Problem provisioning Users in AD
When trying to provision a user in AD , the following error is logged:
08/08/18 17:56:03 Running STEP1
08/08/18 17:56:03 Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations
08/08/18 17:56:58 Running Get Attribute Map
08/08/18 17:56:58 Running AD Create User
DEBUG,18 Aug 2008 17:56:58,445,[XL_INTG.ACTIVEDIRECTORY],user principal ::[email protected]
DEBUG,18 Aug 2008 17:56:58,461,[XL_INTG.ACTIVEDIRECTORY],resultcom.sun.jndi.ldap.LdapCtx@1a30bae
ERROR,18 Aug 2008 17:56:58,461,[XL_INTG.ACTIVEDIRECTORY],Unwiiling To Perform Error Encountered
Unwilling To Perform:[LDAP: error code 53 - 0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
DEBUG,18 Aug 2008 17:56:58,477,[XL_INTG.ACTIVEDIRECTORY],object deleted: cn=ALBU
Any idea what could be the cause ?
Thank You in advance
Hi,
Either its a SSL issue or some required attribute is not there for user creation.Please verify.
Regards
Nitesh
Similar Messages
-
Problem in provisioning user from oim to active directory using ssl
hi,
problem in provisioning user from oim to active directory using ssl i am getting following error while provisioning user to AD.
15:18:12,984 ERROR [ADCS] Communication Errorsimple bind failed: 172.16.30.35:636
15:18:12,984 ERROR [ADCS] The error occured in tcADUtilLDAPController::connectTo
AvailableAD():simple bind failed: 172.16.30.35:636
15:18:13,015 ERROR [SERVER] Class/Method: tcProperties/tcProperties encounter so
me problems: Must set a query before executing
com.thortech.xl.dataaccess.tcDataSetException: Must set a query before executing
at com.thortech.xl.dataaccess.tcDataSet.checkExecute(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.util.tcProperties.<init>(Unknown Source)
at com.thortech.xl.dataobj.util.tcProperties.initialize(Unknown Source)
at Thor.API.tcUtilityFactory.getLocalUtility(Unknown Source)
at Thor.API.tcUtilityFactory.getUtility(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.co
nnectToAvailableNextAD(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.se
archResultPageEnum(Unknown Source)
at com.thortech.xl.schedule.tasks.ADLookupRecon.performReconciliation(Un
known Source)
at com.thortech.xl.schedule.tasks.ADLookupReconTask.execute(Unknown Sour
ce)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionActi
on.run(Unknown Source)
at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown S
ource)
at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.j
ava:520)
can any one help.
Thanks and Regards,
praveen,Are you able to connect to AD over SSL through some LDAP Browser ?
Check the validity of Certificate ?
Does your certificate appear in the list ? -
Problem when Provisioning Users using EBS Connector (Enable SSO)
Hi expert,
We do provisioning users to EBS through EBS connector Version 9.1.0.4.0
Normally, we can provisioning users if we set value of SSO enable = NO,
but by the scope of this project,
We have to let EBS using Single sign-on by authentication from OID
so, we must set value of SSO enable = YES, this makes us cannot provisioning user to EBS.
the error log shown that it's about password but we do enter password already.
Thank,
Noraset
#### EBS IT Resource ####
SSO Enabled : Yes
SSO IT Resource : OID Users
SSO Identifier : orclGUID
SSO Login Attribute : uid
#### Error LOG ####
Running InitUtil
Running CreateUser
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <================= Start Stack Trace =======================>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <oracle.iam.connectors.ebs.usermgmt.integration.EBSUserManagementHelper : createEBSUser>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <Exception Occured>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <Description : ORA-20001: APP-FND-02600: Unable to create user BT005 due to the following reason(s):
Password must contain at least one letter and at least one number..
ORA-06512: at "APPS.APP_EXCEPTION", line 72
ORA-06512: at "APPS.FND_USER_PKG", line 869
ORA-06512: at "APPS.FND_USER_PKG", line 915
ORA-06512: at "APPS.FND_USER_PKG", line 1034
ORA-06512: at "APPS.OIM_FND_USER_PKG", line 40
ORA-06512: at line 1
>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <java.sql.SQLException: ORA-20001: APP-FND-02600: Unable to create user BT005 due to the following reason(s):
Password must contain at least one letter and at least one number..
ORA-06512: at "APPS.APP_EXCEPTION", line 72
ORA-06512: at "APPS.FND_USER_PKG", line 869
ORA-06512: at "APPS.FND_USER_PKG", line 915
ORA-06512: at "APPS.FND_USER_PKG", line 1034
ORA-06512: at "APPS.OIM_FND_USER_PKG", line 40
ORA-06512: at line 1
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:457)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:889)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:476)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:204)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:540)
at oracle.jdbc.driver.T4CCallableStatement.doOall8(T4CCallableStatement.java:213)
at oracle.jdbc.driver.T4CCallableStatement.executeForRows(T4CCallableStatement.java:1075)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1466)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3752)
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:3887)
at oracle.jdbc.driver.OracleCallableStatement.executeUpdate(OracleCallableStatement.java:9323)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeUpdate(OraclePreparedStatementWrapper.java:1508)
at oracle.iam.connectors.ebs.usermgmt.integration.EBSUserManagementHelper.createEBSUser(Unknown Source)
at oracle.iam.connectors.ebs.usermgmt.integration.EBSUserManagement.createUserHRF(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpEBSCREATEUSERHRMS.CREATEUSER(adpEBSCREATEUSERHRMS.java:269)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpEBSCREATEUSERHRMS.implementation(adpEBSCREATEUSERHRMS.java:105)
at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2917)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:547)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:235)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(tcFormInstanceOperationsBean.java:710)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(tcFormInstanceOperationsBean.java:425)
at Thor.API.Operations.tcFormInstanceOperationsIntfEJB.setProcessFormDatax(Unknown Source)
at sun.reflect.GeneratedMethodAccessor4098.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy727.setProcessFormDatax(Unknown Source)
at Thor.API.Operations.tcFormInstanceOperationsIntfEJB_h6wb8n_tcFormInstanceOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at Thor.API.Operations.tcFormInstanceOperationsIntfEJB_h6wb8n_tcFormInstanceOperationsIntfRemoteImpl.setProcessFormDatax(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy141.setProcessFormDatax(Unknown Source)
at sun.reflect.GeneratedMethodAccessor4096.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy723.setProcessFormDatax(Unknown Source)
at Thor.API.Operations.tcFormInstanceOperationsIntfDelegate.setProcessFormData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(DirectProvisionUserAction.java:2077)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(DirectProvisionUserAction.java:363)
at sun.reflect.GeneratedMethodAccessor3160.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:108)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(AccessController.java:310)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <================= End Stack Trace =======================>You can build your own db connector using jdbc and set the specific field in a separate provisioning task once the main provisioning is done.
Best regards
/Martin -
Can't Provision user from OIM to AD (manaul provis
can't Provision user from OIM to AD (manual provisioning ) failed with Error
the following is connector server log
==========================================
DateTime=2012-07-18T08:39:32.8713100Z
ConnectorServer.exe Error: 0 : System.ArgumentNullException: Value cannot be null.
Parameter name: Parameter 'uid' must not be null.
at Org.IdentityConnectors.Common.Assertions.NullCheck(Object o, String param)
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.ValidateInput(ObjectClass objclass, Uid uid, ICollection`1 attrs, Boolean isDelta) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1568
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.Update(ObjectClass objclass, Uid uid, ICollection`1 replaceAttributes, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1365
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
at ___proxy1.Update(ObjectClass , Uid , ICollection`1 , OperationOptions )
at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
DateTime=2012-07-18T08:39:37.8558126Z
1- iam using OIM 11.1.1.5 / applied patch p13704894_111150
2- this the target system LDAP on Windows Server 2008 R2 Entrprise version 6.1(7601) , Service Pack 1
3- and the connector server and connector version , activedirectory-11.1.1.5.0 , Connector_Server_111150
i noticed that for any user i create on OIM objectGUID is 0 , i can read groups and organizations from LDAP with no errors
please supportThis issue is coming because your object guid is not getting synchronized properly. Login to design console and open AD User form. Go to pre-populate tab. Open prepop adapter for User Principal name. Here bydefault IT resource name passed is Active Directory whereas you should have your IT server name which I think bydefault is AD Server. In the Mapto section select Process data and qualifier field will have AD server. Click on save button. Save your form.
Retry your test case now. This will resolve your problem.
regards,
GP -
Provisioning: Users from OIM to Active Directory
Dear Experts!
I am trying to setup provisionig from OIM to AD. I just want to provision Users from OIM to AD.
I am going through this documentation/tutorial:
http://download.oracle.com/docs/cd/E11223_01/doc.910/e11197/deploy.htm#insertedID0
i also read this:
http://www.oracle.com/technology/obe/fusion_middleware/im1014/oim/ad_provision/prov2ad.htm
But it just won't work. The provisioned resource get's always status rejected in the (To-Do List --> Open Tasks).
Then i tried to test the connection to AD using this documentation:
http://download.oracle.com/docs/cd/E11223_01/doc.910/e11197/testing.htm
And i get this error in the console:
http://img689.imageshack.us/img689/3190/errorq.png
The IT resource: ADITResource looks like this:
Remote Manager Prov Script Path:
Admin FQDN: [email protected]
Use SSL: no
Remote Manager Prov Lookup: AtMap.AD.RemoteScriptlookUp
Target Locale TimeZone: GMT
Port Number: +636+
AtMap ADUser: AtMap.AD
ADGroup LookUp Definition: Lookup.ADReconciliation.GroupLookup
isUserDeleteLeafNode: no
Allow Password Provisioning: no
UPN Domain: domain-test.local
AtMap ADGroup: AtMap.ADGroup
ADAM LockoutThreshold Value: +5+
isADAM: no
Admin Password: *********
Invert Display Name: no
Root Context: dc=domain-test,dc=local
Server Address: testing-server.domain-test.local
Could be the problem that i don't use SSL? I don't set Passwords in AD, i have read that then i don't need SSL...?
I am new to OIM, so your response is greatly appreciated!
Thank you very much in advance!Hello again Raj!
Thank you for your answer. You have always good ideas...
*1) Whats the response that you are getting from AD for this operation. Check this as following:*
Go to Users->UserABC->(Resource Profile from Drop down)->(Click your particular resource instance)->(Select the rejected task precisely "Create User")_
I get this on the Task Name - Create User:
Status:Rejected
Response: Please Select the Organization or Container Name from Organization Name Lookup
Response Description: Please Select the Organization or Container Name from Organization Name Lookup
But i can't get to populate the Organization Name on the user form, because there are no values available.
Under Error Details there is nothing.
*2) If your IT resource parameters are incorrect, you will get a connection error in logs. Your port information is correct, it has to be Port->389 and Use SSL-no*
I have created a new IT resource without SSL. Just to test the connection to AD. It works because I get “Successfully established connection to the AD_Test_without_SSL.”
Bellow is my NEW configuration for the IT Resource.
IT Resource Name:* AD_Test_without_SSL
IT Resource Type:* AD Server
ADAM LockoutThreshold Value:* 5
ADGroup LookUp Definition:* Lookup.ADReconciliation.GroupLookup
Admin FQDN:* [email protected]
Admin Password:* *********
Allow Password Provisioning:* no
AtMap ADGroup:* AtMap.ADGroup
AtMap ADUser:* AtMap.AD
Invert Display Name:* no
isADAM:* no
isUserDeleteLeafNode:* no
Port Number:* 389
Remote Manager Prov Lookup:* AtMap.AD.RemoteScriptlookUp
Remote Manager Prov Script Path:*
Root Context:* dc=domain-test,dc=local
Server Address:* testing-server.domain-test.local
Target Locale TimeZone:* GMT
UPN Domain:* domain-test.local
Use SSL:* no -
Unparseable Date when Provisioning User from OIM to EBS HR
Hi expert,
I'm integrating E-Business Application using 'Oracle EBS HR Foundation User Management Connector version 9.1.0.4.0
with OIM version 11.1.1.5.0 (plus BP06) and I also set value of 'Manage HR record' to 'Yes'.
While provisioning user to EBS. It has some error occur about 'Unparseable date: "2013-05-24 00:00:00" '
############ ERROR ###########
[OIMCP.EBSUM] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: da74dbf2fbfe8d95:7819efa0:13eca22628a:-8000-0000000000012282,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.ebs.usermgmt.integration.EBSUserManagement : updatePerson
[2013-05-24T09:50:36.911+07:00] [wls_oim1] [ERROR] [] [OIMCP.EBSUM] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: da74dbf2fbfe8d95:7819efa0:13eca22628a:-8000-0000000000012282,0] [APP: oim#11.1.1.3.0] Failed to create employee
[2013-05-24T09:50:36.912+07:00] [wls_oim1] [ERROR] [] [OIMCP.EBSUM] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: da74dbf2fbfe8d95:7819efa0:13eca22628a:-8000-0000000000012282,0] [APP: oim#11.1.1.3.0] Description : Unparseable date: "2013-05-24 00:00:00"
[2013-05-24T09:50:36.912+07:00] [wls_oim1] [ERROR] [] [OIMCP.EBSUM] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: da74dbf2fbfe8d95:7819efa0:13eca22628a:-8000-0000000000012282,0] [APP: oim#11.1.1.3.0] java.text.ParseException: Unparseable date: "2013-05-24 00:00:00"
May it has some bug?
Thanks
Noraset.Could you please write down what you have given in ITResource?
May be you are giving some wrong value in IT Resource.
Have you made chnages to OID Prov Lookup. If no check this link :
Re: Problem with OID Connector
And give a try ! -
How a not provisioned user can write in a forum into my OCS?
I explain you the problem. In Discussion Application i have created 4 Forums where 3 are only for provisioned users registered into my OCS and i would want to permit that people not registered can read a write topic into my 4th forum. I am the administrator and in the section setting i have setted this possibilty for my 4th forum. Now i would want to put in another site a link for this opened forum. What i have to do? In which kind not registered users can see my forum?
Please help me. Bye GeorgeHi George,
As far as I know there is no way to "pass in" user credentials to SSO in the URL. The URL you provide will just be for the discussions application(/discussions/app for example) and users will be automatically redirected to login to SSO first. What I meant by "distribute the username/credentials along with the URL" was that you'd have to describe to users how they'd go about logging into the discussions applications through SSO using the guest user and the password which you'll have to supply to them.
Please bear in mind that once users are given the credentials for the guest user that they will be able to login to other applications as well. For example, the users will be able to login to the Mail application and send e-mails. Also, depending on Workspaces settings they may be able to create new workspaces, lookup other users in the system and invite others to join the workspace, etc.
So essentially the implication is that there are other consequences that you must keep in mind when deciding to give out the credentials to the user. In general, given these security concerns, I wouldn't recommend distributing the username and password of any user to anyone.
Regards,
Dave -
Unable to provision users in OIM 11.1.1.3 using DBUM connector 9.1.0.4.
Hi,
I installed OIM 11.1.1.3 and i am able to access it.
Now i am trying to provision an user to a database table using "User Database Management connector". I worked on it by using version 9.1.0.4, but i failed to provision the users.
I am getting an error message that "Error occurs while initializing parameters in initutil".
Can anybody please help me how to solve this issue.
Thanks,
SRI.Thank you for your reply.
I am trying to test for provisioning users, could you please suggest me the version for the AD or any other connector that is used to deploy with the OIM 11.1.1.3.
Thanks,
SRI.
Edited by: Sri Kishore on Aug 25, 2010 11:29 PM -
Provisioning user to AD failing after upgrading AD Connector
Hello,
I am facing issue while provisioning user to AD after i upgraded AD connector from 9.1.1.5 to 9.1.1.7, upgradtion successfull message was shown & when i tried to provision a user to AD it shows CreateUser task is rejected & following is the response shown
Response: com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks.createADorADAMUser(java.lang.String, bool
Response Description: Unknown response received .
Error Details
Setting task status... "com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks.createADorADAMUser(java.lang.String, bool" does not correspond to a known Response Code. Using "UNKNOWN".
Above response means its not able to find CreateAD which creates user in AD ?
Thanks,
Rahul
Edited by: Rahul Shah on Jun 12, 2012 9:52 PM1- Follow the Postupgrade Steps mentioned in the connector documentation.
2- Check if connector has been upgraded successfully and also verify active version from OIM Database table - CIH
3- Check the jar file modified date in OIM database table i.e. oimhome_jars; it should be same as connector modified date in DB table CIH.
4- Modified date in previous step is not correct then upload the jar file using Uploadjar utility available under <Middleware>/Oracle_IDM1/server/bin/
5- Restart OIM and test the provisioning.
Thanks,
Hardew -
Error on writing a connector using WSIF to provision users.
Hello All,
I am writing a connector to provision users using WSIF. Everything works great through my IDE (eclipse on Windows XP), but when I drop the jar, map the adapter (using OIM 9.0.3, RH4, and weblogic 8.1 SP6) and invoke a process task I get the following error:
The WSIFDefaultMapper class exists in the wsif.jar file and as far as I can tell, only one instance of that class file exists (did a grep on all jar files).
Any pointers will be appreciated.
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
Caused by: org.apache.wsif.WSIFException: Unable to create new mapper; nested exception is:
java.lang.ClassNotFoundException: org.apache.wsif.mapping.WSIFDefaultMapper
at org.apache.wsif.mapping.WSIFMapperFactory.newMapper(WSIFMapperFactory.java:107)
at org.apache.wsif.mapping.WSIFMapperFactory.newMapper(WSIFMapperFactory.java:52)
at org.apache.wsif.base.WSIFServiceImpl.overrideMapper(WSIFServiceImpl.java:1106)
at org.apache.wsif.base.WSIFServiceImpl.init(WSIFServiceImpl.java:938)
at org.apache.wsif.base.WSIFServiceImpl.<init>(WSIFServiceImpl.java:299)
at org.apache.wsif.base.WSIFServiceFactoryImpl.getService(WSIFServiceFactoryImpl.java:274)
at com.netapp.webservice.DynamicInvoker.invokeMethod(DynamicInvoker.java:213)
at com.netapp.webservice.DynamicInvoker.WSIF(DynamicInvoker.java:130)
... 56 more
Caused by: java.lang.ClassNotFoundException: org.apache.wsif.mapping.WSIFDefaultMapper
at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:199)
at weblogic.utils.classloaders.ChangeAwareClassLoader.findClass(ChangeAwareClassLoader.java:61)
at java.lang.ClassLoader.loadClass(ClassLoader.java:289)
at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
at weblogic.utils.classloaders.GenericClassLoader.loadClass(GenericClassLoader.java:224)
at weblogic.utils.classloaders.ChangeAwareClassLoader.loadClass(ChangeAwareClassLoader.java:41)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:219)
at org.apache.wsif.mapping.WSIFMapperFactory.newMapper(WSIFMapperFactory.java:100)
... 63 more
com.thortech.xl.dataobj.util.tcAdapterTaskException: Unable to create new mapper; nested exception is:
java.lang.ClassNotFoundException: org.apache.wsif.mapping.WSIFDefaultMapper
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpNTAPSERVICENOW.INSERT(adpNTAPSERVICENOW.java:108)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpNTAPSERVICENOW.implementation(adpNTAPSERVICENOW.java:50)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
Thanks,
Sunny
Edited by: user11989584 on Dec 1, 2009 4:36 PMI have narrowed this down to the following (some of this is a repetition, I am copying and pasting my post from a WSIF forum):
I am using wsif wsif-2.0.1_IB3 to connect to a webservice to create user accounts. Everything works great in Eclipse.
When I deployed my jars (application jars, wsif and dependencies) to weblogic 8.1 sp6 and generate a task through OIM that calls this adapter, I run into the following error:
org.apache.wsif.WSIFException: Unable to create new mapper; nested exception is:
java.lang.ClassNotFoundException: org.apache.wsif.mapping.WSIFDefaultMapper
Caused by: java.lang.ClassNotFoundException: org.apache.wsif.mapping.WSIFDefaultMapper
at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:199)
at weblogic.utils.classloaders.ChangeAwareClassLoader.findClass(ChangeAwareClassLoader.java:61)
at java.lang.ClassLoader.loadClass(ClassLoader.java:289)
at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
at weblogic.utils.classloaders.GenericClassLoader.loadClass(GenericClassLoader.java:224)
at weblogic.utils.classloaders.ChangeAwareClassLoader.loadClass(ChangeAwareClassLoader.java:41)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:219)
at org.apache.wsif.mapping.WSIFMapperFactory.newMapper(WSIFMapperFactory.java:100)
The WSIFMapperFactory.class exists in wsif.jar file and makes a call to newMapper but is unable to load org.apache.wsif.mapping.WSIFDefaultMapper that is in the same wsif.jar file.
public static WSIFMapper newMapper() throws WSIFException {
return newMapper(false);
The line that it fails on is Class c = Class.forName(mapperClassNameBuffer.toString(), true, Thread.currentThread().getContextClassLoader());
from the following code snippet in WSIFMapperFactory.class file
try {
Class c =
Class.forName(
mapperClassNameBuffer.toString(),
true,
Thread.currentThread().getContextClassLoader());
return (WSIFMapper) c.newInstance();
} catch (ClassNotFoundException cnf) {
throw new WSIFException("Unable to create new mapper", cnf);
} catch (Exception e) {
throw new WSIFException("Unable to create new mapper", e);
Any ideas on how to fix this?
I modified some of the WSIF code to try using the following:
Class c = Thread.currentThread().getContextClassLoader().loadClass(mapperClassNameBuffer.toString()); but it had the same effect.
Again, the same code path works great standalone in Eclipse.
Any help/pointers would be appreciated. -
Video on skype not working. Only functioning in facetime and photo booth. Seems to be a common problem amongst users having bought a new macbook air recently. When you go to Preference and click on audio/video item video works but when clicking on another menue and returning to audio/videio picture is gone. Understand has something to do with a recent update von Apple (10.8.5... missing file for 32 bit version).
Anybody there to give me an advice?
Thanks.Wait until a fix is available from Apple or Skype.
Best. -
Problem with user-defined functions in XQuery String
hello
i've a problem with user-defined functions in XQuery String
details are here (the code is not Human-readable via forum's embedded editor ?? strange)
http://docs.google.com/Doc?id=ddqwddsr_21c96d9x
thanks !!See
michaels> select xmlquery('declare function local:test_function($namecmp as xs:string?, $inputtype as xs:string?) as xs:string?
return {$inputtype}
local:test_function("1","2")' returning content) o from dual
Error at line 5
ORA-19114: error during parsing the XQuery expression:
LPX-00801: XQuery syntax error at '{'
3 return {$inputtype}
- ^
michaels> select xmlquery('declare function local:test_function($namecmp as xs:string?, $inputtype as xs:string?) as xs:string?
$inputtype
local:test_function("1","2")' returning content) o from dual
O
2
1 row selected. -
Best way to provision users in LDAP on a schedule?
Hi,
I am trying to work out the best way to automatically create users in an LDAP resource. the sceanrio is as follows:
I have an authorititive directory from which I wish to pull users into IDM which is under my control. I have another directory which I want to provision users to. It does not have a changelog - I'm not sure that active synch will work? This directory is not under my control so I can't simply add one.
I want to update the list of IDM users nightly from the authorititive directory then push the changes to the other directory.
I read on here about per-account workflows, I have 10k accounts at present, but this is likely to grow quickly, so I guess that has to be ruled out on performance grounds?
Can anyone suggest a way to create users in the remote directory. could I have a workflow which iterates through all the IDM users and provisions an account if it doesn't exist? how would I configure and schedule this?
Thanks for your help,
Toby.
Edited by: Toby.ORourke on Jan 7, 2008 1:48 PMYou stated, "This directory is not under my control so I can't simply add one", can you expand on this? Do you not have an account to connect to this directory? Do you not have a resource adaptor for this directory? If you do not have a resource adaptor you will have difficulties connecting via sim, it is not impossible. You can connect to and ldap directory using the jndi api in java.
Your questions are of a larger design question that I feel might be out of context for this forum based on business rules we cannot answer. -
Error on Synchronizing Users With the Provision Users Utility
Im using ProvisionUsers.sh to realize the provision users from linux console....
The process is retreiving an error.... the error says Error retreiving user by identity Embedded HBR initialized , I dont know what does this error means....
Anybody??That is not an error it is just a warning message, it occurs most of the time.
You probably need to check the other logs that are generated after running the utility.
Cheers
John
http://john-goodwin.blogspot.com/ -
Question on LDAPSync Post Enable Provision Users to LDAP task
Hi All,
Can you please clarify my doubt on
I created a user "testaccount" in OIM and via ldapsync, it gets created in OID.
Now, I manaully deleted that user "testaccount" in OID and wants to recreate the user account again in OID. Will this schedule task "LDAPSync Post Enable Provision Users to LDAP" solve my purpose or not?
Regards,
SunnyI would not expect the account to be re-created. As far as OIM concerned it is in OID, as it was reconciled from OID, and OIM has a record of it's DN and GUID. If OIM later sees the account as disappeared it just treats this as an operation error, and does not update itself to say the account is deleted.
Have you run the LDAP Sync user deletion reconciliation job? If so it should have deleted the user in OIM. You can then create a new user with the same name (but different logon unless you set the system property to allow logon re-use), to create a new OID account.
If you do want to create the same user in OID without deleting and recreating the OIM user, via this post-create scheduled it is possible, but involves messing about with the OIM user record in the database to cleat out its old DN and GUID. In that way OIM thinks the user is not in LDAP and should try to recreate.
Maybe you are looking for
-
I have had e72 for about 2 years in Canada (contract with Telus) I hve just moved to Brazil and would like to use the e72 here. But i find it will not accept the local SIM card. Telus canada have told me they are unable to unblock the phone - or even
-
I have lost the box on the top part of the Firefox page where one types in a URL. Along with that, I have no back or forward buttons. Help please == This happened == Just once or twice == tonight
-
Where can I get additional loops for garage band
I have been limited in the groves in the drum beats and grooves that came with Garage Band 11, I would like to add addional loops. How does one go about useing loops THAT WORK SEMELESSLY WITH GB jojoguitar
-
Get server instance name without deploying weblogic.jar to client
I use wlclient.jar with my client. Using weblogic.jar instead causes the size of the deployment package of my client to go from 4 meg to 34 meg (roughly). I don't want full MBean functionality, all I want to do is find out what the server instance na
-
Replacing TRANSLATE with CL_ABAP_CONV_OUT_CE
Hi Gurus, I'm working on a 4.7 version of SAP that is soon to be unicode compatible. After running UCCHECK I came accross a couple of statements I need a litle help with. The first statement is - TRANSLATE <data> to code page '1100'. which I replaced