Provisioning users to AD groups in OIM 11gR2

I could use some advice on how to resolve this issue I am having.
Using the Active Directory connector (11.1.1.5) in our OIM 11gR2 development environment I can successfully provision OIM users to our AD resource. I have successfully run the org and group lookup recons, and provisioned users do go into the correction ou in AD.
However when I select which groups a user should be a member of in the ADUSERC child form (via the lookup), the user is not provisioned with the correct group membership in AD.
A separate issue is how to map the objectClass in AD in the ProvAttrMap; could anyone point me in the direction of how to go about that?
Thanks

The ObjectClass should be configured in this lookup Lookup.Configuration.ActiveDirectory
Check below
http://docs.oracle.com/cd/E22999_01/doc.111/e20347/extnd_func.htm#sthref221
4.6 Configuring the Connector for User-Defined Object Classes

Similar Messages

OIM-OID! provisioning users to OID groups-QUICK HELP NEEDED

hi,
I've installed OIM connected to OID.
I've been assign some tasks:
1) Creating access policy such that when a user is created in OIM, he is provisioned to two groups in OID.... ie. in cn=users and cn=employees (where cn=employess is the group i create under cn=Groups,dc=ad,dc=company,dc=com)
2)Creating an access policy such that when a user is created in OIM, he is provisioned to two additional groups in OID, say I've created two custom groups in OIM and attached membership rules to them. Now when i create a user satisfying the two membership rule,he is assigned to those two OIM groups and provisioned to cn=users,dc=ad,dc=company,dc=com and cn=group1,cn=Groups,dc=ad,dc=company,dc=com and cn=group2,dc=ad,dc=company,dc=com.
Also i want to populate those OID groups into a child table and create their lookups in Process form
Please help me materialise and understand these concepts.
The OID Lookup Recon task for group is running fine, lookup.oid.group is populated with values.
how those groups can be populated in process form child table(OID user group table).
Edited by: Chhavi Saluja on Feb 12, 2010 12:51 AM

As mentioned in my other post you can put these groups in access policy form and all the users assigned by this policy will get these groups. Any issue revert back.

Facing issue while provisioning to Exchange mail server in OIM 11gR2

Hi All,
I am getting following error while provisioning user in exchange.
[2013-12-19T16:04:02.634-08:00] [oim_server1] [ERROR] [] [XELLERATE.DATABASE] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: edbbad62ee0b4f0e:5ae02d4e:14308416bb2:-8000-0000000000001313,0] [APP: oim#11.1.2.0.0] select orc_key, UD_EX_CH_VERSION from UD_EX_CH where orc_key=123[[
java.sql.SQLSyntaxErrorException: ORA-00904: "UD_EX_CH_VERSION": invalid identifier
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
    at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
    at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
    at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
    at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:548)
    at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:202)
    at oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:942)
    at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:1283)
    at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1441)
    at oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:1690)
    at oracle.jdbc.driver.OracleStatementWrapper.executeQuery(OracleStatementWrapper.java:446)
    at weblogic.jdbc.wrapper.Statement.executeQuery(Statement.java:506)
    at com.thortech.xl.util.JDBCUtils.executeQuery(JDBCUtils.java:159)
    at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(tcDataBase.java:760)
    at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(tcDataBase.java:271)
    at com.thortech.xl.dataaccess.tcDataSet.executeQuery(tcDataSet.java:935)
    at com.thortech.xl.dataobj.tcDataSet.executeQuery(tcDataSet.java:1523)
    at com.thortech.xl.dataaccess.tcDataSet.executeQuery(tcDataSet.java:903)
    at com.thortech.xl.dataobj.tcDataSet.executeQuery(tcDataSet.java:1490)
    at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.getProcessFormChildDataData(tcFormInstanceOperationsBean.java:1271)
    at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.getProcessFormChildData(tcFormInstanceOperationsBean.java:1213)
    at Thor.API.Operations.tcFormInstanceOperationsIntfEJB.getProcessFormChildDatax(Unknown Source)
    at sun.reflect.GeneratedMethodAccessor904.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflectio
Regards,
Nitin Natekar

Looks like some form version changes got corrupted.
You can do following things..
1) Make a new form version using Design condole
2) Make Recon Profile Active in Resource Object.
3) In Application Instance-> Form-> Create new Form.
If its not solved, you can uninstall and install your connector again.
~J

Provision User to AD Group

Hi,
I have a senario where a User "U", Organizaton "O" and Group "G".
In AD, "G" is part of "O" i.e "O" is the organizational Unit and "G" is the group defined in the organizational unit.
When user "U" is assigned to Group "G", OIM should add the user to Group "G" in AD under organization "O".
Is their any OOTB by which I can achieve this functionality? If not please suggest a suitable solution.
Thanking you in advance for your response.

If you are using access policies, and the O value is also used for a group membership rule, you could add the child table entry for G to the access policy and the user would automatically get this value. You can also have a task that runs after user creation on the AD User process definition that has logic to say if O=XYZ, then using the addProcessFormChildData, insert the G=XYZ intot he child table. You can also have a task that runs on "Organization Updated" that recalculates the log, and removes the old and adds the new.
All this stuff is possible with the APIs.
-Kevin

How to provision users to diffrent OU in OIM 11g(OIM configured with LDAPS)

HI All,
we have a requirment to create users in diffrent OU in OID based on the type of the user.
During user creation, if we select usertype as Employee then user should be created under OU=EMployee,dc=domain,dc=com, if we select usertype as Contractor then user should be created under OU=Contractors,dc=domain,dc=com. how do i configure this? i treid modifiying LDAP container rules, but it dint work, can you please help me on this.
Thanks

In addition to setting LDAP container rules, i had to create an eventhandler and use another field (locality name for example) to make this work. If you have more than one ldap container there is bug in OIM code becuase of which some containers don't get set. Meaning if you have one user type mapped to unique ldap container you will be fine with the suggestion above. If you have multiple user types mapped to one ldap container, and you have many such combinations some ldap containers don't get set. the following code worked for me:
     if (userRole != null) {
          if (userRole.equalsIgnoreCase("Full-Time Employee") ||
                                        userRole.equalsIgnoreCase("Part-Time Employee") ||
                                        userRole.equalsIgnoreCase("Consultant") ||
                                        userRole.equalsIgnoreCase("Internal System Accounts")) {
          userType = "Internal";
          } else if (userRole != null && userRole.equalsIgnoreCase("OIM System Accounts")) {
          userType = "System";
          } else {
          userType = "External";
     orchestration.addParameter("Locality Name", userType);
Hope this helps,
Prasad.

OIM 11gR2 : User groups not visible on UI

Hello Experts,
I have a requirement in which i need to assign the user provisioned to AD to some group(s) depending upon certain conditions like BU, Location etc. I created a Process Task adapter for the same and am able to successfully assign the users to the desired groups.
But i am able to check for this validity from the Backend only.
Ideally the groups assigned to the user must be visible after following these steps:
*1. Search for a user provisioned to AD.
2. Go the the Accounts tab.
3. Click on the AD account (to which the user has been provisioned)
4. A process form is displayed in the lower half of the webpage which also shows the information regarding the groups assigned to the User. But the groups are not getting displayed.*
Kindly Help.
Edited by: IDM_newbie on Jan 24, 2013 11:24 PM

But sir, the groups are listed under the Accounts tab. Is there any schedule job provided by OIM 11gR2 which results in the display of Groups assigned to the user as well under the Accounts tab ?
Edited by: IDM_newbie on Jan 25, 2013 1:51 AM

OIM 11gR2 user not provisioning to Active Directory (11.1.1.5 connector)

Hello all,
I'm trying to set up an OIM 11gR2 instance to work with Active Directory with the Active Directory 11.1.1.5.0 connector. I've full installed both OIM and AD on separate servers, and I've installed the AD 11.1.1.5 connector on OIM. I have configured Active Directory properly (connector on OIM and the connector server on the AD server-side), and have set up the two IT Resources on OIM. I can run, for example, the Active Directory Organization Lookup Recon job and have it return results in the Lookup window.
My problem is that I cannot get it to provision to a user. I've created an Application Instance and Form for Active Directory, attached the Form, associated them with the appropriate resources (AD User), and added them to the Catalog, and then gone through the process of adding an account to the user, selecting the Application Instance, adding it to the cart, checking out, filling out the fields (Password, User ID, UPN, First Name, Last Name, Common Name, and Organization Name), and then submitting the request. This is all done as the xelsysadm admin user, but it still results with the account stuck on "Provisioning" because the "Create User" task failed due to a Connector Error (the reason stated is just a repeat of "Create Object" failed).
Anyone know what I'm missing here?
Thank you!
Edited by: 939908 on Nov 12, 2012 6:36 AM

Hey 833249, thanks for your reply
The organization field attribute is filled in correctly, in that the OU I selected exists in AD.
These are the errors listed in the connector server log:
+11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception occured during the creation of directory entry.+
+11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Message : Logon failure: unknown user name or bad password.+
+11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Stack Trace : at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)+
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_NativeObject()
at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1423
+11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Encountered Excetion: Unable to get the Directory Entry+
+11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Stack Trace: at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1456+
at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.DirectoryEntryExists(String path) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1512
at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 219
ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: Unable to get the Directory Entry
at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 368
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.CreateImpl.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 388
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
at ___proxy1.Create(ObjectClass , ICollection`1 , OperationOptions )
at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
I'm not sure why the username/password error could be occurring, as those fields in the AD IT Resource are correct (I've run AD recon jobs that have connected properly). Is there something I'm missing?

Can't Provision user from OIM to AD (manaul provis

can't Provision user from OIM to AD (manual provisioning ) failed with Error
the following is connector server log
==========================================
DateTime=2012-07-18T08:39:32.8713100Z
ConnectorServer.exe Error: 0 : System.ArgumentNullException: Value cannot be null.
Parameter name: Parameter 'uid' must not be null.
at Org.IdentityConnectors.Common.Assertions.NullCheck(Object o, String param)
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.ValidateInput(ObjectClass objclass, Uid uid, ICollection`1 attrs, Boolean isDelta) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1568
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.Update(ObjectClass objclass, Uid uid, ICollection`1 replaceAttributes, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1365
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
at ___proxy1.Update(ObjectClass , Uid , ICollection`1 , OperationOptions )
at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
DateTime=2012-07-18T08:39:37.8558126Z
1- iam using OIM 11.1.1.5 / applied patch p13704894_111150
2- this the target system LDAP on Windows Server 2008 R2 Entrprise version 6.1(7601) , Service Pack 1
3- and the connector server and connector version , activedirectory-11.1.1.5.0 , Connector_Server_111150
i noticed that for any user i create on OIM objectGUID is 0 , i can read groups and organizations from LDAP with no errors
please support

This issue is coming because your object guid is not getting synchronized properly. Login to design console and open AD User form. Go to pre-populate tab. Open prepop adapter for User Principal name. Here bydefault IT resource name passed is Active Directory whereas you should have your IT server name which I think bydefault is AD Server. In the Mapto section select Process data and qualifier field will have AD server. Click on save button. Save your form.
Retry your test case now. This will resolve your problem.
regards,
GP

OIM 11G R2 Provisioning User to Oracle DB

Hello Experts,
I'm working on OIM 11gr2 and I installed DBAT 9.1.0.5.0
User-->Accounts-->RequestAccounts--> catalog-->add to cart --> checkout ...
When i was executed Checkout in catalog why no content for details ？ User can't Provisioning to DB.
Have you any ideas?
Thanks!

I appreciate your feedback very much.
My operation steps are as follows：
1) install DBAT 9.1.05
2)create connector "Database Application Tables Provisioning"
3)The system automatically created IT resources and Application Instances
4)Create Sandbox and activate it
5)edit Application Instances, create Form
6) Publish Sandbox
7)Run "Catalog Synchronization Job"
8)login /identity
9)create user
10)request acttouts
11) catalog-->add to cart --> checkout !

OIM 11GR2 UNIX Connector Reconcile users from UNIX inquiry

Good Day!
I would like to ask whether there is a way in OIM that when I reconcile all new users from my UNIX server, OIM will also create the resource which this user is provisioned upon?
Here is my scenario:
1.) Freshly installed OIM 11GR2.
2.) Installed UNIX connector on OIM 11GR2.
3.) Configured UNIX TRUSTED Resource
4.) Reconciled all the UNIX users into OIM. (New users are created since my OIM doesn't have any user)
5.) The problem is when the new users are now created in OIM, they don't have entitlements or accounts linked to the UNIX server which they have been pulled upon.
I would like to ask whether I need to configure something to have the entitlements/accounts linking possible?
If not, what are the ways I can achieve this?
The only way I can think of is have the UNIX users be created in a flat file first then load via GTC then have reconciliation to have OIM to link these users to UNIX which I believe should be able to do the scenario I am asking upon.
Thanks in advance!
Regards,
Jeff

By the way, checking target resource recon by default will not create new users when OIM is not able to establish a link.
In my case, OIM doesn't have any users since this is a fresh install hence even running target resource at start will won't create the new users in OIM right?
based from this:
"You configure application (AD, OID, OVD, HR) etc in Target Resource Mode if that OIM is source of truth for user provisioning (All users are created in OIM and OIM then provision accounts in Application. Any changes in Application are reconciled back to OIM)."

Account stuck in Provisioning state in OIM 11gR2

Hello,
In OIM 11gR2, when provisioning fails, the application still shows in the accounts tab of the user, but it is stuck in the "Provisioning" state. I don't know if it's standard behavior, but it always does this for me. When this problem occurs, the only way I have found to remove the entry from the applications list is to completely delete the application instance and re-create it. Is there a cleaner way of removing the stuck account ? The "Remove Account" button does nothing for me.
Thanks,
--jtellier

Rajiv Dewan wrote:
BDW, if something goes wrong while doing provisioning then you can retry the rejected task (after fixing the issue) instead of initiating provisioning again with new instance. It will mark your existing incomplete instance as PROVISIONED.Oh, thanks, I had not realized that...
--jtellier

Unable to provision users in OIM 11.1.1.3 using DBUM connector 9.1.0.4.

Hi,
I installed OIM 11.1.1.3 and i am able to access it.
Now i am trying to provision an user to a database table using "User Database Management connector". I worked on it by using version 9.1.0.4, but i failed to provision the users.
I am getting an error message that "Error occurs while initializing parameters in initutil".
Can anybody please help me how to solve this issue.
Thanks,
SRI.

Thank you for your reply.
I am trying to test for provisioning users, could you please suggest me the version for the AD or any other connector that is used to deploy with the OIM 11.1.1.3.
Thanks,
SRI.
Edited by: Sri Kishore on Aug 25, 2010 11:29 PM

Provisioning: Users from OIM to Active Directory

Dear Experts!
I am trying to setup provisionig from OIM to AD. I just want to provision Users from OIM to AD.
I am going through this documentation/tutorial:
http://download.oracle.com/docs/cd/E11223_01/doc.910/e11197/deploy.htm#insertedID0
i also read this:
http://www.oracle.com/technology/obe/fusion_middleware/im1014/oim/ad_provision/prov2ad.htm
But it just won't work. The provisioned resource get's always status rejected in the (To-Do List --> Open Tasks).
Then i tried to test the connection to AD using this documentation:
http://download.oracle.com/docs/cd/E11223_01/doc.910/e11197/testing.htm
And i get this error in the console:
http://img689.imageshack.us/img689/3190/errorq.png
The IT resource: ADITResource looks like this:
Remote Manager Prov Script Path:
Admin FQDN: [email protected]
Use SSL: no
Remote Manager Prov Lookup: AtMap.AD.RemoteScriptlookUp
Target Locale TimeZone: GMT
Port Number: +636+
AtMap ADUser: AtMap.AD
ADGroup LookUp Definition: Lookup.ADReconciliation.GroupLookup
isUserDeleteLeafNode: no
Allow Password Provisioning: no
UPN Domain: domain-test.local
AtMap ADGroup: AtMap.ADGroup
ADAM LockoutThreshold Value: +5+
isADAM: no
Admin Password: *********
Invert Display Name: no
Root Context: dc=domain-test,dc=local
Server Address: testing-server.domain-test.local
Could be the problem that i don't use SSL? I don't set Passwords in AD, i have read that then i don't need SSL...?
I am new to OIM, so your response is greatly appreciated!
Thank you very much in advance!

Hello again Raj!
Thank you for your answer. You have always good ideas...
*1) Whats the response that you are getting from AD for this operation. Check this as following:*
Go to Users->UserABC->(Resource Profile from Drop down)->(Click your particular resource instance)->(Select the rejected task precisely "Create User")_
I get this on the Task Name - Create User:
Status:Rejected
Response: Please Select the Organization or Container Name from Organization Name Lookup
Response Description: Please Select the Organization or Container Name from Organization Name Lookup
But i can't get to populate the Organization Name on the user form, because there are no values available.
Under Error Details there is nothing.
*2) If your IT resource parameters are incorrect, you will get a connection error in logs. Your port information is correct, it has to be Port->389 and Use SSL-no*
I have created a new IT resource without SSL. Just to test the connection to AD. It works because I get “Successfully established connection to the AD_Test_without_SSL.”
Bellow is my NEW configuration for the IT Resource.
IT Resource Name:* AD_Test_without_SSL
IT Resource Type:* AD Server
ADAM LockoutThreshold Value:* 5
ADGroup LookUp Definition:* Lookup.ADReconciliation.GroupLookup
Admin FQDN:* [email protected]
Admin Password:* *********
Allow Password Provisioning:* no
AtMap ADGroup:* AtMap.ADGroup
AtMap ADUser:* AtMap.AD
Invert Display Name:* no
isADAM:* no
isUserDeleteLeafNode:* no
Port Number:* 389
Remote Manager Prov Lookup:* AtMap.AD.RemoteScriptlookUp
Remote Manager Prov Script Path:*
Root Context:* dc=domain-test,dc=local
Server Address:* testing-server.domain-test.local
Target Locale TimeZone:* GMT
UPN Domain:* domain-test.local
Use SSL:* no

Unparseable Date when Provisioning User from OIM to EBS HR

Hi expert,
I'm integrating E-Business Application using 'Oracle EBS HR Foundation User Management Connector version 9.1.0.4.0
with OIM version 11.1.1.5.0 (plus BP06) and I also set value of 'Manage HR record' to 'Yes'.
While provisioning user to EBS. It has some error occur about 'Unparseable date: "2013-05-24 00:00:00" '
############ ERROR ###########
[OIMCP.EBSUM] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: da74dbf2fbfe8d95:7819efa0:13eca22628a:-8000-0000000000012282,0] [APP: oim#11.1.1.3.0] oracle.iam.connectors.ebs.usermgmt.integration.EBSUserManagement : updatePerson
[2013-05-24T09:50:36.911+07:00] [wls_oim1] [ERROR] [] [OIMCP.EBSUM] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: da74dbf2fbfe8d95:7819efa0:13eca22628a:-8000-0000000000012282,0] [APP: oim#11.1.1.3.0] Failed to create employee
[2013-05-24T09:50:36.912+07:00] [wls_oim1] [ERROR] [] [OIMCP.EBSUM] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: da74dbf2fbfe8d95:7819efa0:13eca22628a:-8000-0000000000012282,0] [APP: oim#11.1.1.3.0] Description : Unparseable date: "2013-05-24 00:00:00"
[2013-05-24T09:50:36.912+07:00] [wls_oim1] [ERROR] [] [OIMCP.EBSUM] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: da74dbf2fbfe8d95:7819efa0:13eca22628a:-8000-0000000000012282,0] [APP: oim#11.1.1.3.0] java.text.ParseException: Unparseable date: "2013-05-24 00:00:00"
May it has some bug?
Thanks
Noraset.

Could you please write down what you have given in ITResource?
May be you are giving some wrong value in IT Resource.
Have you made chnages to OID Prov Lookup. If no check this link :
Re: Problem with OID Connector
And give a try !

Problem in provisioning user from oim to active directory using ssl

hi,
problem in provisioning user from oim to active directory using ssl i am getting following error while provisioning user to AD.
15:18:12,984 ERROR [ADCS] Communication Errorsimple bind failed: 172.16.30.35:636
15:18:12,984 ERROR [ADCS] The error occured in tcADUtilLDAPController::connectTo
AvailableAD():simple bind failed: 172.16.30.35:636
15:18:13,015 ERROR [SERVER] Class/Method: tcProperties/tcProperties encounter so
me problems: Must set a query before executing
com.thortech.xl.dataaccess.tcDataSetException: Must set a query before executing
at com.thortech.xl.dataaccess.tcDataSet.checkExecute(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.util.tcProperties.<init>(Unknown Source)
at com.thortech.xl.dataobj.util.tcProperties.initialize(Unknown Source)
at Thor.API.tcUtilityFactory.getLocalUtility(Unknown Source)
at Thor.API.tcUtilityFactory.getUtility(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.co
nnectToAvailableNextAD(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.se
archResultPageEnum(Unknown Source)
at com.thortech.xl.schedule.tasks.ADLookupRecon.performReconciliation(Un
known Source)
at com.thortech.xl.schedule.tasks.ADLookupReconTask.execute(Unknown Sour
ce)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionActi
on.run(Unknown Source)
at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown S
ource)
at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.j
ava:520)
can any one help.
Thanks and Regards,
praveen,

Are you able to connect to AD over SSL through some LDAP Browser ?
Check the validity of Certificate ?
Does your certificate appear in the list ?

Provisioning users to AD groups in OIM 11gR2

Similar Messages

Maybe you are looking for