Problem Creating Oracle Schema in Active Directory

Hi,
I am trying to integrate oracle 9i in an Microsoft Active directory domain
I tried to integrate the db in the domain using net configuration assistant on the Oracle Client but
I get always the same error after inserting the fully name of domain controller and confirm to create the oracle schema. The error I get is:
“The Assistant is unable to create or update
the schema for the following reason:
ConfigException: Could not create Oracle schema oracle.net.config.ConfigException
You must update the schema from a computer which directly supports
your type of directory."
Also I checked every requirement to install:
-Log on as an Administrative account in the domain
-Enable active directory schema changes
-ping the whole dns domain, the fqdn of my domain controller is dc.ecm.com, I can:
ping dc.ecm.oracle
At this point I don’t know anymore what I can do.
Please help me
Thank you in advance
Fahim Ghauri

Take a look at metalink Note:361192.1
Bug 3975572 - "...Netca 10g can successfully create a schema and context in W2k but does not in W2003. This reproduces on both the domain server and a client..."

Similar Messages

Integrating Oracle Portal & Microsoft Active Directory

Dear friends
I Integrated Oracle Portal & Microsoft Active Directory without any error or problems but it just integrate the users under Users Container in active directory, I have some OU,Groups and policies and I categorized my users under them, so when I run "sh oidspadi.sh" and set "cn=...." with other values except "Users" it can not add all of the users under specific groups or policies.
Please let me know how can I add all of my users in active directory to OID?
Thanks
Babak Saraie

I'm not familiar with iPlanet, but if it can allow basic
authentication and connect to AD, it should be possible to do what
you want.
Personally, I would rather that the browser did not
automatically log me in. For example, if someone was having
problems with their "view" on the intranet web site, if they
visited your office, you would have to log off, let them log on
(and wait while their profile was created) just to let them open a
browser.
Is it really asking too much for them to enter their
username/password into a browser prompt once each day? Heck, most
browsers will remember usernames and passwords so you don't have to
type it. You just click OK.
That's just my perspective.
M!ke

Creating group dynamically in active directory depending on their role

Hi,
I have sycn oid and active directory using directory integration platform. Now the scenario is We have one system says hr system which take care of entering all the user information. Once it submit that information it goes to oid. Now we want that when we import all that user from oid to active directory it didn't duplicate any user as well as depending on their role it should create groups dynamically in active directory. For e.g: If user belong to Trainee category or manager category it must create Trainee group & Manager group & respective person should go into that group. I don't know whether my question is placed in right group or not. I am using filter to do this task but not able to write proper condition in "source matching filter" and "destination matching rule". Any help will be appreciated.
Thanks,
Sonya Sharma

Thanks Tamim. To clear your thought, i will explain again. I have sync oid and active directory through Directory integration platform. I have created user in oid.(cn=users,dc=mycompany,dc=com). It get sync in active directory properly. Now i have created two group in active directory say for e.g Trainees and Manager. There is a field name position in oid which is a custom attribute. When i fill the information of user in oid, I have to fill "Position" attribute also. So my question is that, if i fill Trainee as a value in Position attribute and click on submit it should go in Trainee Group In active directory and not in user group. Same for manager. How can we achieve this? Can we do it through filter? Or any other way? It's needed desperately. Please help me in resolving this issue.
Regards,
Sunil

Need Help creating new user in Active Directory

I am trying to create a new user in active directory via a java application. I have included the code that I am using. I am able to successfully bind to Active Directory. I have been able to change passwords, and delete users, but I have not been able to create a user.
ldapHost : "mta101.DOM101.CEL.ACC.AF.MIL"
domainName: "dc=dom101,dc=cel,dc=acc,dc=af,dc=mil"
existing account: CN=Brett K. Humpherys,OU=Users,OU=CEL
I get the following error on the createSubcontext statement:
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - 00000057: LdapErr: DSID-0C09098B, comment: Error in attribute conversion operation, data 0, v893 ; remaining name 'CN=test1,OU=Users,OU=CEL'
I have commented out the password portion and change the ObjectCategory to a 32 and get the same error.
    public GblStatus createAccount7(DbaDb dbConn,
                                    String jsrcName,
                                    String personName,
                                    String username,
                                    String password)
      Hashtable ldapEnv = new Hashtable(11);
      ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
      ldapEnv.put(Context.PROVIDER_URL, "ldap://" + this.ldapHost + ":636");
      ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
      ldapEnv.put(Context.SECURITY_PROTOCOL, "ssl");
      ldapEnv.put(Context.REFERRAL, "ignore");
      ldapEnv.put(Context.SECURITY_PRINCIPAL,"cn=" + this.adminAcct + ",cn=users," + this.domainName);
      ldapEnv.put(Context.SECURITY_CREDENTIALS, this.adminPwd);
       try
        // Create the initial context
        DirContext ctx = new InitialDirContext(ldapEnv);
        BasicAttributes attrs = new BasicAttributes();
        BasicAttribute ocs = new BasicAttribute("objectclass");
        ocs.add("top");
        ocs.add("person");
        ocs.add("organizationalPerson");
        ocs.add("user");
        attrs.put(ocs);
        BasicAttribute gn = new BasicAttribute("givenName", "test1");
        attrs.put(gn);
        BasicAttribute sn = new BasicAttribute("sn", "");
        attrs.put(sn);
        BasicAttribute cn = new BasicAttribute("cn", "test1");
        attrs.put(cn);
        BasicAttribute uac = new BasicAttribute("userAccountControl", "66048");
        attrs.put(uac);
        BasicAttribute sam = new BasicAttribute("sAMAccountName", "test1");
        attrs.put(sam);
        BasicAttribute disName = new BasicAttribute("displayName", "test1");
        attrs.put(disName);
        BasicAttribute userPrincipalName = new BasicAttribute
                                      ("userPrincipalName", "[email protected]");
        attrs.put(userPrincipalName);
        BasicAttribute instanceType = new BasicAttribute("instanceType", "4");
        attrs.put(instanceType);
        BasicAttribute objectCategory = new BasicAttribute
                  ("objectCategory","CN=User,CN=Schema,CN=Configuration," + domainName);
        attrs.put(objectCategory);
        String newVal = new String("\"password\"");
        byte _bytes[] = newVal.getBytes("Unicode");
byte bytes[] = new byte[_bytes.length - 2];
System.arraycopy(_bytes, 2, bytes, 0, _bytes.length - 2);
BasicAttribute attribute = new BasicAttribute("unicodePwd");
attribute.add((byte[]) bytes);
attrs.put(attribute);
ctx.createSubcontext("CN=test1,OU=Users,OU=CEL", attrs);
ctx.close();
catch (NameAlreadyBoundException nex)
System.out.println("User ID is already in use, please select a different user ID ...");
catch (Exception ex)
System.out.println("Failed to create user account... Please verify the user information...");
ex.printStackTrace();
return new GblStatus();
Any help would be much appreciated.

Hi .,
me too got up with same problem., can anyone help me.??
Someone help me to create attributes in AD using LDAP
package LDAPpack;
import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import java.util.Hashtable;
class CreateAttrs {
public static void main(String[] args) {
     Hashtable env = new Hashtable();
          env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
          env.put(Context.PROVIDER_URL, "ldap://10.242.6.166:389/");
          env.put(Context.SECURITY_AUTHENTICATION,"simple");
          env.put(Context.SECURITY_PRINCIPAL, "CN=cname,OU=Users,OU=Dealer,OU=Community,DC=test2,DC=org");
                    env.put(Context.SECURITY_CREDENTIALS, "password-1");
          LdapContext ctx =null;
          try {
               //ctx = new InitialLdapContext(env,null);
               try {
ctx = new InitialLdapContext(env,null);
               catch(NamingException e) {
System.out.println("Login failed");
System.exit(0);
if(ctx!=null){
System.out.println("Login Successful");
byte[] buf = new byte[] {0, 1, 2, 3, 4, 5, 6, 7}; // same data
     // Create a multivalued attribute with 4 String values
     BasicAttribute oc = new BasicAttribute("objectClassNew", "topNew");
     oc.add("personNew");
     oc.add("organizationalPersonNew");
     // Create an attribute with a byte array
     BasicAttribute photo = new BasicAttribute("jpegPhotoNew", buf);
     // Create attribute set
     BasicAttributes attrs = new BasicAttributes(true);
     attrs.put(oc);
     attrs.put(photo);
     Attributes attrs1 = ctx.getAttributes("CN=cname,OU=Users,OU=Dealer,OU=Community,DC=test2,DC=org");
System.out.println(attrs1);
Context result = ctx.createSubcontext("CN=cname,OU=Users,OU=Dealer,OU=Community,DC=test2,DC=org", attrs);
//i got error here; i attach the error below.
     ctx.close();
System.out.println("close");
     catch(NamingException e){
          e.printStackTrace();
ERROR:
Login Successful
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece
ANYONE HELP ME PLS.
Edited by: vencer on Jun 19, 2008 12:38 AM

Oracle 9i and Active directory

Hi,
We have Oracle 9i R2 and windows 2003 Active Directory as domain controller on the same server.
I'm not comfortable with this idea having both on the same machine and I am considering to put them on separate servers, and to integrate Oracle with Active Directory.
Is it advisable to leave then on the same machine? are there any known problems?
I couldn't find any documents from Oracle regarding this. any suggestions any links will be appreciated.
Tony Garabedian

If I remove the server of being a domain controller with AD (dcpromo out, and losing the Administrator profile on that machine) and leave only Oracle on it, will Oracle still be functional?Yes. But I'd check file access rights. Anyway you'll still have local Admin account available. Think about:
. I got a domain admin account
. I install Oracle
. I leave the company and my account is deleted
=> oracle is still working perfectly
I can't see any reason this would work otherwise in your case. Anyway you could just create a full server backup, and if any problem restore it (Ghost for example).
The sole problem would be if you defined oracle users identified via AD acess, but that works weird anyway.
Furthermore, I totally agree with Jaffar. Use OID rather than AD. We had many problems to setup a working config there... afterwards this was too much time-consuming to manage and I changed it to OID. Since then it's working kind of magic.
Regards,
Yoann.

How to add a new schema in active directory by jndi?

I can add new objectclass schema and new attribute into eDirectory from JNDI. But I failed doing the same to active directory. I search all topic in this forums and seems like there is no such answer. So for active directory, the only way to add new schema is by using MS MMC + AD schema snap-in?

You can update the schema via LDAP. Any tool that uses LDAP, such as Active Directory Services Interface (ADSI), Java/JNDI, LDAP Data Interchange Format (LDIF) can be used. You are not restricted to the Active Directory Schema Management snap-in.
I strongly recomend that you read the following article http://windowssdk.msdn.microsoft.com/en-us/library/ms677995.aspx as schema extensions are not to be undertaken lightly.
Also, if you are extending the schema, DO NOT use other organization's schema OID's. Imagine how directories would become inoperable because you defined hat size as an integer value with an OID of 1.2.3 and someone else defined Social Security Number as a string with an OID of 1.2.3 ! You can obtain your own OID branch from either Microsoft (http://msdn.microsoft.com/certification/ad-registration.asp) or from a standards organization such as ANSI.
I'm kind of hoping that seeing as though you have mentioned that you have extended the schema for e-Directory, that you understand LDAP schemas and that you have your own valid OID. Do not use my shoe size OID !
The following snippet illustrates how to extend the schema using JNDI.....
String attrName = "cn=ms-ShoeSize,cn=Schema,cn=Configuration,dc=antipodes,dc=com";
LdapContext ctx = new InitialLdapContext(env,null);
Attributes attr = new BasicAttributes(true);
attr.put("cn","ms-ShoeSize");
attr.put("objectClass","attributeSchema");
attr.put("ldapDisplayName","msShoeSize");
attr.put("isSingleValued","TRUE");
attr.put("attributeID","1.2.840.113556.1.4.7000.141");
attr.put("attributeSyntax","2.5.5.9");
Context newattr = ctx.createSubcontext(attrName,attr);Having created a new attribute, you could then either add it to an existing class, or create another abstract class, add it to the new abstract class, and add the the new abstract class as an auxilliary class to an existing structural class. For example create a new auxilliary class called "clothes Sizes", add the attribute "Shoe Size" as a mayContain attribute, and then add "Clothes Sizes" as an auxilliary class to inetOrgPerson.
Note that you need to wait for the schema cache to refresh, before adding attribute or class definitions to one another, and before instantianting new objects with the new classes & attribute definitions. You can either wait for teh schema cache to refresh itself, or you can force a refresh by writing the value of 1, to the attribute "schemaUpdateNow" on the RootDSE.
As I mentioned at the start of this response, I personally prefer to use LDIF, simply because it enables end-users/customers to review the schema extensions and understand their potential impact before applying them. A sample that accomplishes the above would look something like:dn: CN=ms-ShoeSize,CN=Schema,CN=Configuration,DC=Antipodes,dc=com
changetype: add
objectClass: attributeSchema
cn: ms-ShoeSize
ldapDisplayName: msShoeSize
attributeID: 1.2.840.113556.1.4.7000.141
attributeSyntax: 2.5.5.9
isSingleValued: TRUE
dn:
changetype: modify
replace: schemaupdatenow
schemaupdatenow: 1
dn: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=Antipodes,dc=com
changetype: modify
add: mayContain
mayContain: mSShoeSize
dn:
changetype: modify
replace: schemaupdatenow
schemaupdatenow: 1
-

Creating a contact in Active Directory

Hello,
I'm new to LDAP and I'm having trouble creating a contact in AD. When I try to create the contact I recieve:
Problem creating contact: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002040: SvcErr: DSID-030508F8, problem 5003 (WILL_NOT_PERFORM), data 0
A fragment of the code I'm using is:
{code}
try {
LdapContext ctx = null ;
Hashtable<String,String> env = new Hashtable<String,String>();
String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com";
String adminPassword = "mypassword";
String ldapURL = "ldap://localhost:389";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
env.put(Context.PROVIDER_URL,ldapURL);
//Create the initial directory context
ctx = new InitialLdapContext(env,null);
// Create attributes to be associated with the new contact
Attributes attrs = new BasicAttributes(true);
Attribute oc = new BasicAttribute("objectclass") ;
oc.add("top");
oc.add("person");
oc.add("organizationalPerson");
oc.add("mailRecipient");
oc.add("contact") ;
attrs.put(oc);
//Mandatory attributes for a contact object
attrs.put("cn","BFranklin");
//These are optional (but important) attributes
attrs.put("givenName","Benjamin");
attrs.put("sn","Franklin");
// Create the context
Context result = ctx.createSubcontext("CN=BFranklin,OU=Research,DC=antipodes,DC=com", attrs);
System.out.println("Successfully created contact.");
catch (NamingException e) {
System.err.println("Problem creating contact: " + e);
I've been able to perform other operations such as searches and creation of groups, but this has me stumped.

Not sure what the exact problem is. (I always laugh when I see someone using my demo domain name !)
A few things to check.
Is your domain really called "antipodes.com" ? (I know mine is, no idea bout yours !)
Do you have an OU called research ?
Is there already another object (perhaps a user) with the same common name (CN=Albert Einstein) in the OU ?
You may want to simplify the objectClass definition, perhaps your schema definition may be slightly different ? .....
Attributes attrs = new BasicAttributes(true);
//Mandatory attributes for a contact object
attrs.put("objectClass","contact");
attrs.put("cn","BFranklin");
//These are optional (but important) attributes
attrs.put("givenName","Benjamin");
attrs.put("sn","Franklin");
......Othr than that, I'm stumped as well !

Problem migrating account from one active directory domain to another. Using NetBIOS

Hello,
I'm migrating a Lion machine from one domain to another. When I try to join it to abc.example.com it joines it to 123.example.com in the list of domains. 123.example.com is the NetBIOS name of abc.example.com. This configuration does not work.
What is even more strange, is if I go into the Open Directory Utility > Active Directory to set the create mobile account settings, once I apply the settings (or even if I don't apply the settings) when I get back to the list of domains, it show BOTH abc.example.com and 123.example.com as domains I am joined to. If I remove 123.example.com it removes abc.example.com.
I've only seen this problem one other time and this was with a snow leopard machine that was not bound to AD. I upgraded it to Lion and tried to bind it, and had the exact same thing occur.
I'm certain there is a "stuck" setting somewhere that is causing this. I have had successful snow leopard > lion upgrades work, and many lion machines joined to AD so this does work normally. Just not sure whats wrong or really where to look.
The OS is fully patched and updated to the current version.
Any thoughts?

Case 1:
Here you can written pre-update event handler which will check whether minor and major org code changed or not.
If changed then first starts de-provisioning and then start provisioning.
If not changed then do nothing.
This approach will not transfer accounts from one domain to another but it will create fresh accounts and remove accounts from old domain.
Case2:
If you want to transfer accounts from one domain to another in that on pre-update you have to change OU of user on process which automatically move to another domain.
but not sure about exchange it is possible to move to another domain.
hopping that all domains under same forest otherwise same Connector Sever will not work.

How to create an OracleContext in Active Directory ?

Hi all,
I just installed Oracle Application Server 10g (9.0.4) on a Windows running Active Directory. I would like to demonstrate AD capability to manage Enterprise User Security (as OID is capable of).
When I run Net Configuration Assistant to setup Directory Usage for Active Directory, it can read AD because it gives a message telling that OracleContext has to be created. So, it ask me for a "User DN" and a password.
I have tried all possibilities I could thing of to get connected but none of them work.
The most obvious DN I tried was: cn=Administrator,cn=Users,dc=lab,dc=test (for my lab.test domain).
I get "Authentication error", "Unkown error" but could get through it.
Does anybody gone through this yet ?
Thanks a lot for help out

Answer provided by Oracle Support:
" You cannot use AD directly for authentication. You need one OID/ OVD in the middle. AD cannot be used directly for Enterprise User Security. "

Error while creating a user in Active Directory.

Hi Guys,
I am creating a custom connector for AD and Exchnage , I am able to create user in AD using my Java Code... but i am also getting below error, I want to finish the operation smoothly.... Please find below error logs.
13:51:15,635 ERROR [STDERR] Data AccessException:
13:51:15,636 ERROR [STDERR] com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: SQL: select UD_AD_CHILD_GRP_NAME from UD_AD_CHILD where UD_AD_CHILD_KEY = Description: ORA-00936: missing expression
SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException
at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getChildTableFieldValue(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.insertResponseMilestones(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostUpdate(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.updateSchItem(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeProcessAdapter(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeAdapter(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpCREATEADUSER.implementation(adpCREATEADUSER.java:85)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(Unknown Source)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)
at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
at org.jboss.ejb.Container.invoke(Container.java:960)
at sun.reflect.GeneratedMethodAccessor135.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:195)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
at $Proxy758.setProcessFormData(Unknown Source)
at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
at $Proxy803.setProcessFormData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:619)
Thanks,
Hemant

at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
This is definitely a Custom Adapter because OOTB Adapter name is adpADCSADDUSERTOGROUP and NOT adpADDUSERTOADGROUP
So, it is your custom code and in the code you are passing incorrect value of the Active Directory Child process form...
The correct name is UD_ADUSRC and the Group Name column name is UD_ADUSRC_GROUPNAME.
While you are passing UD_AD_CHILD as the child process form and UD_AD_CHILD_GRP_NAME as Group Name column name..
Use OOTB Adapter... Correct these discrepancies... Your addition of group will work
And since you are creating custom adapter, you need to be more careful and remain consistent throughout..
Then if you want to use UD_AD_CHILD_GRP_NAME, use it everywhere consistently... Pass only this value in the adapter...
And even in lookups, if any... Search everywhere... Keep things consistent... They will work... Because good news is that you are able to create user in AD via Java Code...
And if any post is even slightly helpful, it is a good habit to mark it with helpful or correct ... And also mark the entire question as answered so that other people also are benefited.

Keeping Oracle Away From Active Directory

I'm VERY new to all of this - I feel comfortable enough that my question is at least related to: "Database-General" - Please no flames. (Or if you have to, make 'em a nice flame, anyway.)
While not new to databases, I've chosen to begin my Oraclespecific_ profession. 'Til now I have been concentrating my career as a *nix SysAdmin and network engineer. But ...
Recently I repositioned myself professionally to a new Oracle shop. It's a Win-(only)-Shop, and am now needing to ask this question, if I may please.
Are there any advantages or DIS-advantages, when installing Oracle "out-of-the-box", for a new installation, as to HAVing the server joined to an Active Directory (or Domain), vice just leaving the box as a "stand-alone" station and OUTSIDE any "MS Network Security" architecture?
Go easy on me, please?

Hi John,
also have a look at Active Directory and APEX 3.1
Basically you have to use mydomain\%LDAP_USER% as LDAP DN String for MS Active Directory Authentication.
Regards
Patrick
My Blog: http://www.inside-oracle-apex.com
APEX Plug-Ins: http://apex.oracle.com/plugins
Twitter: http://www.twitter.com/patrickwolf

Problems using native query in Active Directory connector v 9.1

Hello,
Has anyone ran into a problem when trying to do a query with a not operator?
I want to import all users, but not computers.. so I tried the query (&(objectClass=user)(!objectclass=computer))
I tried this query directly in the active directory and it worked.
The problem is when I apply it to OIM it gives out the following error:
DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ActiveDirectoryRecon::performReconciliation() Enter
DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ActiveDirectoryRecon::setTaskSchedulerObjectName() Enter
INFO,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],Starting Active Directory Trusted Reconciliation
DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ActiveDirectoryRecon::setTaskSchedulerObjectName() Exit
DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ADLookupMaps::getADFieldsArray() Enter
DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],ADLookupMaps::getADFieldsArray() Exit
DEBUG,29 Oct 2008 19:48:06,337,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Enter
DEBUG,29 Oct 2008 19:48:06,350,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Exit
DEBUG,29 Oct 2008 19:48:06,350,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Enter
DEBUG,29 Oct 2008 19:48:06,363,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Exit
DEBUG,29 Oct 2008 19:48:06,363,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Enter
DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcUtilAttributeNameMap::getLookupDecodeValue() Exit
DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],ADReconTaskAttrs::parseAndSetMultiValAttrs() Enter
DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],ADReconTaskAttrs::parseAndSetMultiValAttrs() Exit
DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],ActiveDirectoryRecon/performReconciliation :query (&(&(objectClass=user)(!objectclass=computer))(whenChanged>=19000101000000.0Z))
DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::searchResultPageEnum() Enter
DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::connectToAvailableAD() Enter
DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::hashTableEnvForDirContext() Enter
DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::hashTableEnvForDirContext() Exit
DEBUG,29 Oct 2008 19:48:06,374,[OIMCP.ADCS],tcADUtilLDAPController::hashTableEnvForLDAPContext() Enter
DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],tcADUtilLDAPController::hashTableEnvForLDAPContext() Exit
DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],tcADUtilLDAPController::validateCertificates() Enter
DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],tcADUtilLDAPController::validateCertificates() Exit
DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],Critical Extensions Supported
DEBUG,29 Oct 2008 19:48:06,375,[OIMCP.ADCS],tcADUtilLDAPController::invalidateSSLSession() Enter
DEBUG,29 Oct 2008 19:48:06,549,[OIMCP.ADCS],tcADUtilLDAPController::invalidateSSLSession() Exit
DEBUG,29 Oct 2008 19:48:06,989,[OIMCP.ADCS],tcADUtilLDAPController::connectToAvailableAD() Exit
ERROR,29 Oct 2008 19:48:06,989,[OIMCP.ADCS],The error occured in tcADUtilLDAPController::searchResultPageEnum():Unbalanced parenthesis
DEBUG,29 Oct 2008 19:48:06,989,[OIMCP.ADCS],tcADUtilLDAPController::disconnect() Enter
DEBUG,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],tcADUtilLDAPController::disconnect() Exit
DEBUG,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],tcADUtilLDAPController::searchResultPageEnum() Exit
DEBUG,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],ActiveDirectoryRecon::performReconciliation() Exit
INFO,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],End of Active Directory Reconciliation....
DEBUG,29 Oct 2008 19:48:06,990,[OIMCP.ADCS],ActiveDirectoryReconTask/execute End
Thanks in advance,
Tomic

Hi,
Try this and it will work.I am using it.
(&(objectClass=user)(!(objectClass=computer)))
Regards
Nitesh

Delete local accounts created when logging into Active Directory?

When a user logs into their Mac using their Active Directory credentials, a new local user folder is created that corresponds to their login name. But a new account doesn't show up in the System Preferences Accounts. So how do I go about deleting this local account? Can I simply delete their Users folder?
Thanks.
G4 (model M8839LL/A) Mac OS X (10.4.8)

AD does this with Windows, too. This is because the AD account is not the same as the local account. If you have a user with the username joeuser, and he has a local account named joeuser, he'll have a home directory in that name. If he logs into and AD system with the domain name ADDomain, there will then be an account with a name something like joeuser.ADDOMAIN, which, by definition, is not the same as the account joeuser. On a Windows box, at the same time as the joeuser.ADDOMAIN account is created the joeuser account will have its name changed; if the box's name is joe's_mac, the joeuser account will become joeuser.JOE'S_MAC. This kind of thing will apply only to users who have both local and domain accounts. Users who have only local accounts, such as jilluser, will not have their account name changed. Users who have only domain accounts, such as bobdomain, will not have their account name changed. Users will not notice any difference in the way they log in; they will log into their domain account, and see just what that account has access to, or will log into their local account, and see just what that local account has acces too, depending only on how they set the login box. They will never have to enter joeuser.ADDOMAIN, just joeuser... and the domain name in the proper place.
If you delete the domain account, a new one will be automatically generated as soon as the user logs back in using a domain account. Any data stored in that account will be deleted when you delete the account.

Step by step process to create domain name and active directory in windows 7 64 bit

Step by step process to create domain and active directory in windows 7 64 bit
I work in an organization
I want to create a domain name SBBYDP and make it server for other computers
I want that, all users’ have a personal account while they use any computer from this organization, even they use any computer from this network they use their own account to login to network.
And this may be in Active directory option.
I installed windows 7 professional edition 64 bit
Can any person help me? Step by step process, I always thanks full all of you

Hi,
You must use the Windows Server platform system for the AD service, you can refer the following KB first:
Active Directory
http://technet.microsoft.com/en-us/library/bb742424.aspx
AD DS Deployment Guide
http://technet.microsoft.com/zh-cn/library/cc753963(v=ws.10).aspx
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Using Flash to create visual representation of Active Directory

Hi, I would like to know if anyone know how to do this? Basically, I have floorplans of the various sites that our company uses. i have made these floorplans vectors, and can be used in flash. the floor plans are quite detailed, with desks included. What I would like is some integration with Active directory, where i can have a visual picture of computers populating the various floorplans, but the population of this is driven by the active directory. so computer names and user names would be visable in this dynamic visual representation. I saw an article on the microsoft site, how to do just this with viso 2007, but wondering if i can do this with flash. any ideas?

Hi,
Yes it is possible. Basically just few things are required to go ahead
1. need to understand Flash LoadVars
2. In ASP, you need to know how to connect to and run SQL against the database
There is a thread that talks about how flash can load variables from an ASP script may help you
http://actionscript.org/forums/showthread.php3?t=67379
Thanks!
ps: please mark this thread as Answered if this is of help to you.

Problem Creating Oracle Schema in Active Directory

Similar Messages

Maybe you are looking for