Provisioning to specific ou in AD through OIM

Hi,
This is my AD tree structure.
Mycompany.com
|
|----Users
|----Students
By default user goes to Users i want new user to go to Students OU.
How can i configure this?
Thanks in advance

Hi Chavi / OIMLearner,
I have tried that and it works fine. But all my DNs are not of same structure. Some are like "cn=userid,ou=abc,o=cde,dc=fgh,dc=com" and some are like "cn=userid,o=cde,dc=fgh,dc=com" and there comes the problem.The value of ldapOrgDNprefix is overwriting my DN which is generated perfectly through my adapter.
I dont want that Lookup.OID.Configuration to overwrite my DN.Pls suggest...

Similar Messages

Problem with provisioning to particular OU in OID through OIM

Hi,
Please go through the following issue and suggest.
I have integrated OIM with OID for provisioning purpose through OID connector.Iam prepopulating OU structure in the "Container DN" field in the process form of OID through an adapter.
For example : "ou=BG,o=shipper,dc=xoserve,dc=com" is the Container DN iam prepopulating in OID process form and the user is getting provisioned to OID within the same structure(That structure already exists in OID).
But when I dont have an "ou" in OID, suppose if i want to provision the user to something like "o=Network,dc=xoserve,dc=com"(note this one dont have ou),iam prepopulating "o=Network,dc=xoserve,dc=com" in the process form but iam not able to provision the user.In the console iam seeing the error like
*"ERROR,18 Feb 2010 10:58:15,343,[XL_INTG.OID],com.thortech.xl.integration.OID.tcU*
*tilOIDUserOperationscom.thortech.xl.integration.OID.util.tcUtilLDAPOperations: N*
*amingException :Unable to search LDAP. Check the following values and try again:*
*Base Search detail: ou=Network,dc=xoserve,dc=com, filter expression is cn=H*
*ELLO567"*
My "o=Network" is being sent as "ou=Network"(overwtitten) from process form to OID and as a result it is not able to find that structure in OID.
Plzzzz help....

Hi Chavi / OIMLearner,
I have tried that and it works fine. But all my DNs are not of same structure. Some are like "cn=userid,ou=abc,o=cde,dc=fgh,dc=com" and some are like "cn=userid,o=cde,dc=fgh,dc=com" and there comes the problem.The value of ldapOrgDNprefix is overwriting my DN which is generated perfectly through my adapter.
I dont want that Lookup.OID.Configuration to overwrite my DN.Pls suggest...

Enabling a User through OIM API

Hi I am trying to enable a user through OIM API, However the end date is already passed for that user, I am setting up a new end date through the Program (showm below). However the update user is not working (i am not sure).
Map usermap = new HashMap();
usermap.put("Users.User ID", User_id );
Map grpmap = new HashMap();
grpmap.put("Groups.Group Name", Group_Name);
tcResultSet ts = userClient.findUsers(usermap); //find all users
String existing_end_date = ts.getStringValue("Users.End Date");
tcResultSet tg = groupClient.findGroups(grpmap); //find requireq group
long ukey = ts.getLongValue("Users.Key");
long gkey = tg.getLongValue("Groups.Key"); //find group key
// ENABLE THE USER
java.util.Date new_end_date = new java.util.Date(111,1,1);
Calendar cal = Calendar.getInstance();
cal.setTime(new_end_date);
DateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss");
String Str1 = dateFormat.format(cal.getTime());
String Str2 = existing_end_date + " 12:00:00";
System.out.println(User_id+" OLD End Date:" + Str2 + " New End Date: " + Str1);
Map usermap2 = new HashMap();
usermap2.put("Users.User ID", User_id );
usermap2.put("Users.End Date", Str1);
userClient.updateUser(ts,usermap2);
userClient.enableUser(ukey);
I am getting the following error:
U0000018 OLD End Date:2009-09-30 12:00:00 New End Date: 2011-02-01 12:00:00
2/12/2010 15:02:53 oracle.j2ee.rmi.RMIMessages EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER
WARNING: Exception returned by remote server: {0}
Thor.API.Exceptions.tcAPIException: The user cannot be enabled because the end date is passed.
Not sure why it is happening. It looks like the Updateuser is not working, or something else?
Please advise. Thanks in advance.

Hi Suren,
thanks for the note.
I found that as soon as I enable the user, I am getting the followimg messages in the opmn logs:
INFO,06 Dec 2010 10:55:41,841,[XELLERATE.JAVACLIENT],System Event Handler: Validating Organization for an User.
INFO,06 Dec 2010 10:55:41,944,[XELLERATE.JAVACLIENT],System Event Handler: Triggering Processes related to User.
INFO,06 Dec 2010 10:55:42,402,[XELLERATE.JAVACLIENT],System Event Handler: Enabling the User
INFO,06 Dec 2010 10:55:42,421,[XELLERATE.JAVACLIENT],System Event Handler: Validating Organization for an User.
INFO,06 Dec 2010 10:55:42,427,[XELLERATE.JAVACLIENT],System Event Handler: Triggering Processes related to User.
INFO,06 Dec 2010 10:55:42,439,[XELLERATE.JAVACLIENT],System Event Handler: Changing application data based on Organization change.
INFO,06 Dec 2010 10:55:42,442,[XELLERATE.JAVACLIENT],System Event Handler: Auto-Group Membership Event.
INFO,06 Dec 2010 10:55:43,715,[XELLERATE.JAVACLIENT],System Event Handler: Evaluating User Policies
So, the access policies are getting evaluated, triggering provisioning processes.
What I am planning to do is, to disable the access policies and try to run the Program.
Because of this issue, my Program is throwing an error (until I looked into the opmn logs, it doesn't make sense).
6/12/2010 10:55:50 oracle.j2ee.rmi.RMIMessages EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER
WARNING: Exception returned by remote server: {0}
Thor.API.Exceptions.tcAPIException: Error occurred enabling Xellerate User instance.
Regards
Vijay Chinnasamy

How to lock the AD Account through OIM

Hi.
I am provisioning AD through OIM 11g using the AD Connector. I have done the create user, modified user provisioning through OIM in AD successfully without any issue.
I would like to lock the OIM account and also lock the respective target accounts when OIM account is locked.
I have done the following task to lock the account in OIM and also in AD through OIM. They are
Process Definition Task
I have created the Change Account Status task in process definition.
This task will populate the OIM Account lock status value to the AD Account is Locked out field in the ADUSER form using the OIM API. The same API is working for all First Name, Last Name etc modification without any issue.
Lookup Definition
I have added the following entry in the Lookup.USR_PROCESS_TRIGGERS Lookup Definition
Code Key : USR_LOCKED and Decode : Change Account Status
OIM Admin Console
I have logged into the OIM admin Console as a Administrator and I have search the user and click the Lock Account button. The OIM Account is locked , but target resource account was not locked and also Change Account Status task was not triggered by OIM.
Do i need to do any special configuration for account lock for the target resource.
Help is greatly appreciated.

In your System Configuration variables, find the value for "XLUserResource.ProvisionMode". Make sure this is set to Java and not DB.
>
This property determines whether provisioning of the Xellerate User resource to the user's organization occurs in the database layer through stored procedure, or in the Java layer via Event Handlers.
Note: See Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information about Event Handlers.
This property has the following allowed values:
DB: Provisioning of the Xellerate User resource to the user's organization occurs in the database layer through stored procedure. This in turn does not trigger any further process. Therefore, custom tasks associated with the Xellerate User provisioning process that is associated with the Xellerate User resource does take place.
Java: Provisioning of the Xellerate User resource to the user's organization occurs in the database layer via Event Handlers. Custom tasks associated with the Xellerate User provisioning process that is associated with the Xellerate User resource takes place. This is applicable to the upgrade scenario, where you have your own tasks associated with provisioning processes in earlier releases of Oracle Identity Manager, and you want them to run even after 11g upgrade. In such scenario, set the value of this property value to JAVA.
>
-Kevin

Not able to create Organizations & Groups through OIM in OID.

Hi,
I am trying to create organizations and groups in OID through OIM. The steps are:
1. Organizations-->create-->name=test, parentorg=null,type=company-->create organization.
2. Drop down-->resource profile-->provision new resource-->OID organisation unit-->continue-->IT Serve=OID IT Resource-->continue
3. The create ou task is getting rejected with error as "Response: Invalid Naming Error
Response Description: Naming exception encountered "
Please help.

See the process form what it displayed. I think values are not getting populated properly in process form.

UNIX script invocation by passing parameters through OIM

According to our requirement, we need to pass parameters (say userid) through OIM 11g R2 to a script and then execute the script for user deprovisioning/deletion in a target m/c
Please let us know how much feasible is it to use UNIX OOTB connectors to pass parameters and execute the scripts ?
Any idea is appreciated.
Thanks

Yes, you put a line in the script that looks like this:java classname parameter1 parameter2 parameter3 ...Then the JVM will call the static main(String[] args) method of "classname" and put those parameters into the "args" array.
If you are asking how to generate such a script, or how to call it from your COBOL program, sorry, I don't know how to do that.

Does Internet Explorer (specifically a version 7 through 9) work on a MAC 10.8.4? I would like to access documents from my work that are only supported on Internet Explorer.

Does Internet Explorer (specifically a version 7 through 9) work on a MAC 10.8.4? I would like to access documents from my work that are only supported on Internet Explorer.

Joni2b wrote:
...I would like to access documents from my work that are only supported on Internet Explorer.
I don't know how successfully this will be but you can turn on the Developer menu (Advanced tab in preferences) in Safari and change the User Agent to trick the documents into thinking you're using IE. You can also do that by adding the User Agent Switcher extension to Firefox.
Otherwise, you need to run Windows in BootCamp, as a Windows Virtual Machine in software such as VMware Fusion, Parallels, or Virtual Box, or the Windows environment of CrossOver Mac, as Niel says.

Managing 100s UNIX servers through OIM using LDAP,

Hi Experts,
I have requirement where as 100s UNIX servers need to manage through OIM using LDAP,
Pls guide me how to implementing this through LDAP is best solution,
Thanks.

Take a look at:
http://www.oracle.com/technology/products/oid/oracleauthenticationservices.html
Oracle Authentication Services for Operating Systems

Import a biar file into a specific folder in CMS through java sdk

Hi,
How to import a biar file into a specific folder in CMS through java sdk?
Can anyone help.
Regards,
Kavitha S

Hi Kavitha,
Have a look at the sample available at
http://scn.sap.com/docs/DOC-6006, for importing a biar file using java sdks.
As far as I am aware of, you would not be able to import the contents of a biar file to a specific folder.
Why would you want to use a biar file to import contents to a different folder?
Organize>Move functionality from CMC/Infoview/BILaunchpad can work for this.
-Prithvi

AD Task rejected during Provisioning in AD through OIM 11g

Hi,
While provisioning a OIM user into AD, AD ID got created but there was one task called "Get Object GUID Created" was rejected. Below is the error message we are receiving.
"cn=i696801Doesn't Exist:[LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_O" does not correspond to a known Response Code. Using "UNKNOWN".
Do you have any idea on this.
Thanks

This question is now been fixed.
Instead of explicitly stating 636 for SSL,
Use the same port 389 for ssl and also configured oim port to be 140001 which is the ssl port for oim in the configuration of OIM Password Sync.
Export Certificates from AD to java security keystore and to weblogic keystore
Export .pem certificate created on OIM host machine to AD.
Restart weblogic, oim and AD
Everything would work fine.
For all the other information, refer to doc.
Thanks

TcObjectNotFoundException Error when provisioning through OIM API

Hi,
I am trying to provision resources using OIM client API. I am using the following code which is generating the exception mentioned after the code snippet:
*******************************Code*******************************
java.util.Hashtable env = new java.util.Hashtable();
env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_FACTORY_INITIAL,
oimInitialContextFactory);
env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_PROVIDER_URL, oimURL);
oracle.iam.platform.OIMClient client = new oracle.iam.platform.OIMClient(env);
Thor.API.Operations.tcUserOperationsIntf userIntf = client.getService(Thor.API.Operations.tcUserOperationsIntf.class);
Thor.API.Operations.tcObjectOperationsIntf objIntf = client.getService(Thor.API.Operations.tcObjectOperationsIntf.class);
Thor.API.Operations.tcFormInstanceOperationsIntf formIntf = client.getService(Thor.API.Operations.tcFormInstanceOperationsIntf.class);
Thor.API.Operations.tcProvisioningOperationsIntf provIntf = client.getService(Thor.API.Operations.tcProvisioningOperationsIntf.class);
Thor.API.Operations.tcUserOperationsIntf userOper = client.getService(Thor.API.Operations.tcUserOperationsIntf.class);
java.util.Hashtable mhSearchCriteria = new java.util.Hashtable();
Hashtable objectHash = new Hashtable();
objectHash.put("Objects.Name", "ITAX_GTC");
com.thortech.xl.vo.ResourceData data = userIntf.provisionResource(Long.parseLong(userId), objectKey);
long userObjectInstanceKey = Long.parseLong(data.getOiuKey());
long objectInstanceKey = Long.parseLong(data.getObiKey());
    Hashtable inputHash = new Hashtable();
//Populate the entry below with the object form data
for(int b = 3; b < row.length; b++)
inputHash.put(header[b], row[b]);
//Sets the object data
formIntf.setProcessFormData(objectInstanceKey, inputHash);
Thor.API.Exceptions.tcObjectNotFoundException
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl_1035_WLStub.revokeObjectx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy2.revokeObjectx(Unknown Source)
at Thor.API.Operations.tcUserOperationsIntfDelegate.revokeObject(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
at $Proxy3.revokeObject(Unknown Source)
at com.infotech.tra.organization.RoleAssignment.ProvisionResources(RoleAssignment.java:1013)
at com.infotech.tra.organization.RoleAssignment.main(RoleAssignment.java:48)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:56)
Caused by: Thor.API.Exceptions.tcObjectNotFoundException
at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.revokeObject(tcUserOperationsBean.java:3184)
at Thor.API.Operations.tcUserOperationsIntfEJB.revokeObjectx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy344.revokeObjectx(Unknown Source)
at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl.revokeObjectx(Unknown Source)
at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

To set the form data, you need the "Process Instance.Key" and not the object instance key. This is the code i use and i've replaced your data with some of the entries here:
String resource = "ITAX_GTC";
String userID = "JSMITH";
Map map = new HashMap();
map.put("Objects.Name",resource);
tcResultSet set = objIntf.findObjects(map);
long resourceKey = set.getLongValue("Objects.Key");
Set<String> attrNames = new HashSet<String>();
attrNames.add(UserManagerConstants.AttributeName.USER_KEY.getId());
HashMap searchCriteria = new HashMap();
searchCriteria.put("Objects.Name",resource);
int counter = 0;
String[] users = new String[] {userID};
for (String userID:users){
    try {
counter++;
User user = usermgr.getDetails(userID, attrNames, true);
long objectInstanceKey = userIntf.provisionObject(Long.parseLong(user.getEntityId()), resourceKey);
System.out.println("objectInstanceKey[" + objectInstanceKey + "]");
set = provIntf.findObjects("Revoke", new String[]{ user.getEntityId() }, "U", searchCriteria);
for (int i=0;i<set.getTotalRowCount();i++){
     set.goToRow(i);
     outputResultSet(set, i);
     if (set.getLongValue("Users-Object Instance For User.Key")==objectInstanceKey){
       map = new HashMap();
       //Populate the entry below with the object form data
         for(int b = 3; b < row.length; b++){
            map.put(header[b], row[b]);
formIntf.setProcessFormData(set.getLongValue("Process Instance.Key"), map);
    } catch (Exception e) {
System.out.println(e.getLocalizedMessage());
See if that helps.
-Kevin

Unable to provision to an RO through OIM access policy

Hi All,
We have created a group membership and attached it to an access policy which does provisioning for a particular RO.
When we try to use this, the provisioning process gets stuck in "System Validation" state.
However, provisioning manually works perfectly fine.
Is the server looking for something while it tries to provision?
Thanks!

Make sure all your required fields are being populated correctly. If you have any checkboxes, make sure they get a 1 or 0 default value. Check the auto save checkbox on your provisioning process definition.
-Kevin

Provision Resource through OIM APIS

I am using the OIMClient and the new APIs to provision a resource
I am using the Provisioning Service provision() method. For the Account details how should the AccountData be initialized. It says int he APIs that the AccountData constructor is only for already provisioned accounts.
Please suggest if there is any other way this can be done.

Try this:
//Account profile data - need not be set if all data is coming from prepop adapters
HashMap parentData = new HashMap();
parentData.put("UD_ADUSER_UID","Larry.Jones");
parentData.put("UD_ADUSER_FNAME","Larry");
parentData.put("UD_ADUSER_LNAME","Jones");
//Construct account data VO with process form key sdk_key=15
AccountData objAccountData = new AccountData("15", null, parentData);
//Construct account VO with app instance and account data VO
Account objAccount = new Account(appInstance, objAccountData);
//Provision the account to user with usr_key=6
long oiuKey = provisioningService.provision("6", objAccount);

CUP - UME to restrict for provisioning country specific roles

Hi All,
We have a unique requirement during CUP Implementation. We are implementing CUP for a customer and rolling out to various countries.
With this scenario we have a single stage workflow which routes through the approval procedure of respective countries. Now that we have a problem where if a user selects another country role and by mistake if it gets approved the user might get a wrong role. [We have different naming convention for diff. country roles and each country has separte roles]
Is there a way to restrict the country specific users to search only for that particular country role in UME or even if he searches other country role it should not allow the provisioning of a different country role to that particular user.
Ex: User A belongs to X country. Roles of X country are starting with X1 ... series. Similary Y country roles are starting with Y1..series.
Is there a way to restrict User A only to serach and select only roles of X1...series and gets restricted for provisioning to X1..series only.
Thanks and Best Regards,
Srihari.K

Hello Sri,
You can create country specific business processes and assign the role to the Business Process, Functional Area or Company. By selecting the "country" in the configured field, at least only those applicable roles will show for the user.
In the user form make such a field mandatory.
Of course the user could select the wrong country in the field, but this will greatly reduce human error.
-Dylan

Ldap Sync: User is not able to create in Active Directory through OIM

Hi ,
I have enabled the ldap sync between OIM and Active Directory.
Option 1: with password
While creating the new user in OIM , I am getting the below error .
80eeb34d89d5ed80:18bc05bb:1403be9d7e6:-8000-000000000008f710,0] [APP: oim#11.1.2.0.0] Could not modify entry.[[
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
remaining name 'cn=ADTESTLDAp10F ADTESTLDAp10LL,cn=Users,dc=cgtest,dc=adtest,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1458)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:153)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.modify(ConnectionHandle.java:301)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.modify(BackendJNDI.java:781)
[2013-08-04T17:06:58.840-07:00] [oim_server1] [ERROR] [OVD-60600] [oracle.ods.virtualization.engine.util.ADUtilities] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 80eeb34d89d5ed80:18bc05bb:1403be9d7e6:-8000-000000000008f710,0] [APP: oim#11.1.2.0.0] Cannot set password : LDAP Error 53 : [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0[[
Looks like password is not able to set properly. But I am able to create the same user in AD using the same password.
Option 1: without password
Another testing, I have also tried to create user without password. There is no error coming to log file. and I am able to see the below message in log file
oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPPreProcessHandler] [APP: oim#11.1.2.0.0] [SRC_METHOD: createUser] User created in LDAP with GUID 9dc8f6f4b8564216a5d75d86f7cad0a2
But user is not created in AD . this is another issue.
Thanks,
Amit

Thanks for your reply.
I have seen sample xml and my target looks the same
<wlserver dir="${weblogic.domain.dir}"
                         port="${weblogic.domain.admin.server.port}"
                         servername="${weblogic.domain.admin.server.name}"
                         username="${weblogic.domain.admin.user}"
                         domainname="${weblogic.domain.name}"
                         password="${weblogic.domain.admin.password}"
                         configFile="config.xml"
                         generateConfig="true"
                         action="start"
                         beahome="${env.BEA_HOME}"/>
my requirement is to use ant task.. otherwise I am able to create through configuration wizard
Thanks

Provisioning to specific ou in AD through OIM

Similar Messages

Maybe you are looking for