Provisioning of Groups in CUP
Hi
I am trying to use default roles funtionality in CUP and I have mapped Groups for my Portal system.
but it error's out .
did anyone
1. try provsioing Groups via CUP
2.did any one use Default role fucntionality to pick groups up for certian requests etc?
Best Regards
Gerry
We tried provisioning portal groups and was able to provision, but not to delete. We have since reverted to a manual process because there were too many issues. You should be able to find my posts here with a search.
thanks,
Peggy
Similar Messages
-
Provisioning EP roles and user groups through CUP
Hello experts,
I am configuring EP provisioning through CUP.
I created the EP connector as per the instructions in the config guide. But I have not added any parameter values or did any field mapping. I have imported necessary Portal roles.
My EP connector is tested successful. But when I try to provision a role through CUP, I get this error:
Error processing your request, Request no: 4 in stage : NEW_AS11.
In the log it shows, Field Mapping is not set for Application (EP)
But when I go to field mapping, I get this error for EP.
Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
I could not find much documentation on fieldmapping.
Are there any steps that I am missing for EP provisioning?
Thanks in advance..
KeeThanks for your response.
I have set up the parameters while setting up the EP connector in CUP.
My role search URI is correct but I am not sure about the last three parameters...
ASSIGN_GROUPS:OC sapgroup
ASSIGN_ROLES:OC saprole
CHANGE_USER:OC sapuser
CREATE_USER:OC sapuser
CREATE_USER:password password
DELETE_USER:OC sapuser
LOCK_USER:OC sapuser
LOCK_USER:islocked true
RESET_PASSWORD:OC sapuser
RESET_PASSWORD:password password
ROLESEARCH_URI - http://portalserver name:port number/UserRoleSearchForAEService_5_3/Config1?wsdl&style=document
ROLESEARCH_URI_USERNAME - same user Id I provided for the connector
ROLESEARCH_URI_PASSWORD See your system administrator for the value.
UNLOCK_USER:OC Sapuser
UNLOCK_USER:islocked false
ROLE_DATA_SOURCE -- ROLE.UME_ROLE_PERSISTENCE.un: ??? What is the role data source?? Is the value that is provided is correct for the UME roles
SCHEMA_ID SAPprincipals ?? What does this Schema Id mean???
USER_DATA_SOURCE ???? Should we mention the user data source on the Portal system. In our case, it is the LDAP. But what would be the corresponding parameter value for LDAP.
So when I go to field mapping to create one for EP, I get the following error:
Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
Log Details:
2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR Error in gettting Field Def
com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
... 25 more
Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
... 28 more
Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
at com.sap.engine.lib.xml.parser.XMLParser.scanAttValue(XMLParser.java:1403)
at com.sap.engine.lib.xml.parser.XMLParser.scanAttList(XMLParser.java:1577)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1712)
at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
at com.sap.engine.lib.xml.parser.XMLParser.scanDocument(XMLParser.java:2845)
at com.sap.engine.lib.xml.parser.XMLParser.parse0(XMLParser.java:231)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parseAndCatchException(AbstractXMLParser.java:145)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:160)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:261)
at com.sap.engine.lib.xml.parser.Parser.parseWithoutSchemaValidationProcessing(Parser.java:280)
at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:342)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:101)
... 31 more
2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
com.virsa.ae.core.BOException: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:134)
at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
... 22 more
Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
... 25 more
Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
... 28 more
Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
Appreciate your response.
Thanks
Kee -
Hi,
How to provision a resource with process information using a java program?
Resource does not have a resource form.
ThanksTo directly provision a group in OID you need to use following oim api's
1. Get the factory instance
tcUtilityFactory oimUtilityFactory =new tcUtilityFactory(env, moSig);
1. Get the organization key
tcOrganizationOperationsIntf orgOpInterface =(tcOrganizationOperationsIntf) oimUtilityFactory.getUtility("Thor.API.Operations.tcOrganizationOperationsIntf");
HashMap orgReq = new HashMap();
orgReq.put("Organizations.Organization Name", "Name of the Organization");
tcResultSet tcResultDetails = orgOpInterface.findOrganizations(orgReq);
organizationKey = tcResultDetails.getLongValue("Organizations.Key" );
2. Get the Resource object key
tcObjectOperationsIntf oimObjectInterface == (tcObjectOperationsIntf)oimUtilityFactory.getUtility("Thor.API.Operations.tcObjectOperationsIntf");
long [] arr = new long[1];
arr[0] = organizationKey;
tcResultDetails = oimObjectInterface.findProvisionableObjectsForOrganizations(arr);
long provisionObjectKey = -1;
+//Get the key of the resource object to be provisioned+
for (int i=0; i<tcResultDetails.getRowCount(); i+){+
tcResultDetails.goToRow(i);
if("OID Group".equalsIgnoreCase(tcResultDetails.getStringValue("Objects.Name")))
+{+
provisionObjectKey = tcResultDetails.getLongValue("Objects.Key");
break;
+}+
+}+
3. Provision the resource
long objectInstanceKey = orgOpInterface.provisionObject(organizationKey,provisionObjectKey);
4. Get the process instance key
tcResultDetails = orgOpInterface.getObjects(organizationKey);
long processInstanceKey = -1;
for (int i=0; i<tcResultDetails.getRowCount(); i+){+
tcResultDetails.goToRow(i);
if(objectInstanceKey == tcResultDetails.getLongValue("Organization-Object Instance-Process Instance.Key"))
+{+
processInstanceKey = tcResultDetails.getLongValue("Process Instance.Key");
+}+
+}+
5. Set the process form
tcFormInstanceOperationsIntf oimFormUtility =(tcFormInstanceOperationsIntf) oimUtilityFactory.getUtility("Thor.API.Operations.tcFormInstanceOperationsIntf");
HashMap groupDetails = new HashMap();
+//fill up hashmap with all the required values from process form of OID group+
oimFormUtility.setProcessFormData(processInstanceKey,groupDetails );
Hope this helps,
Sagar -
Auto provision different groups in oim 11g
Hi,
While provisioning a user to AD, I need to add few different different groups based on the user's dept code.
We have around 250 dept codes and I dont want to create 250 access policies to provision different groups based on the dept code.
Is there any other way to resovle my issue?
I am using OIM11g. Please let me know.Adding more to Bikash Reply...
Create a Lookup with codekey as Dept Code and Decode as Groups like
Dept1->Group1
Dept1->Group2
Dept1->Group3
Write a code which retrieves the groups for corresponding dept code from the lookp, and in the same code call addProcessFormChildData(under tcFormInstanceOperationsIntf) for each group retrieved from lookup. Attach this adpater to new process task and call this task on success of create user task.
Reference:
JavaTask to be called after AD User provisioning succeeds
HTH -
Auto Provisioning backend and appropriate portal group in CUP
Hi gurus
Can we autoprovision backend roles and the appropriate pcd group in GRC. I have a task that should do the following
1. User creates a request in CUP for backend R/3 or ECC role
2. The approver approves the request
3. User gets the backend role and the appropriate portal pcd group by autoprovisioning.
I have done portal provisioning in the past where in user has to select the portal role he wants. But in this case he has to select the backend role and CUP should automatically provision the portal pcd group to him/her. How do we do this? I know we have to map the backend roles to the Portal PCD groups but at what stage?
The user id in this case is same as LDAP, CUP, Portal and backend system.
Any document in this regard?Hi Frank
Sorry to ask but how to map roles. When I click Role Mapping I see
System, Role selected by user
Buttons - Add main role, delete main role
Then next screen is again System, Role/Group name etc
I am guessing in the first instance system we have to select the R/3 system? and role is the R/3 name then click Add main role?
In the next page we have to select the Portal system and then the role/group name of the portal?
Correct me if I am wrong -
OIM-OID Provisioning - OID Group PrePopulate Approach :
Hi,
I am working on OID Connector 9.0.1.14 with OIM 11.1.1.5.
I have reconciled all the Roles and Groups from OID to OIM and can successfully provision users to the OID along with membership to these specific Roles and Groups.
I want to prepopulate the OID Group based on certain attribute from the OIM User form. My Approach so far is :
1) Created an Entity Adapter with a variable : say Org and GroupName.
2) Set the Logic as if Org = XYZ (+XYZ does exist on OIM+) set GroupName as = "OID Group 1" else set GroupName as = "OID Group 2"
3) Attached this adapter to the "OID User Group" form on the "Data Object Manager" at the pre-insert stage.
4) Mapped the Adapter variable as :
a) Org Maps to "Organization Definition" with the qualifier "Organization Name"
b) GroupName maps to the "Entity Field" with the qualifier "UD_OID_GRP_GROUP_NAME"
However nothing seems to happen when I create/modify a user with Orgization Name as XYZ and manually Provision the OID Resource. I can see the form but nothing is populated in the Group Field. Upon completing the request, I get the user provisioned to OID but without any Group information..
Is my approach right ? Am I missing something ?Here is what I have done for a client. My requirement was for a given department, a user must have a list of groups provisioned to them. So here is what i've done:
1. Create a lookup that has Code Key = Department, Decode = CN of the groups in a delimited format.
2. Create a provisioning task that will look at the department code from the user form, reference the lookup and find the decode values. Split them based on a delimiter. Then using each value, lookup the code key value from the real lookup that contains the full distinguished name of the group in the OID Group lookup. I even appened the IT Resource Key and ~ so that my search would be Decode or Code = "IT Resource Name~CN=<CN VALUE>%". This would return only the single group code key value. And then i add it to the child table. Repeat this for all the values in the delimited field.
3. Create a provisioning task that removes the values from the child table based on the delimited value. You'll need to search through the existing child table values.
Once you have the 2 tasks, you'll want to add a value to the your Lookup.USR_PROCESS_TRIGGERS that is your group determining field. Create your task name in this lookup. On your provisioning workflow, for the Adding of the groups task, make this unconditional, and have a preceding task of the Create User. Give it the name from your Lookup.USR_PROCESS_TRIGGERS and append " - Add Groups" to the task name. Create another task called the same, but append " - Delete Groups" to the task name. On the Add Groups task, make the preceding task the Delete groups. When you map your inputs to the adapters, on the delete, select the old value check box from the User Form so that you get the old value. Now, when the value changes on the user form, it will first remove the old groups, then add the new ones. All this will be done using the child table APIs, so that the existing Insert and Delete task triggers for your child table will run.
-Kevin -
Veryfying if E-mail Noti.sent to user after provisioning a req. in CUP
Hi,
Is there any way from where i can see the e-mail log of a particlar CUP request which has got provisioned in the system.
I checked that e-mail address of requestor and user is properly mentioned in the request form,stage is also configued as required,e-mail reminder is also ok, but some users are still saying that they didn't recieved any e-mail notification of username and password.They say nothing is in junk folder too.I just want to check excatly what is happening.
Thanks,
MukeshThanks Satish for telling me the table..
the points you mentioned, i have already check..
Users & Requests following to other workflows are getting provisioned and getting the Password Provisioningmails.
In troubled workflow also others mails for e.g. submission,waiting approval,approved are going but only Password Provisioning are not getting recieved.
I also checked from the above table, and found except Password Provisioning mail all other notifications entry are present.
Any idea.i am working on SP12
Rgds,
Mukesh -
Is it Possible to Create a Role Owner Group in CUP
Currently has a workflow that has each role owner to approve a role request. Would like to create to have two differenct role owners to have to approve the same role but with these to role owners want to have one of the role owners to have two people were only one of them has to approve. Can this be done in CUP? Hope it makes sense,. Thanks.
Laura KacalHi Laura,
I think now I understand your challenge, correct me if i'm wrong.
one role, 2 approvers (A, B), both need to approve, but:
Approver A = single user
Approver B = group of users
not possible. you can only setup the approval to be all need to approve or at least one.
I would recommend a 2 stage workflow. 1st stage single user approval, 2st stage group approval (CAD).
good luck.
N -
SAP IDM 8.0 Provisioning of group privilege assignments
Hi,
I set up Active Directory as a target system. I imported the new packages for Eclipse and did the initial load for AD (System privileges were created).
When I assign the PRIV:AD:ONLY privilege to an identity, the identity gets provisioned to AD.
When I assign the PRIV:AD:ONLY privilege to a group, the group gets provisioned to AD.
So far so good.
But when I assign the group to the identity I get the error in the execution log:
Cannot obtain mskey for group privilege PRIV:GROUP:AD:CN\=MY AD GROUP\,CN\=GROUPS\, DC\=DUMMY\, DC\=COM
The CN represents my CN in the Active Directory, but, I have no PRIV:GROUP:AD privilege?
so I can not provision group assignments to AD and I used only the default packages with no modifications.
And an additional question, when does the RDS for 8.0 comes out?
Are there some predefined approval processes like in 7.2?
Thanks, PatrickHi Jai,
Ahhhh
Thank you! you pointed me in the right direction, I disabled a few actions in the initial load job, including "WriteGroupPrivileges".
I had to disable the following Attributes: MX_INHERIT, MX_GROUP_INHERITANCE
I got the following error:
Value not legal for this attribute:Attribute: MX_GROUP_INHERITANCE" when storing attribute 'MX_GROUP_INHERITANCE=ONE'
Thanks for the fast help!
Patrick
Edit: Do I need for every Group in IDM a privilege for the target system? -
OIM provisioning of groups to AD
Hi,
Can any one tell me how can i provision groups to AD. when ever the administrator creates a group in Administration Console that group needs to be provisioned to AD.Hi,
The idea is that you set up triggers on the Group forms (under the Data Object Manager). So anytime a group is added to OIM, on Pre-insert (or post-insert), your adapter is called to add the group to AD. Same with pre-delete,post-delete. Your adapter will have to be coded to do the AD part. AD information will have to be hard-coded because at the time of the trigger, you only have the information that is on the group form available to you.. no other information.
Cheers,
Deborah -
Provisioning of groups to AD using AD connector
I want to provision groups from OIM to AD. I came to know from the AD connector guide that we can provision groups to AD.
My problem is i found that connector provisions only the following attributes to AD (Group Name, Organization Name, objectGUID, Group Type, Group Display Name).
I want to provision other attributes also like Group Scope to AD apart from the one provided above by the connector. How can i achieve this??I want to provision groups from OIM to AD. I came to know from the AD connector guide that we can provision groups to AD.
My problem is i found that connector provisions only the following attributes to AD (Group Name, Organization Name, objectGUID, Group Type, Group Display Name).
I want to provision other attributes also like Group Scope to AD apart from the one provided above by the connector. How can i achieve this?? -
How to force newly provisioned security groups into Planning
I just provisioned 3 new security groups in Shared Services (9.2.0.2). 15 minutes later our Planning Admin says that she still cannot see these new groups within her Planning app (9.2.0.2.0). Is there any way for me to force these new groups into Planning so that she can apply her security to them within the Planning app?
Hi,
Did you tried out Jake's suggestion?
Other tests are log in as a user that belongs to the group to see if that updates the tables.
Or run the provisionusers utility for a user that belongs to the group.
Or the the updateusers utility which syncs ups users/groups with shared services.
I cant remember which utility is the best to use in this instance.
Cheers
John
http://john-goodwin.blogspot.com/ -
Hi,
How can we provision from OIM to OID in "cn=Groups" node.
"cn=Groups" is using out of the box "GorupOfUniqueNames" class.
Please suggest.
Thanks.
Edited by: ASA on 28/07/2010 20:47The ObjectClass should be configured in this lookup Lookup.Configuration.ActiveDirectory
Check below
http://docs.oracle.com/cd/E22999_01/doc.111/e20347/extnd_func.htm#sthref221
4.6 Configuring the Connector for User-Defined Object Classes -
Error encountered during provisioning of user to SAP CUP in OIM 11g R1 BP07
We recently updated our environment from 11.1.1.5 BP05 to 11.1.1.5 BP07.
We are facing an issue with provisioning users to SAP CUP system. We receive an error specifying :
Response: oracle.iam.connectors.sap.cup.ws.submitreq.ObjectFactory
Response Description: Unknown response received
However, we are unable to find any errors related in the log file. The SAP UM connector version is 9.1.2.5. Please let us know the cause of this issue.1. Login to Design Console and open your GTC provisioning process definition , then Add a new task called "Notify Email".
2. Check Required for Completion, Allow Cancel and optionally Disable Manual Insert.
3. In the Integration tab, add tcCompleteTask
4. In the assignment tab, add an entry with the Default rule, target type of User, and for the User field pick an existing user with a valid email address in their User Profile.
5. In the Notification tab add an entry and check Assignee, (You can select User, Manager etc ) have the Status field set to C and for the Email field pick a Provisioning type of Notification Template that you have already created.
N.B: 7. Make sure the IT Resource and email configuration properly otherwise you will not get the mail.
Thanks
Tamim Khan -
Not able provision a new native group in shared services
Hi,
I am trying to add a new native group in shared services and trying to provision the group. But I am getting the following error:
90:7019:Failed to process the request
Is there any solution for it. Can anyone suggest me how to proceed further.
Thanks,
HimaCan determine if the provisioning is failing for a particular application? Try to pick something confined to shared services like "application creator" in shared services and see if you can provision just that role. This will tell you if it is an issue with metadata from a product outside of shared services.
Do you have any applications with the same name or registered more than once in your application groups in shared services?
If it fails for everything you try have you restarted shared services and checked your jvm heap settings?
Also, in the logs Shared Services directory there are many log files , can you check them for any related error messages?
Thanks
Nick
Maybe you are looking for
-
Could not load SP1 on my HP Slate 500 with Windows 8. I talked to support and they recommended a manual load instead of using Windows Update on the Microsoft site. The manual load worked. Reference support case[Personal Information Removed]?
-
Dear experts, in one my scenario, i need the serial numbers mapping. my clients quality completly based on the calibration of the gauges. N number of types of gauges and instruments are used in their business. each types of N number gauges and instru
-
Is there a way to do the Alpha Inverted tool on more than 1 layer?
I'm trying to make a object appear behind me and need to have 3 layers done like that. Or is there a way to take one layer and cut the time line into parts instead of just editing it? Like having one layers time line cut into 3 different parts?
-
Ical..... Sort items by due date
I always like to see my tasks deadlines. so I always like to sort the items by due date in the list the "To Do Items". My point is when I updated something I always need to click the option and sort items by due date again. Can I do that action with
-
3.1EA1 bug: Exporting 300K records to a .xls or .xlsx file
Hello: Exporting a large query result (300K records) into a .xls or .xlsx file will cause SQL Developer to hang. On some occurences, SQL Developer will not hang, but the file created is empty. Thanks, Adrian