Provision user to a resource when a LDAP attribute is set to true by active

HI,
I have the following requirement
When a particular attribute in LDAP is set to true then we have to pick it by the active sync process and provision the user in another resource.
Can any one let me know how to go about this.

I'd do it like this:
Create a business role "SomeRole" that includes an IT-Role that includes the target resource.
In the activeSync form, assign this role depending on the LDAP attribute:
<Field name='waveset.roles'>
<Expansion>
    <cond>
      <eq>
        <ref>accounts[LDAP].thisParticularAttribute</ref>
        <s>true</s>
      </eq>
     <s>SomeRole</s> 
     <ref>waveset.roles</ref>
    </cond>
</Expansion>
</Field>

Similar Messages

Error while provisioning user into Oracle resource

I wrote a custom oracle resource adapter and an trying to create a new user and assign this user to the resource. I get the following error when I save the user account. "com.waveset.util.WavesetException: An error occurred connecting to resource "
I can however successfully test connection to this resource from the resources tab. Please help me figure what the issue can be.
Thanks,
Prithi Narasimhan.

Hi Prithi
Can you please send me your code so that I can test it and give you the exact reason for your failure.
But I feel if your test connection is successful I dont think you should have any problem try with different userid , password and Database. Hope it works.
Regards
Gajendra Nagapurkar

InputText renders as just text when readOnly set to true

Apparently when a <af:inputText> component's readOnly attribute is set to true, the component renders as plain text rather than a text box whose readOnly attribute is set to true. Oracle's ADF tag definition site makes no mention of this 'feature' (http://www.oracle.com/technology/products/jdev/htdocs/partners/addins/exchange/jsf/doc/tagdoc/core/inputText.html) but I remember reading it somewhere, I believe in some of the documents that came with an ADF faces download.
And if I had not happened to come across this information somewhere, I would otherwise think this was a bug. But either way, I don't think this is the way it should perform. If I specify a field on a page to be inputText, I expect it to be a text box, regardless of whether I want it readOnly or not. I think its a bad assumption on ADF's part to completely change the rendering of the component.
I want to render text inside a textbox on a page, but make it read only. And I am using it within the confines of a <af:forEach> so I am using the var parameter, and thus am forced to use Oracle's components so the forEach var parameter is recognized. So it appears to me I cannot render the field how I want. I dont see any other Oracle components to render this.
Is this going to be changed or is there a way to submit something to Oracle to have this addressed?

FYI...if I use the disabled attribute instead, thankfully the component still renders as a textbox. Obviously it renders grayed out, but at least I still get a textbox with text in it.
But the readOnly attribute still, I feel, performs badly. So my question still stands, are there plans to change it or can it be addressed? Maybe when Apache takes full control of the library, it will be changed...

Provisioning a user with a resource automatically doesn't work!!

Hi Experts – IHAC trying to configure OIM to provisioning a user with a resource automatically (via OID connector).
As reviewed, the membership rules (rules designer) and access policies already configured with correct param. So I would say everything should work fine.
But when they create a new user with proper attribute. The resource didn’t perform an automate process as expected.
In the log file show only 2 lines of error message.
<Apr 25, 2013 2:49:46 PM ICT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
<Apr 25, 2013 2:49:47 PM ICT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
However, manual add resource works well.
Environment Info:
- OIM 11gR1 (BP6)
- OID Connector 9.1
- AIX 7.1
Is this consider as bug on AIX platform ? Or any inputs would appreciated.

Just check if the rule satisfy, user is getting the role.
--Hari

Best way to provision users in LDAP on a schedule?

Hi,
I am trying to work out the best way to automatically create users in an LDAP resource. the sceanrio is as follows:
I have an authorititive directory from which I wish to pull users into IDM which is under my control. I have another directory which I want to provision users to. It does not have a changelog - I'm not sure that active synch will work? This directory is not under my control so I can't simply add one.
I want to update the list of IDM users nightly from the authorititive directory then push the changes to the other directory.
I read on here about per-account workflows, I have 10k accounts at present, but this is likely to grow quickly, so I guess that has to be ruled out on performance grounds?
Can anyone suggest a way to create users in the remote directory. could I have a workflow which iterates through all the IDM users and provisions an account if it doesn't exist? how would I configure and schedule this?
Thanks for your help,
Toby.
Edited by: Toby.ORourke on Jan 7, 2008 1:48 PM

You stated, "This directory is not under my control so I can't simply add one", can you expand on this? Do you not have an account to connect to this directory? Do you not have a resource adaptor for this directory? If you do not have a resource adaptor you will have difficulties connecting via sim, it is not impossible. You can connect to and ldap directory using the jndi api in java.
Your questions are of a larger design question that I feel might be out of context for this forum based on business rules we cannot answer.

Removing the Auto disable of a resource when user is disabled

Hi All,
We have a few resources a user may have that when the user is disabled in OIM we want those hand full of resource to stay Enabled/Provisioned.
I tried renaming the disable task. didn't work (Get an error). I tried setting No Effect on the process task and well, no effect still get an error.
Thanx.
Fred

I might be wrong about this but aren't what task get called on a disable controlled by the disable effect? This would logically mean that the name of the task doesn't matter?
Fred: I have seen cases where the design tool simply doesn't want to take an update. Sometimes it helps restarting the app server, other times I had to go into the database tables and fix the problem by deleting the offending row. Not elegant but I couldn't figure out any other way to do it.
Good luck
/Martin

Unparseable Date when Provisioning User from OIM to EBS HR

Hi expert,
I'm integrating E-Business Application using 'Oracle EBS HR Foundation User Management Connector version 9.1.0.4.0
with OIM version 11.1.1.5.0 (plus BP06) and I also set value of 'Manage HR record' to 'Yes'.
While provisioning user to EBS. It has some error occur about 'Unparseable date: "2013-05-24 00:00:00" '
############ ERROR ###########
[OIMCP.EBSUM] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: da74dbf2fbfe8d95:7819efa0:13eca22628a:-8000-0000000000012282,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.ebs.usermgmt.integration.EBSUserManagement : updatePerson
[2013-05-24T09:50:36.911+07:00] [wls_oim1] [ERROR] [] [OIMCP.EBSUM] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: da74dbf2fbfe8d95:7819efa0:13eca22628a:-8000-0000000000012282,0] [APP: oim#11.1.1.3.0] Failed to create employee
[2013-05-24T09:50:36.912+07:00] [wls_oim1] [ERROR] [] [OIMCP.EBSUM] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: da74dbf2fbfe8d95:7819efa0:13eca22628a:-8000-0000000000012282,0] [APP: oim#11.1.1.3.0] Description : Unparseable date: "2013-05-24 00:00:00"
[2013-05-24T09:50:36.912+07:00] [wls_oim1] [ERROR] [] [OIMCP.EBSUM] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: da74dbf2fbfe8d95:7819efa0:13eca22628a:-8000-0000000000012282,0] [APP: oim#11.1.1.3.0] java.text.ParseException: Unparseable date: "2013-05-24 00:00:00"
May it has some bug?
Thanks
Noraset.

Could you please write down what you have given in ITResource?
May be you are giving some wrong value in IT Resource.
Have you made chnages to OID Prov Lookup. If no check this link :
Re: Problem with OID Connector
And give a try !

Problem when Provisioning Users using EBS Connector (Enable SSO)

Hi expert,
We do provisioning users to EBS through EBS connector Version 9.1.0.4.0
Normally, we can provisioning users if we set value of SSO enable = NO,
but by the scope of this project,
We have to let EBS using Single sign-on by authentication from OID
so, we must set value of SSO enable = YES, this makes us cannot provisioning user to EBS.
the error log shown that it's about password but we do enter password already.
Thank,
Noraset
#### EBS IT Resource ####
SSO Enabled      : Yes
SSO IT Resource : OID Users
SSO Identifier      : orclGUID
SSO Login Attribute :      uid
#### Error LOG ####
Running InitUtil
Running CreateUser
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <================= Start Stack Trace =======================>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <oracle.iam.connectors.ebs.usermgmt.integration.EBSUserManagementHelper : createEBSUser>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <Exception Occured>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <Description : ORA-20001: APP-FND-02600: Unable to create user BT005 due to the following reason(s):
Password must contain at least one letter and at least one number..
ORA-06512: at "APPS.APP_EXCEPTION", line 72
ORA-06512: at "APPS.FND_USER_PKG", line 869
ORA-06512: at "APPS.FND_USER_PKG", line 915
ORA-06512: at "APPS.FND_USER_PKG", line 1034
ORA-06512: at "APPS.OIM_FND_USER_PKG", line 40
ORA-06512: at line 1
>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <java.sql.SQLException: ORA-20001: APP-FND-02600: Unable to create user BT005 due to the following reason(s):
Password must contain at least one letter and at least one number..
ORA-06512: at "APPS.APP_EXCEPTION", line 72
ORA-06512: at "APPS.FND_USER_PKG", line 869
ORA-06512: at "APPS.FND_USER_PKG", line 915
ORA-06512: at "APPS.FND_USER_PKG", line 1034
ORA-06512: at "APPS.OIM_FND_USER_PKG", line 40
ORA-06512: at line 1
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:457)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:889)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:476)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:204)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:540)
at oracle.jdbc.driver.T4CCallableStatement.doOall8(T4CCallableStatement.java:213)
at oracle.jdbc.driver.T4CCallableStatement.executeForRows(T4CCallableStatement.java:1075)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1466)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3752)
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:3887)
at oracle.jdbc.driver.OracleCallableStatement.executeUpdate(OracleCallableStatement.java:9323)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeUpdate(OraclePreparedStatementWrapper.java:1508)
at oracle.iam.connectors.ebs.usermgmt.integration.EBSUserManagementHelper.createEBSUser(Unknown Source)
at oracle.iam.connectors.ebs.usermgmt.integration.EBSUserManagement.createUserHRF(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpEBSCREATEUSERHRMS.CREATEUSER(adpEBSCREATEUSERHRMS.java:269)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpEBSCREATEUSERHRMS.implementation(adpEBSCREATEUSERHRMS.java:105)
at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2917)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:547)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:235)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(tcFormInstanceOperationsBean.java:710)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(tcFormInstanceOperationsBean.java:425)
at Thor.API.Operations.tcFormInstanceOperationsIntfEJB.setProcessFormDatax(Unknown Source)
at sun.reflect.GeneratedMethodAccessor4098.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy727.setProcessFormDatax(Unknown Source)
at Thor.API.Operations.tcFormInstanceOperationsIntfEJB_h6wb8n_tcFormInstanceOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at Thor.API.Operations.tcFormInstanceOperationsIntfEJB_h6wb8n_tcFormInstanceOperationsIntfRemoteImpl.setProcessFormDatax(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy141.setProcessFormDatax(Unknown Source)
at sun.reflect.GeneratedMethodAccessor4096.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy723.setProcessFormDatax(Unknown Source)
at Thor.API.Operations.tcFormInstanceOperationsIntfDelegate.setProcessFormData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(DirectProvisionUserAction.java:2077)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(DirectProvisionUserAction.java:363)
at sun.reflect.GeneratedMethodAccessor3160.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:108)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(AccessController.java:310)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <================= End Stack Trace =======================>

You can build your own db connector using jdbc and set the specific field in a separate provisioning task once the main provisioning is done.
Best regards
/Martin

Resource deleted, but user still has resource linked when viewed in debug

Hi all,
I'm facing an issue on unlinking user accounts on a deleted resource. I deleted a resource from the Resource Action tab but still able to see the resource linked to users from the Debug page. I tried to search for users under the Find Users tab, but the resource doesn't appear in the list for selected resource. I looked at the debug page for users on that resource and the resource still shows up under the <Services> and <ResourceInfo> tags.
Can anyone share their expertise/solution on how to rectify this? Do I have to do a bulk action of unlink to unlink/unassign the resource from the user and if so what would be the command?
Your help is much appreciated. Thank you!

I feel there is no need to refresh each and every object just for this.... as and when there would be any operation on the user object the unwanted references would go away...
Still if you want to to do it then you can use the refresh users (search the forum). I know there is one simple XML which you can execute from the lh console or there is also a workflow which you can run to do the job...

Question on LDAPSync Post Enable Provision Users to LDAP task

Hi All,
Can you please clarify my doubt on
I created a user "testaccount" in OIM and via ldapsync, it gets created in OID.
Now, I manaully deleted that user "testaccount" in OID and wants to recreate the user account again in OID. Will this schedule task "LDAPSync Post Enable Provision Users to LDAP" solve my purpose or not?
Regards,
Sunny

I would not expect the account to be re-created. As far as OIM concerned it is in OID, as it was reconciled from OID, and OIM has a record of it's DN and GUID. If OIM later sees the account as disappeared it just treats this as an operation error, and does not update itself to say the account is deleted.
Have you run the LDAP Sync user deletion reconciliation job? If so it should have deleted the user in OIM. You can then create a new user with the same name (but different logon unless you set the system property to allow logon re-use), to create a new OID account.
If you do want to create the same user in OID without deleting and recreating the OIM user, via this post-create scheduled it is possible, but involves messing about with the OIM user record in the database to cleat out its old DN and GUID. In that way OIM thinks the user is not in LDAP and should try to recreate.

How to create user in local datasource when UME is already switched to LDAP

HI,
Info : I have portal ( NW 700), recently i switched the datasource of portal to LDAP from local datasource.
issue: if i create user in portal it get created in LDAP, i want create few users in Local datasource.
how to create user in local datasource when UME is already switched to LDAP?
one solution is change the ume back to local datasource > create user > then switch back to LDAP.
do you know any other sol?
Regards
Shridhar Gowda

Please let me know the Datasource file name .. i.e. the .xml filename.
try to analyze this name and see whether you get a solution or post it here.
Reward points if helpful -

Can't Provision user from OIM to AD (manaul provis

can't Provision user from OIM to AD (manual provisioning ) failed with Error
the following is connector server log
==========================================
DateTime=2012-07-18T08:39:32.8713100Z
ConnectorServer.exe Error: 0 : System.ArgumentNullException: Value cannot be null.
Parameter name: Parameter 'uid' must not be null.
at Org.IdentityConnectors.Common.Assertions.NullCheck(Object o, String param)
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.ValidateInput(ObjectClass objclass, Uid uid, ICollection`1 attrs, Boolean isDelta) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1568
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.Update(ObjectClass objclass, Uid uid, ICollection`1 replaceAttributes, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1365
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
at ___proxy1.Update(ObjectClass , Uid , ICollection`1 , OperationOptions )
at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
DateTime=2012-07-18T08:39:37.8558126Z
1- iam using OIM 11.1.1.5 / applied patch p13704894_111150
2- this the target system LDAP on Windows Server 2008 R2 Entrprise version 6.1(7601) , Service Pack 1
3- and the connector server and connector version , activedirectory-11.1.1.5.0 , Connector_Server_111150
i noticed that for any user i create on OIM objectGUID is 0 , i can read groups and organizations from LDAP with no errors
please support

This issue is coming because your object guid is not getting synchronized properly. Login to design console and open AD User form. Go to pre-populate tab. Open prepop adapter for User Principal name. Here bydefault IT resource name passed is Active Directory whereas you should have your IT server name which I think bydefault is AD Server. In the Mapto section select Process data and qualifier field will have AD server. Click on save button. Save your form.
Retry your test case now. This will resolve your problem.
regards,
GP

End User Update My Resources - Parallelizing multiple requests

Hi,
I'm working on the following issue: when a user requests accounts on more than one resource, these are created only when all approvers have accepted the request for his own resource.
How can I modify the WorkFlow so if the approver "A" for "resource A" has accepted the request and approver "B" not yet, the account in "resource A" is created?
Anyone had the same problem?
Thanks a lot.
O

Hello.
Short answer is 'yes', you can do this with IdM.
Longer answer is that you basically will be doing a little digging, unless someone has a code sample to send to you. The default approach (ref: configuration object type: Provisioning Task; configuration object name: Create User) is to do Approvals in Activity #2 and then do Provisioning in Activity #3. It uses the sub-process "Lighthouse Approvals" to collect approvals (role, resource, organization, etc.) and uses the sub-process "Provision" to do the provisioning.
I've not done what you want to do, but it seems that you need to collect any pre-provision approvals (i.e. not related to resources) and then after that, either do an OR-split or set-up an iteration to iterate over resources, invoking a sub-process that would do the final resource-specific approvals and then the resource-specific provisioning.
So the approval piece is pretty straight-forward. The more complicated part (from what I can tell), is the provisioning action. By default, the Create User will basically build a User View and then create a new user from that User View. What you want to do is 'divide' up the User View by resource, so that maybe the 1st Resource approved creates the IdM virtual account and provisions the 1st Resource account, the 2nd Resource to-be approved creates the 2nd Resource account and updates the virtual account (with the reference to the 2nd account), etc. So this will likely require some view manipulation.
Since an OR-split is effectively a hard-coded series of paths to follow, I'd think you'd want to build a sub-process to do the approval / audit / provision for "this" resource account and then iterate over the waveset.resources in the Create User W/F, invoking your custom sub-process for each resource. If you design this sub-process correctly, it should work for any resource.
Sorry for the long-winded and non-detailed response. I just haven't done this myself. Maybe others have and can share their design.

Enabling update for provisioned user in OIM11g

Hi...
To update a field(email id) of a provisioned user have got to know the following steps.
1. Change the OIM Profile email id and save the User form
2. OIM then checks against the Lookup.USR_PROCESS_TRIGGERS lookup for a task name that is mapped to the Email field - typically "Change Email"
3. Add a task in target system provisioning process name as "Change Email".
4. Now Write a code using OIM API which will update the Email field of target system provisioning process form with new Email id.
5. Attach this adapter in Change Email" task.
6. Then when the process form is updated that triggers a process task to update the Email for that given resource - "Update Email"
Can i know which APIs are to be used for step 4 so that updation can take place from OIM to target system process form.
Thanks.

Amruta Agarwal wrote:
Hi...
To update a field(email id) of a provisioned user have got to know the following steps.
1. Change the OIM Profile email id and save the User form
2. OIM then checks against the Lookup.USR_PROCESS_TRIGGERS lookup for a task name that is mapped to the Email field - typically "Change Email"
3. Add a task in target system provisioning process name as "Change Email".
4. Now Write a code using OIM API which will update the Email field of target system provisioning process form with new Email id.
5. Attach this adapter in Change Email" task.
6. Then when the process form is updated that triggers a process task to update the Email for that given resource - "Update Email"
Can i know which APIs are to be used for step 4 so that updation can take place from OIM to target system process form.
Thanks.Just a copy adapter which reads the data from user profile and copies it to process form field.
Steps from from Oracle:
1) Suppose one created a UDF: UDF USR_UDF_BUS_PHONE for phone number called 'Business Phone Number' on the Users User Defined Field Form in Design Console
2) Then double click on "Lookup Definition" under the Administration tree of Design Console and query for this "Lookup.USR_PROCESS_TRIGGERS" code.
3) Add "Lookup Code Information" like this.
i) Enter the UDF column created in step 1 for Code Key as USR_UDF_BUS_PHONE
ii) Enter the word 'Change' without the quotes followed by the field name of the UDF column created in Decode column. So in this case the Decode is 'Change Business Phone Number' without the quotes
iii) Language: en
iv) Country: US
4) Then create one adapter of type process task
i) Move to Variable List tab and create a variable "var1" Resolve at run time.
ii) Add logic task -> SET VARIABLE and click on continue
iii) In Add Set Variable Task Parameter dialog, select Adapter return value in variable name drop down, Operand Type as Variable, Operand Qualifier ->"var1" created in 4i).
5) Add one process task under the Resource Object's Process Definition in Design Console named 'Change Business Phone Number' without the quotes. Note: The task name should be
exactly same as Decode value in lookup definitions and then make it conditional and also check "Allow Multiple Instances".
6) In "Integration" tab of task add adapter you have created in 4) and then map the adapter variables.
i) Map Adapter Return Variable to Process Data and then select the process form field (Example: UD_ADUSER_PHONE) which you want to update with the user's Business Telephone USR_UDF_BUS_PHONE field.
ii) Then map the other adapter variable to User Definition -> map with user's Business Telephone USR_UDF_BUS_PHONE field.
Result: Now when user's Business Telephone is update, the Change Business Telephone will get triggered in and inserted for this resource and copy the change from user profile to the process form. If the connector already has the 'Business Telephone Updated' Process Task in the Process definition which has an adapter to update the target then because of the update to the Business Telephone in the process form, the 'Business Telephone Updated' task will be triggered and target will also get updated with the new change.
HTH,
BB
Edited by: bbagaria on Sep 5, 2011 10:44 AM

Provisioning users to AD groups in OIM 11gR2

I could use some advice on how to resolve this issue I am having.
Using the Active Directory connector (11.1.1.5) in our OIM 11gR2 development environment I can successfully provision OIM users to our AD resource. I have successfully run the org and group lookup recons, and provisioned users do go into the correction ou in AD.
However when I select which groups a user should be a member of in the ADUSERC child form (via the lookup), the user is not provisioned with the correct group membership in AD.
A separate issue is how to map the objectClass in AD in the ProvAttrMap; could anyone point me in the direction of how to go about that?
Thanks

The ObjectClass should be configured in this lookup Lookup.Configuration.ActiveDirectory
Check below
http://docs.oracle.com/cd/E22999_01/doc.111/e20347/extnd_func.htm#sthref221
4.6 Configuring the Connector for User-Defined Object Classes

Provision user to a resource when a LDAP attribute is set to true by active

Similar Messages

Maybe you are looking for