know what makes it succesful,
    it's small probability, most of time ,it's failed.No matter what kind of situation, revert must be failed.
    I'm sorry for my pool english , it's the first time for me getting help in forum by english ,I don't know if I descripe my question clearly, also ,other method like the link
    http://technet.microsoft.com/en-us/library/cc784118(v=ws.10).aspx I have tried,but the same errors occured.Can anyone tell me How can I make the shadow copies in File Server
    cluster(AP module)?And I make a mistake in operating? Looking forward for your reply.Thanks!

    Hi,
    Please check the following 2 places:
    HKEY_LOCAL_MACHINE\Cluster\Tasks
    C:\Windows\System32\Tasks
    First please compare permission settings of the folder C:\Windows\System32\Tasks with a working computer. Correct permission settings if anything wrong. Specifically, confirm you current account do have permission on this folder.
    As it said "object already exists", find the schedules you created before, backup and delete all these schedules in both registry key and folder.
    Then test to create a new schedule to see if issue still exists.
    Meanwhile what kind of storage device you are using? The issue could occur on specific storage device, so test to enable shadow copy on a local disk to see if that will work.
    TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected]
    Thank you for you reply.On the local volume,all of these errors will not occur, but the volume in the file server cluser.There is no value in HKEY_LOCAL_MACHINE\Cluster\Tasks. On local volume, everything goes well about the shadow copy, so I do not
    think something is wrong about the permission settings of the folder C:\Windows\System32\Tasks.Storage device  is a SAN,we use RAID6 and provide the LUNs to the NAS engine, and the make the volume on these LUNs, Is Angthing wrong? Hope for you
    reply~~

  • Unix command to create a copy of file from unix directory

    Hi guys,
    what is the Unix command to create a copy of file from unix directory?
    Thanks a lot!

    If you haven't noticed, this is a ABAP forum.
    You can go to the UNIX thread instead and post it there,
    SAP on UNIX
    You can expect answers there

  • OIM 11gr2 UNIX Connector SUDO user

    Good Day!
    I would like to ask on how can I configure the UNIX connector using a SUDO user?
    I already have followed the documentation guide in setting up the SUDO user but I am getting this error:
    org.identityconnectors.framework.common.exceptions.OperationTimeoutException: Command timed-out while waiting for: password
    I'm not sure if I missed some steps?
    Your reply is greatly appreciated.
    Thanks!
    Regards,
    jeff

    Was there any feedback to your SR coming from Oracle?
    Because I have the same issue here.
    Regards,
    M

  • OIM GTC Connector

    Hi All,
    I have a requirement where I need to provision and reconcile into multiple flat files and metadata in each of them may differ.
    So I was planning to create custom GTC connector each for provisioning and reconciliation respectively.
    Can anyone please suggest me the best possible solution for this.
    Is Oracle planning to launch a connector for flat file in near future which can help in such scenarios?

    I have tried using default GTC connector for reconciliation (without trusted source reconciliation). I have three fields in the file UserName,FirstName,LastName and have mapped them to account profile for OIM, a reconciliation rule has been created which looks for equality of User Id in both OIM and flat file. The User ID is present in both flat file and OIM and is same.
    I have done configuration on both OIM 9100 and also on OIM 9101.
    It is working in OIM 9100 but not on 9101 and giving me null pointer exception. Any idea why it is not working on 9101.
    When I have a new entry in flat file that exists in OIM the connector link the two and creates the resource form. But when I try to update/delete any existing value in flat file it is showing me a strange behaviour.
    For update it links the same profile again to different resource form (basically it link the account using "one entity match found" however it should be "one process match found")and for delete it is not working. I am assuming that it is not able to call process tasks.
    Can anyone tell me why it is doing so. My reconciliation rule is working fine.

  • OIM - OID11g Connector Logging

    Hi All,
    I have updated the logging.xml as below to enable the logging for OIM -OID Connector 11.1.1.5.0 but I can't see anything in the file (File is created but it has no logs):
    <log_handler name='oid-handler' level='TRACE:32' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
    <property name='logreader:' value='off'/>
    <property name='path' value='/u01/oracle/iam_middleware/user_projects/domains/IAMdomain/oidconnector.log'/>
    <property name='format' value='ODL-Text'/>
    <property name='useThreadName' value='true'/>
    <property name='locale' value='en'/>
    <property name='maxFileSize' value='5242880'/>
    <property name='maxLogSize' value='52428800'/>
    <property name='encoding' value='UTF-8'/>
    </log_handler>
    <logger name="OIMCP.OID" level="TRACE:32" useParentHandlers="false">
    <handler name="oid-handler"/>
    <handler name="console-handler"/>
    </logger>
    Please help.
    Thanks
    Sunny

    Firstly I would normally manage OIM 11g logging through Oracle Enterprise Manager rather than directly in a logging.xml file, with log information appearing in the OIM server diagnostic log rather than a dedicated log file as you have done. That is not to say what you are doing is wrong (I cannot comment as I have never managed OIM 11g logging in this way.)
    The other thing that may be wrong is the logger you are using. You have logger OIMCP.OID. For my OIM11g OID connector logging I am using the standard logger of XL_INTG.OID.

  • Unix Connector and Duplicate Accounts

    Hi,
    I have the unix connector working against a single Solaris server. By defalut the recon rule for non-trusted is to do nothing if the OIM account is not found.
    If I run the trusted unix job it will create OIM accounts for all the system accounts ( root, lp, uucp, sys, bin, ... ), that's okay, in fact, even desired...however, I also want to create OIM accounts for all the other system accounts on all the other Solaris servers...how do I configure the trusted connector to uniquely create OIM accounts (for example, root_$hostname or root_$ipaddress-of-target-solaris-server)?
    I realize this is not a standard action ... though OIM can easily gather all accounts/groups/privs from each target unix server for reporting purposes.
    Thoughts ... thanks for your time and idea.

    Hi,
    what exactly you mean by 'trusted unix job'? are you mean trusted recon?
    (in context i assume..)
    Trusted recon is getting user information from HR source like HR system.
    It is usually single system. So unix account is not a right source for OIM and you should not run trusted recon against unix server.
    hope it help you..
    dongsu
    Edited by: 992358 on 2013. 4. 25 오후 7:28

  • About passwd file !!!!!!!!!

    Dear Friends ,
    I m confused about password file . Plz tell me , where contain SYS user password and other oracle user's passwd ?
    Both are stored in the passwd file ?
    My anotehr question , I know the "remote_login_passwordfile " parameter file are three types . NONE , Shared and Exclusive . I m not clear about this three types of options . Can u plz tell me the difference between them , so that I understand clearly .

    +The [exclusive] password file can contain SYS as well as non-SYS users.+
    Sorry to be picky, but the wording on that leaves a little bit to be desired.
    A password file is only ever used for external authentication of privileged users, with "a privilged user" being defined as someone who can perform the five main classes of privileged action (startup, shutdown, backup, recover and create database). In fact, there is only ever one privileged user in this respect: SYS. Log on, for example, as fred/smith as sysdba in SQL*Plus and then do a show user and you will find you have been logged on as SYS. It doesn't matter what user names you supply (assuming they're valid usernames at all, of course), and you will find yourself always logged on as SYS.
    So, you are right: 'grant sysdba to fred' causes fred's data dictionary credentials to be transferred to an exclusive password file, and that password file therefore must be said to contain 'non-SYS' users. But the minute Fred uses the fact that he has an entry in the password file to log on to the database as a privileged user, he will connect as SYS. He'll only connect as Fred if he doesn't use the 'as sysdba' clause of the logon command and therefore uses the internal authentication mechanism which is the data dictionary.
    What you wrote isn't wrong, therefore, but it's potentially misleading, I think. It's also out-of-date, because it's not true for 10g... but see below for that.
    I would have said:
    1. The normal way to authenticate normal users of a database is to look up their details in a bunch of tables contained within the database itself (SYS.USER$, for example). This is called Data Dictionary Authentication, and the connection string would look like connect fred/smith
    2. If you want to be authenticated as a user who is allowed to startup the database, however, it's not very helpful to discover that the only way of authenticating users is to look at tables inside the database you're trying to start up! There has to be an external authentication mechanism, allowing authentication of users even when the database hasn't even been created yet
    3. In fact, there are two external authentication mechanisms: either you, the user of the operating system, can have membership of a special operating system group (dba on Unix, usually; ORA_DBA on Windows, usually). Or, a password file is created, using an Oracle tool that runs whether a database exists or not, called orapwd. These are called OS Authentication or Password File Authentication
    4. No matter which external authentication mechanism you make use of, you will always end up logged on as SYS.
    5. To indicate you want to use an external authentication mechanism, of either type, you add the as sysdba keywords to the standard logon string. Seeing that, Oracle will always check the operating system groups first to see if your OS account has group membership; if it fails there, then it looks for a password file, unless REMOTE_LOGIN_PASSWORDFILE=NONE (in which case, it doesn't bother looking for a file you've declared doesn't exist)
    6. Password files, if they exist, can be SHARED (one per server, and all databases on that server can use it) or EXCLUSIVE (one per database, and not shareable) -but see below for more recent information about this. The principle difference these days between the two types is that the SYS password cannot be changed if the file is SHARED (and neither can any other of its contents), but can be if it's EXCLUSIVE.
    7. If your password file is EXCLUSIVE, it must live in ORACLE_HOME/dbs (or ORACLE_HOME\database on Windows) and have a name that conforms to the OS-platform-specific default. On Windows, for example, that is pwdXXXX.ora, where XXXX is the ORACLE_SID.
    I don't want to confuse anyone, either, but in fact the story has changed a bit with 10g, because EXCLUSIVE is no longer documented as a valid value for REMOTE_LOGIN_PASSWORDFILE. See http://download.oracle.com/docs/cd/B19306_01/server.102/b14237/initparams179.htm#REFRN10184. It's still supported for backwards compatibility, and it's in fact still the default, but allegedly -according to that document- an EXCLUSIVE password file behaves exactly like a SHARED one. That is sort-of true, in the sense that it's now possible for a SHARED file to contain details of users who aren't called SYS. However, it's still impossible to add a non-SYS user into a password file which is in SHARED mode (so, in a sense, setting SHARED locks the password file from any modification -including changing SYS's password).
    But you can now do this for example:
    set R_P_L=EXCLUSIVE
    grant sysdba to scott;
    set R_P_L=SHARED
    bounce instance
    show parameter remote_login -> proves the password file in use is SHARED
    select * from v$pwfile_users; -> both SYS and SCOTT will be listed, even though the password file is SHARED
    grant sysdba to fred; -> This will produce an ORA-01999: password file cannot be updated in SHARED mode error
    In earlier versions of Oracle, that demo would have failed at step 3, because the existence of SCOTT in the password file would have prevented the file from becoming a SHARED one.

  • Is there any way to create a shadow in both sides of a box?

    Hi,
    is there any way to create a shadow in both sides (opposite) of a box? I just can create the shadow in one side..
    If not, is that possible in CS6?
    CS5.
    Regards

    You can definitely show an inner shadow on just one side of a rectangle.  You just need to turn the blur down to 0 to prevent it from leaking to the nearby sides.  Then set the angle to an exact multiple of 90, like 270 to put the shadow on the top side of the rect.
    This file has some examples: http://johndunning.com/fireworks/scratch/Shadowed%20Elements.png
    If you're trying to simulate a rectangle with different border colors or widths, this auto shape can make that easy: http://johndunning.com/fireworks/about/MultiBorderRect

  • How to create parameter and control file like filename + date

    Hello there
    I am trying to create parameter and control file with following command
    in SQLPLUS
    create pfile='/u03/oradata/WEBDB/backup/initWEBDB.ora' from spfile;
    In RMAN
    copy current controlfile to '/u03/oradata/WEBDB/backup/cf_longterm.cpy';
    how can I put date at the end of filename like
    initWEBDB8jan06.ora and cf_longterm8jan06.cpy
    Thanks in advance
    Lionel

    ASM is reliable but a smart DBA is very careful. If ASM is doing mirroring this is like RAID doing mirroring. What happens if you accidentally delete one copy ... the other one disappears instantly. Not a good idea.
    With respect to redo logs you need a minimum of three groups, two members, and one thread per instance. So a 2 node cluster should, at a minimum have 12 physical files.
    Not mirroring the redo logs, assuming multiple members, is not as critical.

  • Creating a Fixed Length File

    Greetings,
    I'm creating an application that need to create a fixed length file on a UNIX system and need help. I have an internal table(s) which contain structures with fields of different lengths (type c) and so I have a routine that concatenates these fields into a single record to be sent to a file using the open dataset. This process is squeezing out all my spaces and so my fixed length file is lost. Can someone assist in creating a fixed length file from an internal table without using delimiters?
    Thanks!

    " May be placing a carriage return end of each records
    " will solve your problem
    class cl_abap_char_utilities definition load.
    data : begin of itab,
            field1(1) type c,
            field2(2) type c,
            field3(3) type c,
            field4(4) type c,
    crlf(2) type c value cl_abap_char_utilities=>cr_lf. "<<<See this line<<<
    data : end of itab.
    Data : begin of itab1 occurs 0.
            Field(20) type c.
    Data : end of itab1.
    Loop at itab.
         Move itab to itab1.
         Append itab1.
    Endloop.
    Open dataset  ........
    Loop at itab1.
       Transfer itab1 TO dataset.
    Endloop.

  • Creating a standby control file for cloning a standby database

    Hi
    I am in the process of trying to document the cloning of a standby database. I am trying to amalgamate three different documents - one for a normal clone, one for the creation of a SB database, and the other a formal Oracle document - the Business Continuity doc.
    Among the several things that confuse me, is the issue of creating (or not) a standby control file.
    I am not doing any kind of data file deletion / copying from source to target, as the SB database is updated all day with data file changes. I am doing a complete copying over of the APPL_TOP and techstacks.
    My question then, is this: should I be worried about creating a standby control file? I am told by our Senior here that "you can get away with not doing it", which sounds like too much of a risk to me.
    I am under a bit of pressure for this and I am not 100% sure about certain issues (see my other post for knowing how many DATA_TOPS we have on the SB, for instance).
    Thanks for listening.
    AIX 5.2.
    Oracle 10g.
    DA

    Do you already have a Standby running ? (then it may be using a standby controlfile).
    Yes. And there is already a standby control file there. It seems to me, that if the data (logs) transfers are done each minute or whatever between source and SB, and the SB is a copy of the db, then we dont need to worry about any kind of data files, since they should be identical. The only things I will need to change are the configuration files like the ifile in both dbs and tns_names, listener, tnsnames.ora, and the init.ora.
    b. Are you creating a document about the process of creating standby from production ? If you plan to use DataGuard, you will need a standby controlfile. Otherwise , it depends on how you configure the standby.
    No. I am creating a doc for how to clone from Production to a SB environment. A reason behind this is that the Apps side of the SB is about 9 patches behind the Production box, and we need to update it. I believe this is the main reason for doing this.
    c. Just to check : You are NOT using Storage Mirroring -- ie D.R. ?
    No, no DR on this environment.
    Thanks.
    DA

Maybe you are looking for

  • Service Desk - Expert Mode - Not all actions are available

    Dear SAP colleagues, I have just implemented the Service Desk in our SOLMAN system. 1. I choose Incident Management 2. I click on Queries 3. I click on a ticket (Transaction ID). 4. I edit the message 5. When I select Actions, I only have the 4 follo

  • Absence Quota to be generated on basis of Working Day

    Hi Experts, I have got a scenario in Time management ( negative time management, no time evaluation) where the client wants absence quota to be generated on the basis of working days of employee. I have checked the configuration for creating base ent

  • Unable to download pdf file in windows 8.1

    After upgrading to windows 8.1, i have been unable to download pdf files sent via yahoo email, IE11 and Adobe Reader 11.  Did not have this problem before with windows 8.  I click on the pdf attachment, NOrton says that the file is safe but nothing h

  • Doubt about page navigation

    hai sir this is surendra i am doing an academic project that is a web-site like orkut if a user want to see all his friends/groups then a single page is not enough to show all .So i need to use page navigation concept here.Please any one of you tell

  • Export Formulas to Excel

    Is there a way to export formulas that are in a CR2008 report into Excel? I can get the data to come accross but not the formulas. I want to be able to export formulas from CR2008 into Excel and then manipulate them and then put them back into the sa