OIM11gR1 - LdapSync - wlst.sh - listAdapters(contextName='oim')

Hello,
I'm trying to list my LdapSync adapters through wlst.sh
According to the documentation I should use the following command:
listAdapters(contextName='oim')
But I get the following error:
wls:/oim_domain/domainRuntime> listAdapters(contextName='oim')
Traceback (innermost last):
File "<console>", line 1, in ?
File "/application/Oracle/Middleware/oracle_common/common/wlst/OracleLibOVD.py", line 62, in listAdapters
File "/application/Oracle/Middleware/oracle_common/common/script_handlers/OracleLibOVD_handler.py", line 166, in listAdapters
File "/application/Oracle/Middleware/oracle_common/common/wlst/lib/ora_mbs.py", line 56, in invoke
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:223)
at javax.management.remote.rmi.RMIConnectionImpl_1035_WLStub.invoke(Unknown Source)
at weblogic.management.remote.common.RMIConnectionWrapper$16.run(ClientProviderBase.java:919)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.security.Security.runAs(Security.java:61)
at weblogic.management.remote.common.RMIConnectionWrapper.invoke(ClientProviderBase.java:917)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:995)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
javax.management.InstanceNotFoundException: javax.management.InstanceNotFoundException: com.oracle:type=OVD,context=oim,name=AdaptersConfig
This same command works in another environment.
It seems that the value for the parameter context should be another value then 'oim'
How to figure out the correct value for for the parameter contextName* for my other environment?*
Thanks,
Adr

There are two places where the wlst.sh script can be run from. One is in the folder: wls_home/common/bin and another is in the folder: oim_home/common/bin
Just check if you are running the command from the same location in the two environments.
Cheers,
Vamsi.

Similar Messages

  • Facing issue when LDAPSync is enabled for OIM-AD integration with SSL enabled

    Hi
    We are performing LDAPSync for OIM AD real time sync.We have done all configuration as per oracle documentation on LDAPSync for OIM 11gR2 : http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm The OIM environment we tested is the latest OIM version OIM 11gR2 PS1 (11.1.2.1.0).
    WE have performed LDAPSync enablement on postinstallation of OIM .So we dont have OVD , we have configured libOVD as mentioned in this doc.
    We have performed following  steps mentioned in this document  in our OIM environment.
    3.1 Enabling Post installation LDAP Synchronization
    3.3 Creating Identity Virtualization Library (libOVD) Adapters and Integrating With Oracle Identity Manager
    As attribute like password  might be not getting updated in AD from OIM , we have configured SSL enabled integration in LDAP sync as mentioned in above document.
    We implemented this step  3.4.1 Enabling SSL Between Identity Virtualization Library (libOVD) and Microsoft Active Directory,
    but here it is not properly mentioned that about how to import public key certificate of AD into OIM envirioment for SSL.
    We are getting following error message in logs : Looking at logs it looks like the import of AD SSL certificate did not happen properly in OIM environment. But ,we have imported it using keytool and OVD keystore ...please let us know if we are missing any configuration in this process.Above oracle document is not pretty clear on this.
    <Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-40118> <Could not automatically detect binary attribute list: simple bind failed: 10.88.164.231:636.>
    <Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.JNDIConnectionPool> <OVD-60024> <Connection error: simple bind failed: 10.88.164.231:636.>
    <Dec 7, 2013 12:22:53 AM IST> <Error> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-60143> <[#LDAP2]  Unable to create connection to ldap://[10.88.164.231]:636 as null.
    javax.naming.CommunicationException: simple bind failed: 10.88.164.231:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
    at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
    at javax.naming.InitialContext.init(InitialContext.java:223)
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
    at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
    at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:415)
    at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:250)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:219)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:728)
    at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
    at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
    at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
    at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
    at oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.get(UserManagement.java:742)
    at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
    at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:211)
    at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:351)
    at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:316)
    ...more
    Caused By: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1675)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1601)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:94)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
    at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:414)
    at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:387)
    at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
    at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
    at javax.naming.InitialContext.init(InitialContext.java:223)
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
    at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
    at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
    ...more
    Caused By: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:57)
    at sun.security.validator.Validator.getInstance(Validator.java:161)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:108)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:204)
    at oracle.ods.virtualization.engine.util.OVDTrustManager.checkServerTrusted(OVDTrustManager.java:99)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:89)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
    Let us know for any helpful pointers on this
    Thanks in advance,
    RPB25

    Use the steps given below to perform import public key certificate of AD into OIM envirioment for SSL
    Obtain the AD Certificates from the AD Administrator.
    Copy the AD Certificates to the directory /jrockit-jdk1.6.0_20/jre/lib/security
    Run the following command to import all the certificates
    /jrockit-jdk1.6.0_20/bin/keytool -import -alias <provide_alias> -file <file-name> -keystorecacerts -storepasschangeit
      4. The CA certificates are now present in the trust store.

  • Two ldapsync on single OVD/OID instance

    Hi,
    We have OIM 11gR1 installation where we have enabled LDAP sync with OVD/OID 11.1.1.5. The LDAP sync is provisioning the users under contains dc=oim11gR1,dc=com
    We have installed OIM 11gR2. I was just wondering if we can use the same OVD/OID and enable the LDAP sync under OID container dc=oim11gR2,dc=com? Has anyone done such kind of installation. Is there any conflict in adapters that OIM post LDAPSync configuration will deploy?
    Thanks

    try below
    sys/password@instance1 as sysdba
    sys/password@instance2 as sysdba
    instance1 and instance2 are connect descripter.
    Edited by: Kh$n on Apr 25, 2013 5:26 AM
    Edited by: Kh$n on Apr 25, 2013 5:27 AM

  • OIM11gR1 (11.1.1.5) and LdapSync failover

    Hello All,
    I have one OIM 11gR1 and two OIDs:
    OIM
    OID1
    OID2
    OIM uses LdapSync to synchronize users with OID1.
    OID1 uses LDAP Replication feature to synchronize OID2.
    I want the OIM LdapSync to failover to OID2 in case OID1 becomes unavailable.
    What are my choices?
    a) Can I manually reconfigure LdapSync to point to OID2 (where do I modify this? can you give me a link a doc?)
    b) Can LdapSync be configured with OID1 and OID2 and it will failover automatically? (how do I set this up? can you give me a link a doc?)
    c) If I want automatic failover is a load balance appliance required?
    Thanks,
    Adr

    I've found this:
    http://docs.oracle.com/cd/E21764_01/core.1111/e10106/imha.htm#CDEFFAFA
    When you enable LDAPSync to communicate directly with external Directory Servers such as Oracle Internet Directory, ODSEE, and Microsoft Active Directory, support for high availability/failover features requires that you >configure the Identity Virtualization Library (libOVD).
    To configure libOVD, use the WLST command addLDAPHost. To manage libOVD, see Managing Identity Virtualization Library (libOVD) Adapters in the guide Oracle Fusion Middleware Administrator's Guide for Oracle Identity >Manager for a list of WLST commands.But I couldn't find anywhere a statement saying the LdapSync setup will automatically failover.
    Have anyone done that before?

  • Getting error when LDAPSync is configured on postinstallation of OIM

    Hi All,
    While performing LDAP sync in OIM-AD integration, we are facing issue for loading of  LDAPContainerRules.xml.
    We have done all configuration as per oracle documentation on LDAPSync for OIM 11gR2 : http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm
    We have performed following  steps mentioned in this document  in our OIM environment.
    3.1 Enabling Post installation LDAP Synchronization
    3.3 Creating Identity Virtualization Library (libOVD) Adapters and Integrating With Oracle Identity Manager
    The OIM environment we tested is the latest OIM version OIM 11gR2 PS1 (11.1.2.1.0).We have checked on oracle support also, but there same bug is mentioned as harmless and can be ignored for OIM version 11gR1 onwards.
    But when we create any user in OIM, it is not getting sync in AD system.Even though MDS import of  LDAPContainerRules.xml as mentioned in above doc is successful in our OIM environment we are getting error logs as :
    <Error> <oracle.iam.ldapsync.vo> <BEA-000000> <An error occurred while determining the LDAP container.
    oracle.iam.ldapsync.exception.LDAPContainerMappingException: Failed to load LDAP container mapping rules.
      at oracle.iam.ldapsync.impl.DefaultLDAPContainerMapper.loadRules(DefaultLDAPContainerMapper.java:345)
      at oracle.iam.ldapsync.impl.DefaultLDAPContainerMapper.getUserContainerDN(DefaultLDAPContainerMapper.java:122)
      at oracle.iam.ldapsync.vo.LDAPContainer.<init>(LDAPContainer.java:86)
      at oracle.iam.ldapsync.vo.LDAPContainer.<init>(LDAPContainer.java:122)
      at oracle.iam.ldapsync.impl.util.CommonNameGenerationUtil.isCommonNameExistingOrReserved(CommonNameGenerationUtil.java:187)
      at oracle.iam.ldapsync.impl.plugins.FirstNameLastNamePolicy.getCommonNameFromPolicy(FirstNameLastNamePolicy.java:157)
      at oracle.iam.ldapsync.impl.util.CommonNameGenerationUtil.generateCommonName(CommonNameGenerationUtil.java:116)
      at oracle.iam.ldapsync.impl.util.CommonNameGenerationUtil.generateCommonName(CommonNameGenerationUtil.java:82)
      at oracle.iam.oimtoldap.impl.SeedOIMDataInLDAPImpl.createUserInLDAP(SeedOIMDataInLDAPImpl.java:182)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
      at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
      at $Proxy479.createUserInLDAP(Unknown Source)
      at oracle.iam.oimtoldap.api.SeedOIMDataInLDAPEJB.createUserInLDAPx(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
      at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
      at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
      at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
      at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
      at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
      at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
      at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
      at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
      at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
      at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
      at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
      at $Proxy478.createUserInLDAPx(Unknown Source)
      at oracle.iam.oimtoldap.api.SeedOIMDataInLDAP_8d8qil_SeedOIMDataInLDAPRemoteImpl.__WL_invoke(Unknown Source)
      at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
      at oracle.iam.oimtoldap.api.SeedOIMDataInLDAP_8d8qil_SeedOIMDataInLDAPRemoteImpl.createUserInLDAPx(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
      at $Proxy179.createUserInLDAPx(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
      at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
      at $Proxy476.createUserInLDAPx(Unknown Source)
      at oracle.iam.oimtoldap.api.SeedOIMDataInLDAPDelegate.createUserInLDAP(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
      at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
      at $Proxy477.createUserInLDAP(Unknown Source)
      at oracle.iam.oimtoldap.scheduletasks.user.SeedOIMUsersInLDAP.execute(SeedOIMUsersInLDAP.java:59)
      at oracle.iam.scheduler.vo.TaskSupport.invokeExecute(TaskSupport.java:183)
      at oracle.iam.scheduler.vo.TaskSupport.access$000(TaskSupport.java:40)
      at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:143)
      at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
      at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
      at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
      at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
      at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
      at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:125)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:268)
      at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
      at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
      at weblogic.security.Security.runAs(Security.java:41)
      at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
      at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:77)
      at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
      at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
    Caused By: oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/LDAPContainerRules.xml"
      at oracle.mds.core.MetadataObject.getBaseMO(MetadataObject.java:1331)
      at oracle.mds.core.MDSSession.getBaseMO(MDSSession.java:3200)
      at oracle.mds.core.MDSSession.getMetadataObject(MDSSession.java:1190)
      at oracle.mds.core.MDSSession.getMetadataObject(MDSSession.java:1136)
      at oracle.iam.ldapsync.impl.DefaultLDAPContainerMapper.loadRules(DefaultLDAPContainerMapper.java:341)
      at oracle.iam.ldapsync.impl.DefaultLDAPContainerMapper.getUserContainerDN(DefaultLDAPContainerMapper.java:122)
      at oracle.iam.ldapsync.vo.LDAPContainer.<init>(LDAPContainer.java:86)
      at oracle.iam.ldapsync.vo.LDAPContainer.<init>(LDAPContainer.java:122)
      at oracle.iam.ldapsync.impl.util.CommonNameGenerationUtil.isCommonNameExistingOrReserved(CommonNameGenerationUtil.java:187)
      at oracle.iam.ldapsync.impl.plugins.FirstNameLastNamePolicy.getCommonNameFromPolicy(FirstNameLastNamePolicy.java:157)
      at oracle.iam.ldapsync.impl.util.CommonNameGenerationUtil.generateCommonName(CommonNameGenerationUtil.java:116)
      at oracle.iam.ldapsync.impl.util.CommonNameGenerationUtil.generateCommonName(CommonNameGenerationUtil.java:82)
      at oracle.iam.oimtoldap.impl.SeedOIMDataInLDAPImpl.createUserInLDAP(SeedOIMDataInLDAPImpl.java:182)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
      at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
      at $Proxy479.createUserInLDAP(Unknown Source)
      at oracle.iam.oimtoldap.api.SeedOIMDataInLDAPEJB.createUserInLDAPx(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
      at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
      at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
      at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
      at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
      at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
      at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
      at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
      at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
      at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
      at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
      at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
      at $Proxy478.createUserInLDAPx(Unknown Source)
      at oracle.iam.oimtoldap.api.SeedOIMDataInLDAP_8d8qil_SeedOIMDataInLDAPRemoteImpl.__WL_invoke(Unknown Source)
      at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
      at oracle.iam.oimtoldap.api.SeedOIMDataInLDAP_8d8qil_SeedOIMDataInLDAPRemoteImpl.createUserInLDAPx(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
      at $Proxy179.createUserInLDAPx(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
      at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
      at $Proxy476.createUserInLDAPx(Unknown Source)
      at oracle.iam.oimtoldap.api.SeedOIMDataInLDAPDelegate.createUserInLDAP(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
      at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
      at $Proxy477.createUserInLDAP(Unknown Source)
      at oracle.iam.oimtoldap.scheduletasks.user.SeedOIMUsersInLDAP.execute(SeedOIMUsersInLDAP.java:59)
      at oracle.iam.scheduler.vo.TaskSupport.invokeExecute(TaskSupport.java:183)
      at oracle.iam.scheduler.vo.TaskSupport.access$000(TaskSupport.java:40)
      at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:143)
      at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
      at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
      at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
      at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
      at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
      at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:125)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:268)
      at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
      at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
      at weblogic.security.Security.runAs(Security.java:41)
      at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
      at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:77)
      at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
      at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
    >
    Is there any configuration we missed ,because of which we are getting this error. Even we have checked with System Properties for LDAP sync ...but they all are fine and having default values as mentioned in Oracle doc.Please let us know any helpful pointer on this.
    Thanks,
    RPB25

    This issue is resolved now.
    metadata import for LDAPContainerRules.xml did not happened properly under “/db” location in OIM env.
    As per oracle document,http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm, we were importing metadata from em consol.
    Instead of this, we imported metadata through weblogicImportMetadata.sh utility  keeping all files under “/db” folder structure. This resolved the issue.
    But,getting following issue when trying to create user in OIM. LDAP binding is happening,but it is throwing error as follows:
    LDAPSync issue : DN: CN=Users,CN=oracleAccounts,OU=mycompany,dc=contoso,dc=com
      javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
      'CN=Users,CN=oracleAccounts,OU=mycompany,DC=contoso,DC=com'
      remaining name 'cn=Wayne Roo,CN=Users,CN=oracleAccounts,OU=mycompany,dc=contoso,dc=com'
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3092)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
      at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
      at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
      WARNING: OVD-40066
    javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
      'CN=Users,CN=oracleAccounts,OU=mycompany,DC=contoso,DC=com'
    When i googled this issue,similar issue i found and resolution was giving required DN path not full DN with root.But it is not working
    LDAPContainerRules.xml is having rule as
    <container-rules>
      <user>
      <rule>
      <expression>Default</expression>
      <container>CN=Users,CN=oracleAccounts,OU=mycompany,DC=contoso,DC=com</container>
      </rule>
      </user>
      <role>
      <rule>
      <expression>Default</expression>
      <container>CN=Groups,CN=oracleAccounts,OU=mycompany,DC=contoso,DC=com</container>
      </rule>
      </role>
    </container-rules>
    and IT resource 'Directory Server' have attribute value for searchBase as 'DC=contoso,DC=com'
    so,it will try to created user under ,CN=Users,CN=oracleAccounts,OU=mycompany,DC=contoso,DC=com,which is not happening currently.
    Any helpful pointer on this ?
    Thanks,
    RPB

  • How to update attributes from OIM to AD in case of LDAPSync

    Hi All,
    In our scenario, we have LDAPSync configured for OIM AD Integration. OIM version is OIM 11gR2 PS1 (11.1.2.1.0.0)
    It is working fine and On user creation in OIM ,RealTime user creation under specified container in AD is happening.It is SSL enabled,so password is also getting updated from OIM to AD.
    But we have following conflicting scenario --
    -   As per our requirement we have to generate random password for User in OIM. For that we have PostProcess event handler implemented in OIM.
    - We have tested LDAPSync by creating user manually through OIM console. While creating user manually, we have provided value for password attribute along with other attributes.
        So, password attribute in AD will get updated for User along with all other attributes values mapped for AD from OIM.
    - But, in our scenario random password is generated for User through OIM post process event handler and it will be updated again in user profile of user created manually in OIM. This password is sent to User through mail.
      As this password event handler will get triggered after LDAPSnyc only, this password will not be update in AD for manually created user in OIM. So he can log into OIM with this new password but not to AD system.
      He will be able to login to AD system with same User ID but with password which was set at time of manual User Creation in OIM and not with the password updated in OIM user profile by PostProcess event handler.
    Is it possible to set password for user through PreProcess even handler implementation for Random Password generation. In this case also , the default OIM post process
    password generator will override the PreProcess event handler.How to resolve this issue.
    Also,when AD connector is in place in OIM environment we would be having change/update tasks for any attribute update to be send from OIM to AD.
    How this update scenario will be implemented from OIM to AD in case of LDAPSync ?
    Please provide any helpful pointer on this.
    Thanks,
    RPB

    Password :
    Increase order of calling for custom password event handler than OOTB handler.
    Update:
    you wanted to update custom fields?
    Did you check default update tasks comes with connector?

  • OIM Installn :java.lang.RuntimeException: Could not find OffLine WLST class

    Installation of OIM On weblogic.
    oracle/oim/xellerate/setup/setup.xml:443: The following error occurred while executing this line:
    /oracle/oim/xellerate/setup/weblogic-setup.xml:196: java.lang.RuntimeException: Could not find the OffLine WLST class
         at org.apache.tools.ant.ProjectHelper.addLocationToBuildException(ProjectHelper.java:539)
         at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:384)
         at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
         at org.apache.tools.ant.Task.perform(Task.java:364)
         at org.apache.tools.ant.Target.execute(Target.java:341)
         at org.apache.tools.ant.Target.performTasks(Target.java:369)
         at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)
         at org.apache.tools.ant.Project.executeTarget(Project.java:1185)
         at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:40)
         at org.apache.tools.ant.Project.executeTargets(Project.java:1068)
         at org.apache.tools.ant.Main.runBuild(Main.java:668)
         at org.apache.tools.ant.Main.startAnt(Main.java:187)
         at org.apache.tools.ant.launch.Launcher.run(Launcher.java:246)
         at org.apache.tools.ant.launch.Launcher.main(Launcher.java:67)
    Tried to run this command ./wlst.sh
    shows
    CLASSPATH=/home/oracle/bea/patch_wls1030/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home/oracle/bea/patch_cie660/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/oracle/jdk/lib/tools.jar:/oracle/weblogic/server/server/lib/weblogic_sp.jar:/oracle/weblogic/server/server/lib/weblogic.jar:/home/oracle/bea/modules/features/weblogic.server.modules_10.3.0.0.jar:/oracle/weblogic/server/server/lib/webservices.jar:/home/oracle/bea/modules/org.apache.ant_1.6.5/lib/ant-all.jar:/home/oracle/bea/modules/net.sf.antcontrib_1.0.0.0_1-0b2/lib/ant-contrib.jar:
    PATH=/oracle/weblogic/server/server/bin:/home/oracle/bea/modules/org.apache.ant_1.6.5/bin:/oracle/jdk/jre/bin:/oracle/jdk/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/oracle/bin:/home/oracle/bin:/oracle/jdk/bin
    Your environment has been set.
    CLASSPATH=/home/oracle/bea/patch_wls1030/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home/oracle/bea/patch_cie660/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/oracle/jdk/lib/tools.jar:/oracle/weblogic/server/server/lib/weblogic_sp.jar:/oracle/weblogic/server/server/lib/weblogic.jar:/home/oracle/bea/modules/features/weblogic.server.modules_10.3.0.0.jar:/oracle/weblogic/server/server/lib/webservices.jar:/home/oracle/bea/modules/org.apache.ant_1.6.5/lib/ant-all.jar:/home/oracle/bea/modules/net.sf.antcontrib_1.0.0.0_1-0b2/lib/ant-contrib.jar::/oracle/weblogic/server/common/eval/pointbase/lib/pbembedded57.jar:/oracle/weblogic/server/common/eval/pointbase/lib/pbtools57.jar:/oracle/weblogic/server/common/eval/pointbase/lib/pbclient57.jar
    Initializing WebLogic Scripting Tool (WLST) ...
    Problem invoking WLST - java.lang.RuntimeException: Could not find the OffLine WLST class
    Edited by: user10213645 on Mar 9, 2010 3:37 PM

    There is an existing Bug 8431390 - WLST NOT WORKING IF WE USE NON-DEFAULT INSTALLATION (WL_HOME OUTSIDE BEA_HOME)
    As per this bug, the issue can be reproduced as follows:
    Steps to reproduce:
    1. Install WLS 10.3GA (essex) kit in a non-default fashion (WL_HOME outside BEA_HOME)
    2. Go to ur $WL_HOME/common/bin directory and execute wlst.cmd
    3. It exits with the following exception:
    java.lang.RuntimeException:could not find the OffLine WLST class
    Hope this helps.
    For more details, refer: http://idm-oracle.blogspot.com/2010/03/javalangruntimeexception-could-not-find.html

  • OIM 11g R1: LDAPsync or OID Connector or both?

    Hello,
    at the moment we have ldapsync configured for user/roles provisioning/recon to OID.
    We have the requirement to manage two OIDs (test and prod) with one OIM systems. Both OIDs have the same users and roles!  LDAPsync is a 1:1 mapping and not possible to manage two destinations.
    Now we are thinking about a OID connectors.
    Here my questions:
    1. Is it possible to use ldapsync and OID connector together? Does make this sense?
    2. If using OID connector for role assignment and provisioning, is it possible to use the same role name for an application in both systems (e.g. role: xyz in prod and role: xyz in test?)
    3. We have OAM-OID-OIM integration. Here is ldapsync required, isnt it?
    4. Can i use OID connector alone without ldapsync. How does the user lifecycel (provisioning, reconicilation of user password) works?
    Many thanks in advance!

    any ideas?

  • OIM 11.1.1.5 Ldapsync OID and Password Management

    Hello All,
    I have the following setup:
    - OIM 11.1.1.5
    - Ldapsync
    - OID 11.1.1.2 (patched to 11.1.1.5)
    I'm trying to validate to following password management scenario:
    1. End user connects to OIM web console
    2. Reset its own password
    Expected:
    a. The password is updated in OIM ( OK )
    b. The password is updated in OID via ldapsync ( OK )
    c. The OID attribute pwdReset is updated from 1 to 0 ( NOK )
    OBS: pwdreset | If the value is 1, the user must reset the password at the next login.
    Problem:
    Ldapsync updated the password on OID as expected but the attribute pwdReset was not updated.
    Thanks for shedding any light
    Adr.

    Hello jtellier,
    No solution yet, it is still in my list though, but with low priority.
    I'll be happy to hear from you in case you find something.
    Good luck
    Adr

  • OIM LDAPSync not working

    Hi all,
    I've installed OIM 11.1.1.5.0 with LDAPSync enabled. When I create a user using the OIM Admin console the user is created in OID. However, when I create a user in OID, the user does not get reconciled into OIM. I've manually run the "LDAP User Create and Update Reconciliation" task. Am I missing something? When configuring OIM, all I did was to tick the "Enable LDAP Sync" check box and enter values relevant to my OID installation. Do I need to do anything else? Any suggestions would be much appreciated....

    Hi All,
    I've noticed some strange behavior when a user is created in OID and reconciled to OIM:
    1. I create a user (e.g. Dummy User) in OID with a default password (e.g. passW0rd)
    2. The user is reconciled into OIM and an email is generated with the following content:
    An account has been created for you with the following details. You will be required to change your password on next login.
    UserID: DUMMY USER
    Password: Dg6zhsyn
    3. When logging into OIM with the above credentials, I am redirected to the Password Management page where I need to provide a new password and register challenge questions for the account.
    4. After completing the form and entering Dg6zhsyn into the "Old Password" field, I get the error "The password change operation failed while validating old password." after clicking submit.
    5. After completing the form and entering passW0rd into the "Old Password" field, I can submit the form successfully and log into OIM.
    I am confused. Any suggestions?

  • OIM ldapsync issues

    Hello,
    After enabling ldapsync between OIM and OID, only a few users orcladmin,public,idrouser and idrwuser are imported into OIM from OID. Other users created with prepareIDStore "oimadmin,oamadmin,weblogic_idm, weblogic_admin,oaamadmin" are not imported.
    When "ldap user create and update full reconcilation" job is run from OIM console, it throws the following error. Exception Message oracle.iam.ldapsync.exception.ProcessLDAPReconDataException: java.lang.NullPointerException
    Used libOVD. OIM, LDAPSYNC configuration is done at the same time.
    Users created in OIM are seen in OID and any changes made to OIM users are propagated to OID.
    OIM diagnostic log shows
    oracle.iam.platform.kernel.EventFailedException: IAM-3050127:An error occurred in user name generation. Please provide either Email or First Name and Last Name for DefaultComboPolicy.:Email:First Name:Last Name:DefaultComboPolicy
    Even though attributes firstname,lastname and email are all present in the ldap profile for a given user.
    Environment:
    Solaris SPARC 9 - 64 bit, OIM 11.1.1.5, OAM 11.1.1.5, OID 11.1.1.5, WLS 10.3.5
    Have any of you faced similar issues on Solaris? When the same steps are performed on Linux based IDM install (both 32 and 64 bit), all users were imported.
    Please advise.
    Thanks!
    Edited by: 840732 on Mar 9, 2012 2:23 PM
    Edited by: 840732 on Mar 9, 2012 2:28 PM

    Hi,
    Change the Connection pool parameter to "False" in Directory Server( in Manage IT Connector), and re-run the job.
    Thanks
    Balaji Ketti

  • LDAPSync - OIM 11gR2

    Hi Guys,
    I have installed oim 11gR2 with LDAP Sync enabled to OUD 11g 11.1.1.5.
    When i create user or role from oim it is getting created in OUD which is fine.
    When i create user in OUD, the user is created in OIM which is also fine.
    But, when i create the role in oud, the role is not created in OIM. When i run the LDAP Role full reconciliation it is getting the role to oim but it is in Data received state. When i tried to process the event using the API, i got the message
    "java.lang.NullPointerException at oracle.iam.reconciliation.dao.ReconActionDao.executeRoleMatch(ReconActionDao.java:1003) at oracle.iam.reconciliation.impl.RoleHandler.executeSingleEventMatch(RoleHandler.java:231) at oracle.iam.reconciliation.impl.EntityTypeHandler.match(EntityTypeHandler.java:58) at oracle.iam.reconciliation.impl.ActionEngine.processEvent(ActionEngine.java:166) at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.processReconciliationEvent(ReconOperationsServiceImpl.java:1216) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149) at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at $Proxy328.processReconciliationEvent(Unknown Source) at Thor.API.Operations.tcReconciliationOperationsIntfEJB.processReconciliationEventx(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310) at com.bea.core.repa"
    Any ideas?
    Thanks a lot

    Can you check if you can see the parameters for Directory Server in IT Resource Directory Server ?

  • OIM: Invalid ManagerLogin during first time Recon with LDAPSync

    Hey All,
    I just installed OIM with LDAP Sync. I can create users in OIM and they get pushed to OID just fine. When I try to run a full Recon though, OIM creates events for all the users, but they are all stuck, all with the same note:
    oracle.iam.reconciliation.exception.InvalidEventException: Invalid ManagerLogin : MLEGGIO at
    I'm guessing it's invalid because it doesn't exist, but no one exists yet... am I missing something?
    Thanks
    Alex

    From where are you doing full recon from? Also did you check if you have the user "MLEGGIO" in OIM? The problem I see is that you doing a trusted recon to load a user say "X" whose manager is "M" but "M" does not exists in OIM, so OIM will not be able to create that user. The workaround to this is to create a UDF in OIM and map it to the manager from the target. Later on once the user "X" is created in OIM then run another schedule task which takes the manager from UDF (i.e. "M") and if "M" exists in OIM then will set it to the OOTB manager field in OIM for "X"
    -Bikash

  • OIM 11g - Ldapsync Administrators Group

    Hi,
    i have in OID a Group 'Administrators'.
    I want to reconcilitate this group to oim. OIM has by default an internal group 'Administrators' for soa role.
    Is it possible to manage my 'administrators' group from oid in oim?

    I have had incremental reconciliation working fine on LDAP Sync straight to OID without OVD, both on 11.1.1.5.0 and 11.1.1.5.2. If your last change number is incrementing it is clear you are accessing the OID change log correctly. The question then is are you seeing reconciliation events, but with them not being matched to your users and updating them, or are you just not seeing reconciliation events at all? If you are not seeing reconciliation events I would suggests the change events are being ignored for one of the following reasons:
    1) You are modifying your entries in OID using the same OID account that LDAP Sync uses to access OID. As mentioned before in this thread LDAP Sync uses a modifierDNFilter that excludes all changes made by the OID account used for LDAP Sync (so it does not see its own changes).
    2) You have applied a targetDNFilter or your changelog adapter that is incorrect, and is excluding your changes
    If you are seeing events but no updates, are the attributes you are changed all correctly mapped in your reconciliation profile?

  • OIM11gR1 - increase size of OIM standard attributes?

    Hello All,
    I use the following OIM standard attribute:
    USR_MOBILE VARCHAR2(20 CHAR)
    I would like to increase its size (resize) to 40.
    I doesn't seem like OIM supports resize of attributes.
    Should I bother trying to change this? or it will be easier to create a new USR_UDF_MOBILE with the size I need?
    Thanks
    Adr

    alter table usr modify usr_mobile varchar2(40);
    alter table recon_user_oldstate modify usr_mobile varchar2(40);
    I dont think there is anything in the /file/User.xml file in the MDS repository, but you might need to check there as well and import your updates.
    If you have any trusted recon objects, you'll need to update the RA_ table as well that maps the values to it.
    -Kevin

Maybe you are looking for

  • Slow response when calling a web service from an ADF client in JDev 11g

    I have generated a web service (WS) for a stored procedure package with 3 functions. The WS has less than 1 second response times when I use the standard WS testing facility. I then created a data control for the WS selecting the default values in th

  • I recently upgraded from Snow Leopard to Mavericks and can no longer share files, does anyone have suggestions?

    I had to set up an appointment with the local genius bar to install Mavericks as I use WiFi and am very close to mountains which tend to interfere with clean downloads.  I am now unable to send work product via email as a PDF - I'm hoping someone has

  • CS5 upgrade from CS4 - plugins question

    Hi - can anyone refer me to a list of steps to move all of my plugins from CS4 to CS5 as part of the upgrade? My plugins are: Anthropics portrait pro 10 Image Trends - Fisheye hemi, pearly whites and shine-off Nik Software - NIk sharpener, color efex

  • Applet development and embedding in browser

    Can someone point me to a tutorial or docs that show me how to make a small applet in Java and then the actual tags to embed it in the browser (IE or Firefox)? Specifically I a looking to make an applet that can be controlled by Javascript to open a

  • Getting Error While Installing AIR Application

    Hi All.... I have a Flex AIR application, im using AIR Badger to check install the application. The problem is some users getting this error when installing the AIR application. "This application requires an update to Adobe AIR but downloading that u