Password Synchronization Connector Installation

Hello friends,
About Password Synchronization Connector, my query is:
You can install this connector, with a different user account with administrator account used to start the server in Active Directory.
thanks

Another query, this has to be used in the installation of the connector, in addition to the permit program should install another permit what should you be assigned in the Active Directory?
Thank you for responding, there is some documentation that specifies your claim.

Similar Messages

Password changes in AD - Password Synchronization Connector Issue

Hey all,
Newbie question/problem... I have the 9.1.1.0 version of the AD Password Synchronization Connector installed on all domain controllers in my AD. My OIM system is IDM 9.1.0.1 running with JBoss.
When a password is changed on the target machine that OIM is connected to, the password synchronizes across to OIM fine.
When I change a password on another DC, the password does not synchronize. I check the logs and instead get an error saying... User not found. This shows in the AD eventlog as well saying... user not found in AD, please verify the configuration parameters.
The weird thing is... if I change my OIM host to point to the 2nd DC that threw that error and change the Password Synchronization Connector to point to itself as the host, the password change will now work and synchronize back to OIM. The password change on the original DC will now throw the same error, user not found.
I am totally stumped on this one... any help would be greatly appreciated.
Thanks in advance.
-B

Well finally figured it out... each password synchronization connector on each domain controller must:
for the host entry: use the IP of the current Domain controller box you are installing on
for the OIM host: enter the OIM server's hostname (not ip)
Just wanted to share my pains and struggles so others wouldn't have to.

AD password synchronization connector error

Hi,
I have installed the AD password synchronization connector 9.1.1. to Windows 2003 SP2 server successfully.
When I tried to reset the users password I can see from the 20120518OIMMain.log file the following errors:
Debug [5/18/2012 8:20:19 PM] The SOAP start element is
Debug [5/18/2012 8:20:19 PM] <SPMLv2Document xmlns="http://xmlns.oracle.com/OIM/provisioning">
Debug [5/18/2012 8:20:19 PM] The SOAP end element is
Debug [5/18/2012 8:20:19 PM] </SPMLv2Document>
Debug [5/18/2012 8:20:19 PM] The path is
Debug [5/18/2012 8:20:19 PM] /spmlws/HttpSoap11
Debug [5/18/2012 8:20:19 PM] End of sgsloidi::setParameters
Debug [5/18/2012 8:20:19 PM] <?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://xmlns.oracle.com/OIM/provisioning"><env:Body><env:Fault><faultcode>env:Server</faultcode><faultstring>Internal Server Error (Caught exception while handling request: java.rmi.RemoteException: null; nested exception is:
* java.lang.NullPointerException)*</faultstring></env:Fault></env:Body></env:Envelope>
Debug [5/18/2012 8:20:19 PM] Inside sgsloidiOIMGeneralErrorHandler
Debug [5/18/2012 8:20:19 PM] Unable to update USR_NAME. There are error messages in the searchReponse. Please check log for details
Debug [5/18/2012 8:20:19 PM] Password updation failed in child process
Can anyone tell me what's wrong with it? please..
What's I should check?
Thank a lot.

1. Check your ports, make sure they are open.
2. For password sync you'll need to have SSL certificates configured so AD, OIM and the connector can talk securely. Make sure the proper keystore is used and certificate is present on all 3 (the connector includes the guide to install them)
With the above I got my connector working to this point. Hope that helps.
- JP

AD-OIM password synchronization connector error

Hi,
I have installed the AD password synchronization connector 9.1.1. to Windows 2003 SP2 server successfully. When I reset the users password I can see from the 20091217OIMMain.log file the following errors:
Debug [12/17/2009 2:08:31 PM] The SOAP start element is
Debug [12/17/2009 2:08:31 PM] <SPMLv2Document xmlns="http://xmlns.oracle.com/OIM/provisioning">
Debug [12/17/2009 2:08:31 PM] The SOAP end element is
Debug [12/17/2009 2:08:31 PM] </SPMLv2Document>
Debug [12/17/2009 2:08:31 PM] The path is
Debug [12/17/2009 2:08:31 PM] /spmlws/HttpSoap11
Debug [12/17/2009 2:08:31 PM] End of sgsloidi::setParameters
Debug [12/17/2009 2:08:31 PM] <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><faultcode xmlns="">env:Server</faultcode><faultstring
xmlns="">Internal Server Error</faultstring><faultactor xmlns=""></faultactor></env:Fault></env:Body></env:Envelope>
Debug [12/17/2009 2:08:31 PM] Inside sgsloidiOIMGeneralErrorHandler
Debug [12/17/2009 2:08:31 PM] Unable to update USR_NAME. There are error messages in the searchReponse. Please check log for details
Debug [12/17/2009 2:08:32 PM] Password updation failed in child process
Where is this searchResponce log file? I tried to see all the Windows log files, which has been updated after my password reset, but none of them has any errors which makes sense or the time would match. Also in 20091216043_PasswordChange.log everthing seems to go okay.
SPML web service is deployed and up and I can hit that URL from my machine. I don't get any printouts to the OIM log file.
Any ideas...? Thanks a bunch!
-J-

1. Check your ports, make sure they are open.
2. For password sync you'll need to have SSL certificates configured so AD, OIM and the connector can talk securely. Make sure the proper keystore is used and certificate is present on all 3 (the connector includes the guide to install them)
With the above I got my connector working to this point. Hope that helps.
- JP

OIM Password sync connector installation issue

Hi All,
I am trying to configure password synchronziation between OIM & Active Directory. while installing AD Password Sync connector on AD Host it is returniing following.
Error occurred while uploading prepAD.ldif. , please refer to %TEMP%\oimpwdsync.log. Please upload
prepAD.ldif to Active Directory Domain Controller before applying ACLs.
Kindly suggest me on this.
Regards,
Madhu

I'm also getting the same error.
This is the content of the log file :
(Apr 14, 2011 6:19:27 AM), Install, com.oracle.installshield.adpwd.pathValidator, dbg, Directory does not exists, will get created at the installation time
(Apr 14, 2011 6:19:38 AM), Install, com.installshield.product.actions.UninstallerJVMResolution, dbg.jvm, attempting to use the current JVM
(Apr 14, 2011 6:19:38 AM), Install, com.installshield.product.actions.UninstallerJVMResolution, dbg.jvm, searching for a JVM
(Apr 14, 2011 6:19:38 AM), Install, com.installshield.product.service.product.PureJavaProductServiceImpl$Installer, err, ProductException: (error code = 601; message="JVM not found")
STACK_TRACE: 8
ProductException: (error code = 601; message="JVM not found")
     at com.installshield.product.actions.JVMResolution.install(JVMResolution.java:171)
     at com.installshield.product.service.product.PureJavaProductServiceImpl$InstallProduct.checkUninstallerJVMResolution(PureJavaProductServiceImpl.java:4793)
     at com.installshield.product.service.product.PureJavaProductServiceImpl$InstallProduct.install(PureJavaProductServiceImpl.java:4554)
     at com.installshield.product.service.product.PureJavaProductServiceImpl$Installer.execute(PureJavaProductServiceImpl.java:3758)
     at com.installshield.wizard.service.AsynchronousOperation.run(AsynchronousOperation.java:41)
     at java.lang.Thread.run(Unknown Source)
(Apr 14, 2011 6:19:38 AM), Install, com.oracle.installshield.adpwd.execTool, err, Cannot run program "C:\Program": CreateProcess error=2, The system cannot find the file specified
(Apr 14, 2011 6:19:38 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, ASCII file C:\Program Files\oracle\OIMADPasswordSync\prepAD.ldif does not exist and will be created.
(Apr 14, 2011 6:19:38 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, gen exp
(Apr 14, 2011 6:19:38 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, C:\Program Files\oracle\OIMADPasswordSync\prepAD.ldif (The system cannot find the file specified)
Anyone fixed it. I have checked JAVA env is set in my machine
C:\>echo %JAVA_HOME%
D:\oracle\Middleware\jdk160_14_R27.6.5-32
C:\>java -version
java version "1.6.0_12"
Java(TM) SE Runtime Environment (build 1.6.0_12-b04)
Java HotSpot(TM) Client VM (build 11.2-b01, mixed mode)
Did anyone fix the issue?

Password Synchronization Connector Error in SSL secure mode (636)

Hello friends,
I tell them my case:
I have an Oracle Identity Manager environment BP15 9.1.0.2 and I installed an Active Directory Password Synchronization plug. The connector works properly in unsafe mode (389), then you have configured the SSL connector in safe mode (636) the log shows the following:
Inside *********** **************** sgslldpcopenLDAPConnection
Debug [10/28/2011 2:21:00 PM] Inside sgsladac c-tor
Debug [10/28/2011 2:21:00 PM] AD Host
Debug [10/28/2011 2:21:00 PM] 192.168.1.10
Debug [10/28/2011 2:21:00 PM]
Debug [10/28/2011 2:21:00 PM] AD Port
Debug [10/28/2011 2:21:00 PM] 636
Debug [10/28/2011 2:21:00 PM]
Debug [10/28/2011 2:21:00 PM] AD Base DN
Debug [10/28/2011 2:21:00 PM] DC = domain1, DC = com
Debug [10/28/2011 2:21:00 PM]
Debug [10/28/2011 2:21:00 PM]
Debugging the code
Debug [10/28/2011 2:21:00 PM] Inside ConnectToADSI
Debug [10/28/2011 2:21:00 PM]
ldap_connect failed with
Debug [10/28/2011 2:21:00 PM] Server Down
Debug [10/28/2011 2:21:00 PM]
Debug [10/28/2011 2:21:00 PM]
Connection to AD failed
Debug [10/28/2011 2:21:00 PM]
Out of openLDAPConnection ********** *****************
Debug [10/28/2011 2:21:00 PM] Inside sgsladac destroyer
Debug [10/28/2011 2:21:01 PM] Datastore --- Connect to AD
Debug [10/28/2011 2:21:01 PM]
Inside *********** **************** sgslldpcopenLDAPConnection
Any suggestions to solve this problem.
thank you very much

1. Check your ports, make sure they are open.
2. For password sync you'll need to have SSL certificates configured so AD, OIM and the connector can talk securely. Make sure the proper keystore is used and certificate is present on all 3 (the connector includes the guide to install them)
With the above I got my connector working to this point. Hope that helps.
- JP

Password Synchronization Connector in HA

Hello friends,
As I can configure the Password Synchronization plug idm Oracle Identity Manager on Oracle WebLogic Server deployed in Cluster (2 nodes)
Thanks.

Yes, you can configure it for 2 nodes in clustered environment. Refer http://docs.oracle.com/cd/E11223_01/doc.904/e10450.pdf 2.3 4. You need to install connector on one node and configure it on both, if it is 11g.
regards,
GP

AD password Sync connector .. LOAD Balanced

we are using AD password sync 9.0.4.x connector with 4 domain controllers. OIM is on 9.1.0.2. Is it possible to configure AD password sync with load balanced Domain Controllers. User are binding to all domain controllers. Please let me know how to achieve this. I am not able to find any document on this. Thanks
Akshay

In password synch the event stream is as follows:
User changes password on the user's machine
The user's machine contacts a "suitable" AD domain controller and updates the user password
The first AD domain controller contacts other AD DCs in order to replicate the change
At some point the AD DC that contains the OIM password synch client module gets updated
The AD password synch client module contacts OIM and updates the password in OIM
Unless you change the OIM AD password synch client you can't have the connection go through a load balancer. According to the connector manual section 2.2 Installing the Password Synchronization Module(http://download.oracle.com/docs/cd/E11223_01/doc.904/e10450.pdf) you can do this at install time but I don't know if it can be done post installation.
Best regards
/Martin

Password synchronization problem

Hi All,
We have configured password synchronization in our SUN IDM Environment.Now we are facing problem with expired Passwords.
Password synchronization is not working with expired passwords.Normal users are able change their password and password change is reflecting on all the configured resources.
Please suggest me on this.
Thanks in Advance
Madhu

Hi Joshua,
Does this mean that I need to install the core and sub component but no need to install the DS and AD connectors. No!!! Core must only be installed on one machine! Here is a short summary of the steps during an installation having sun ONE LDAPs in multi-master replication (taking ldap2 as the machine, whrere core is installed):
1. Install core on ldap2
2. start console and configure your directory sources. For the sun directory source enter ldap2 as the preferred and ldap1 as the secondary ldap. Configure the rest: attribute-mapping, modification flow, AD-source, SULs, etc. save the configuration.
3. on ldap2 run idsync prepds untill you get the SUCCESS message in the following way (be sure to specify the secondary ldap with -j and -r options):
idsync prepds -h <ldap2> -p <ldap2port> -j <ldap1> -r <ldap1port> -D "cn=directory manager" -w <passwort> -s <configuration_registry_suffix>4. Run the install binaries again on ldap2. Install DS Connector on ldap2, install DS-Subcomponent (preferred) on ldap2. Install AD-Connector.
5. Copy over install binaries to ldap1. Run the install binaries on ldap1. Give ldap2 as configuration directory URL When you are asked, what components to install, select subcomponent. Select the suffix. When you are asked, what type of ldap, select secondary.
6. Copy over install binaries to any ldap slave in your replication topology and install the subcomponent there, choosing "other" as the ldap type.
Good luck again...
Jakob.

About password synchronization in OIM11g

Hi all i have done password policies in oim11g but now i'm trying for password synchronization but i dont know how to proceed so plz give me information and link/materials for this topic .
Thanks in advance for quick response.

download Password sync connector(MSFT_PSync_91150.zip ) from below link
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html
extract it and follow the connector doc for installation and configuration steps.
--nayan

Password synchronization between OID and AD - 10.1.2

Hi,
I've some questions about the following issue:
I've tried to setup the password synchronization between OID 10.1.2 and active directory, with the intent of exporting ldap users from OID to AD..
Well, the bootstrap gone fine, but when I tried to activate the export of password in the activexp.map configuration file,
I've obtained this:
*Writer Thread - 0 - [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0*
for each entry I tried to export...
I've opened a SR on metalink and I've received the following answer:
_" As shown by the synchronization profile, currently you have a mapping for the password from OID to AD._
_userpassword: : :person:unicodepwd: :person:_
_According to the documentation, password synchronization requires the directories to be configured for SSL mode:_
    _http://download-uk.oracle.com/docs/cd/B14099_12/idmanage.1012/b14085/odip_actdir003.htm#CHDEFIED_
_18.3.2.8 Synchronizing Passwords_
_You can synchronize Oracle Internet Directory passwords with Active Directory._
   _You can also make passwords stored in Microsoft Active Directory available in Oracle Internet Directory._
   _Password synchronization is possible only when the directories run in SSL mode 2, that is, server-only authentication."_
The SSL setup is the only way to achieve this, or there's another alternative?
Thanks

Yes. It needs to be in SSL.
http://download-uk.oracle.com/docs/cd/B14099_12/idmanage.1012/b14085/odip_actdir003.htm#CHDCJHHB
Some excerpts:
Active Directory Connector uses SSL to secure the synchronization process. Whether or not you synchronize in the SSL mode depends on your deployment requirements. For example, synchronizing public data does not require SSL, but synchronizing sensitive information such as passwords does. To synchronize password changes between Oracle Internet Directory and Microsoft Active Directory, you must use SSL mode with server-only authentication, that is, SSL Mode 2.
-shetty2k

64 bit Password Sync Connector - Win2K3 -X64

Hey all,
I am trying to get all of my WIndows DC's doing Password Synchronization. I install the Password sync connector on each DC, both x86 and x64. THey are all configured correctly with logging enabled in the registry. The x86 servers create logs and are synchronizing passwords back to the OIM server.
THe x64 DC's are not working at all. No logs are generated and no passwords are synchronized.
Not really sure what to do to get them working...
Any help would be greatly appreciated.

Try adding -Xms3G to start with a 3GB heap. I suspect that you will not be able to and hence you have a much smaller heap than you expect. Also note that there are limits on what you can allocate depending the values used to configure the old and young generation and the size of the survivor spaces etc - check out the GC ergonomics/tuning guide on java.sun.com.

AD Password Sync Connector: Configuring IT Resource Parameters

Hi,
In the installation guide of the AD Password Sync Connector there is a step (page 30) to configure the IT Resource (ADITResource) parameters: ADPWSYNCH Installed, ADPWSYNCH OIMFlag and ADPWSYNCH ADFlag. Even after a successful installation of the connector, these parameters were not created during the installation. Do they are created during the installation process or I have to create them manually?
If they area created during the installation, so the UDF USR_UDF_PWDCHANGEDINDICATION also has to be created, right? In my case, the USR_UDF_PWDCHANGEDINDICATION field also was not created.
Thanks,
Renato Guimarães.

That is the problem...
When I installed the connector I didn't get any error and I get a message the connector was installed ok. I think I will reinstall it.
Thanks,
Renato

AD Password Sync connector functionality

Hi,
I have installed AD Password Sync connector as per the documentation. I have added the User Defined field USR_UDF_PWDCHANGEDINDICATION and also field USR_UDF_PASSSTATUS.
After installation I have done changes in the xlconfig.xml file and in that file under <Results></Results> tab i specified results to be shown in the USR_UDF_PASSSTATUS field.
now when i am changing the user's password in Active Directory natively then i can find from log that it is first setting the value of USR_UDF_PWDCHANGEDINDICATION filed to ADSYNC_TRUE and then after changing password in OIM, it is setting it back to ADSYNC_FALSE.
But I am getting error in updating USR_UDF_PASSSTATUS field... follwoing error come in log file:
22 Aug 2008 09:36:35 INFO Set the value of UDF field to ADSYNCH_TRUE value
22 Aug 2008 09:36:35 INFO Going to update the USR_UDF_PWDCHANGEDINDICATION to ADSYNCH_TRUE
22 Aug 2008 09:36:37 INFO update the value of USR_UDF_PWDCHANGEDINDICATION to ADSYNCH_TRUE
22 Aug 2008 09:36:37 INFO Invoking OIM API for setting Password
22 Aug 2008 09:37:01 INFO Password changed
22 Aug 2008 09:37:01 ERROR Unable to update status
Thor.API.Exceptions.tcStaleDataUpdateException
     at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.updateUserData(Unknown Source)
     at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.updateUser(Unknown Source)
     at com.thortech.xl.ejb.beans.tcUserOperationsSession.updateUser(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at org.jboss.invocation.Invocation.performCall(Invocation.java:345)
     at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:214)
     at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:149)
     at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:154)
     at org.jboss.webservice.server.ServiceEndpointInterceptor.invoke(ServiceEndpointInterceptor.java:54)
     at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:48)
     at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:106)
     at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:335)
     at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:166)
     at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:153)
     at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:192)
     at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
     at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
     at org.jboss.ejb.Container.invoke(Container.java:873)
     at sun.reflect.GeneratedMethodAccessor116.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
     at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
     at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
     at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245)
     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
     at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:805)
     at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:406)
     at sun.reflect.GeneratedMethodAccessor138.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
     at sun.rmi.transport.Transport$1.run(Transport.java:148)
     at java.security.AccessController.doPrivileged(Native Method)
     at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
     at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
     at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
     at java.lang.Thread.run(Thread.java:534)
     at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Unknown Source)
     at sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)
     at sun.rmi.server.UnicastRef.invoke(Unknown Source)
     at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
     at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:119)
     at org.jboss.invocation.InvokerInterceptor.invokeInvoker(InvokerInterceptor.java:227)
     at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:167)
     at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
     at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
     at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:97)
     at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:86)
     at $Proxy4.updateUser(Unknown Source)
     at Thor.API.Operations.tcUserOperationsClient.updateUser(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
     at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
     at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
     at $Proxy2.updateUser(Unknown Source)
     at com.thortech.xl.integration.adpasswordsynch.ChangePassword.changePassword(Unknown Source)
     at com.thortech.xl.integration.adpasswordsynch.ChangePassword.main(Unknown Source)
22 Aug 2008 09:37:01 INFO Set the value of UDF field to ADSYNCH_FALSE value
22 Aug 2008 09:37:01 INFO Going to update the USR_UDF_PWDCHANGEDINDICATION to ADSYNCH_FALSE
22 Aug 2008 09:37:01 INFO changed the USR_UDF_PWDCHANGEDINDICATION to ADSYNCH_FALSE
22 Aug 2008 09:37:01 INFO Password synch over
22 Aug 2008 09:37:01 INFO Before System.exit(0):
Also, when I am changing password in Active Directory in OIM, Change User Password is task run for Active Directory and it is updating the password in Active Directory again.
Can someone please tell me, is it proper functionality of AD Password Sync. Actually I am really confused with the functionality of this AD password sync connector.
Thanks & Regards,
Yash Shah

That is the problem...
When I installed the connector I didn't get any error and I get a message the connector was installed ok. I think I will reinstall it.
Thanks,
Renato

Identity Synchronization for Microsoft 1.0 password synchronization failure

Hi
I�ve installed Identity Synchronization for Microsoft 1.0, and I can synchronize all attribute mail, telephonenumber etc � but I can not sync passwords! Between Active Directory and DS 5.2!!!
In the audit log of isw I have
CNN101 server1 "The controller has received the following inbound action from the accessor: Typ
e: UNKNOWN {Data Attrs: } {Other Attrs: samaccountname: user1 usnchanged: 1696 objectguid: NfQTjHdpAE+h4MS/2UxZzQ== dn: CN=user1 user,OU=util
i,DC=ldap,DC=com whenchanged: 20040825204423.0Z sn: user1 givenname: user}." (Action ID=CNN101-FE9B7FD2EE-6, SN=0)
but for a telephone number modification i have:
CNN101 server1 "The agent has received the following inbound action from the controller: Type: MODIFY SUL: SUL1 {Data Attrs: [REPL telephonenumber: 88888888888888]} {Other Attrs: samaccountname: user1 usnchanged: 2893 objectguid: ReawE
r7nqkSYpupcV/7V3w== dn: CN=user1 users,OU=utlisateurs,DC=fr,DC=ldap,DC=com whenchanged: 20040826194415.0Z}." (Action ID=CNN101-FE9BE2BDDF-26, S
N=1)
Can anybody help ?
I have installed one connector for AD , and one connector for DS and a subcomponent, the user are linked and resync with success.
Thanks

Hi,
ISW does not propagate the new password value itself when a password change is detected in Active Directory. The log message quoted does not show any error.
Note that passwords are not synchronized during resync. However, when resync'ing from Active Directory to Sun ONE Directory, you can invalidate the passwords of the Sun ONE Directory accounts using the -i flag. The invalidation will force on-demand password synchronization to start when a user with invalidated passwords attempts authentication to Sun ONE Directory.
I would also highly recommend following the instructions in the troubleshooting section of the product documentation.
Bertold

Password Synchronization Connector Installation

Similar Messages

Maybe you are looking for