Reconciliation from iPlanet in OIM 9.1.0

Hello folks,
Did anybody succed to bring the users from iPlanet into OIM 9.1.0? If there is somebody who can help me please let me know.
Have a nice day!
Razvan

Hello folks,
Did anybody succed to bring the users from iPlanet into OIM 9.1.0? If there is somebody who can help me please let me know.
Have a nice day!
Razvan

Similar Messages

  • Getting error during reconciliation from AD in OIM

    I am trying to reconcile one user from Active directory by using schdeled task.
    I have used search filter as (&(objectClass=user)(extensionAttribute8=123456))
    Getting following error:
    2011-08-16 11:22:07,183 DEBUG [OIMCP.ADCS] com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask : transformSingleMultivaluedData:: FINISHED
    2011-08-16 11:22:07,199 ERROR [XELLERATE.APIS] Class/Method: tcReconciliationOperationsBean/ignoreEventData encounter some problems: {1}
    java.lang.NullPointerException
    2011-08-16 11:22:07,199 ERROR [OIMCP.ADCS] ====================================================
    2011-08-16 11:22:07,199 ERROR [OIMCP.ADCS] com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask : processUserChange : java.lang.NullPointerException
    2011-08-16 11:22:07,199 ERROR [OIMCP.ADCS] ====================================================
    2011-08-16 11:22:07,199 ERROR [OIMCP.ADCS] ================= Start Stack Trace =======================
    2011-08-16 11:22:07,199 ERROR [OIMCP.ADCS] com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask : processUserChange
    2011-08-16 11:22:07,199 ERROR [OIMCP.ADCS] java.lang.NullPointerException
    2011-08-16 11:22:07,199 ERROR [OIMCP.ADCS] Description : java.lang.NullPointerException
    2011-08-16 11:22:07,199 ERROR [OIMCP.ADCS] Thor.API.Exceptions.tcAPIException: java.lang.NullPointerException
         at com.thortech.xl.ejb.beansimpl.tcReconciliationOperationsBean.ignoreEventData(Unknown Source)
         at com.thortech.xl.ejb.beansimpl.tcReconciliationOperationsBean.ignoreEvent(Unknown Source)
    Edited by: JRS on Aug 16, 2011 10:48 AM

    Looks everything fine to me.
    Reconciliation rule for AD user object is active and the rule as below
    User Logn is equals to ExtensionAttribute8
    OR
    objectGuid equals to objectGuid
    And we have key field is ObjectGuid attaribute
    Pls suggest what are other things to check. I need to resolve this ASAP.
    Thanks again..

  • User not created in OIM 11gr2 - trusted reconciliation from OID

    Hello,
    in my tests I'm trying to do a trusted reconciliation from OID to OIM.
    I checked the errors below in the log file and I checked the column on the database. The column is there but I can't understand why this error appear.
    I did a select on this table and this column is empty (select RA_USERLOGIN7C7B96D4 from RA_OIDTRUSTEDUSERBCBD344A).
    INFO: Generic Information: select USR_KEY from usr where USR_MIDDLE_NAME is null and USR_UDF_ORCLGUID=? and USR_FIRST_NAME=? and USR_EMAIL=? and USR_LAST_NAME=? and USR_STATUS=? and USR.USR_STATUS != 'Deleted' AND ((UPPER(USR.USR_LOGIN)=UPPER(RA_OIDTRUSTEDUSERBCBD344A.RA_USERLOGIN7C7B96D4)))
    INFO: Generic Information: Params = [CF7C29EE75F5A78FE040A8C084000DE8, orcladmin, orcladmin, orcladmin, Enabled]
    SEVERE: Generic Information: {0}
    oracle.iam.reconciliation.exception.DBAccessException: Failed SQL:: select USR_KEY from usr where USR_MIDDLE_NAME is null and USR_UDF_ORCLGUID=? and USR_FIRST_NAME=? and USR_EMAIL=? and USR_LAST_NAME=? and USR_STATUS=? and USR.USR_STATUS != 'Deleted' AND ((UPPER(USR.USR_LOGIN)=UPPER(RA_OIDTRUSTEDUSERBCBD344A.RA_USERLOGIN7C7B96D4))) =>PARAMS:: [CF7C29EE75F5A78FE040A8C084000DE8, orcladmin, orcladmin, orcladmin, Enabled]
    at oracle.iam.reconciliation.utils.DBAccessTemplate.executeQuery(DBAccessTemplate.java:71)
    at oracle.iam.reconciliation.impl.BaseEntityTypeHandler.executeSql(BaseEntityTypeHandler.java:508)
    at oracle.iam.reconciliation.impl.UserHandler.getMatchingKeys(UserHandler.java:601)
    at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:556)
    at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:535)
    at sun.reflect.GeneratedMethodAccessor3188.invoke(Unknown Source)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
    Caused by: java.sql.SQLSyntaxErrorException: ORA-00904: "RA_OIDTRUSTEDUSERBCBD344A"."RA_USERLOGIN7C7B96D4": invalid identifier
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
    at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
    at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
    at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
    After this error the log shows:
    SEVERE: oracle.iam.connectors.icfcommon.recon.SearchReconTask : handle : Recon event skipped
    oracle.iam.connectors.icfcommon.exceptions.OIMException: Thor.API.Exceptions.tcAPIException: Child tables only supported at account-level
    at oracle.iam.connectors.icfcommon.service.oim11.OIM11Reconciliation.processEvent(OIM11Reconciliation.java:101)
    Please help me on this and tell me if I am missing something here.
    Thanks

    I've found something that worked for me. When executing the trusted recon schedule task, the "Configuration Lookup" field in the "OID Server" IT Resource has to have the value "Lookup.OID.Configuration.Trusted". On the other hand, when executing the user sync recon schedule task, this field must have the value "Lookup.OID.Configuration.Trusted".
    The lookups' names can be different if you've manually renamed them.
    --jtellier                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  • Reconciling from OVD to OIM

    Hi,
    I need to pull users from OVD to OIM and later provision them to ADAM. I am at the first part of implementation now, reconciliation from OVD to OIM. Unfortunately, OVD is not a predefined connector in OIM connector pack and hence I would not have the privilege of predefined XML files which have everything setup :(
    My OVD is integrated with a OU in iPlanet and I want OIM to pull users from OVD. Can I use the iPlanet connector definitions (forms, adapters, processes, etc.) directly after configuring OVD IT resource and the resource object? or will I have to write an XML file for OVD similar to the standard one for iPlanet which has everything defined?
    What about the JAR files that are used for provisioning purposes? For instance, xliIPLanet.jar file needs to be copied to JavaTasks directory which contains adapter classes for the iPlanet provisioning process. If I use this JAR with OVD will it work? If not, what do I do to create a JAR for OVD?
    Please let me know the answer to this question. I am sure folks in this forum would have implemented a connector which is not in the OIM connector pack - what does one do then, is what I want to know.
    TIA, M.

    The standard IPlanet connector should work fine with OVD. For basic functionality the iPlanet connector will work with any LDAPv3 compliant directory.
    Best regards
    /M

  • Getting error in trusted recon from DB in oim 11g

    Hi,
    I am getting below error while running the trusted recon from DB in OIM 11g:
    [2013-12-25T23:27:33.033-08:00] [oim_server1] [ERROR] [] [oracle.iam.reconciliation.impl] [tid: OIMQuartzScheduler_Worker-7] [userId: oiminternal] [ecid: 0000KCGU85V2ZNK5qVCCyY1Ih5WC000002,1:21446] [APP: oim#11.1.2.0.0] Generic Information: {0}[[
    oracle.iam.reconciliation.exception.ReconciliationException: Exception occurred while inserting data into table RA_HRRECONTEMPROSS_GTC due to java.sql.SQLException: ORA-12899: value too large for column "IDAMPOC_OIM"."RA_HRRECONTEMPROSS_GTC"."RA_SERVICE_DT" (actual: 10, maximum: 7)
            at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl$1.process(ReconOperationsServiceImpl.java:429)
            at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl$1.process(ReconOperationsServiceImpl.java:407)
            at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
            at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
            at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
            at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
    Caused by: oracle.iam.platform.entitymgr.ProviderException: java.sql.SQLException: ORA-12899: value too large for column "IDAMPOC_OIM"."RA_HRRECONTEMPROSS_GTC"."RA_SERVICE_DT" (actual: 10, maximum: 7)
            at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:305)
            at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:241)
    Service date is a varchar field(VARCHAR 2 BYTE) in our trusted table. Its mapped to service date field in OIM 11g which is of type date.
    Please let me know if I need to change the field type in our trusted table.
    Note: The same configuration is working fine in OIM 9.x.
    Regards,
    Kalpana.

    Now, i went into IDM schema & altered date fields to VARCHAR2(30 CHAR) for all the date type attributes. Now, when I ran schedule job is worked fine and didnt got any errros. But now the trusted recon is not creating users. I dont know why users are not getting created. Can you please let me know which all things should be checked to make a recon a trusted recon so that it creates users.
    Thanks,
    Kalpana.

  • Reconciliation from HR

    Dear People,
    I will tell you the scenario that is the the typical in an IdM solution. We are reconciliating from HR (Meta4, PeopleSoft, etc). So, I have a doubt. We need to charge the manager. What happen when the manager is reconciled at the same time that the new user? For example:
    User1 is employee of Manager1. But in the recon events, it first loads User1 and then Manager1. As Manager1 isn't an user yet in OIM, the manager field will fail. So, if after then we throw a new full recon it will work because Manager1 is created now. Is there a way to make it in one step of the Trusted Source Recon event? My idea is to left a reconciliation, for example, 2 times per day, and that OIM can resolve this situations without getting inside the recon jar code.
    Thanks!

    I would probably create a UDF in User Object and store the manager ID in that UDF during recon. Then have a scheduled task that will read all users that have the UDF field populated during recon, set the manager ID field with value from UDF, reset the UDF and save the form. This will eliminate the issue of having Manager present in OIM before the user in reconciled.
    - Aman

  • Reconciliation from LDIF files

    Hello there,
    Can we perform reconciliation from ldif files? Is there anyway we can do that?
    I am trying to extract user profiles from Tivoli directory to OIM database. The output from tds is in the form of ldif.
    Thanks in advance.

    Absolutely, but you are going to need to write it yourself. You just need a scheduled task that reads in the ldif entries, converts them to hashmaps and call the appropriate tcReconciliationOperationsIntf methods to submit the events.
    Alternatively, convert the ldif to a csv (there are lots of scripts out there to do this and if you are handy with perl is it not difficult) and use the GTC flat file recon.

  • Custom code for Target Source Reconciliation from a flat file

    Hi Experts,
    I need help in writing a custom code for Target Source Reconciliation from a flat file to OIM. The flat file will contain account details for different application instances. I am working on 11gr2.
    Thanks,
    Subin

    All right, all right, not so quickly.
    I am at the stage of trying to put one dimension
    array. But I stuck in one place, this is the program:
    import java.io.*;
    public class FromFile {
    public static void main(String[] args) throws IOException {
    File inputFile = new File("mac.txt");
    FileReader in = new FileReader(inputFile);
    int c;
    for(int i = 0; i < 10; i++) {
         c = in.read();
    System.out.println(c);
    and I try to read: 1 2 3 4 from text file
    This is the result so far...
    49
    32
    50
    32
    51
    32
    52
    -1
    -1
    -1
    well,
    I think I know what's wrong. I must change ASCII numbers into
    ints. But I dont' know how to do it. Some nice book, or
    tutorial on streams would come in handy. Could you correct
    it?.

  • Problem with errorPage in page directive tag while proxying request from iPlanet to WebLogic

              Hi,
              We are using iPlanet 4.0 as the webserver and WebLogic 5.1 as the application server on different solaris machines. We have put our JSPs in the weblogic application server and proxy the requests from iplanet to weblogic.
              We are facing a problem with the errorPage in the 'Page Directive' tag of the JSP. We have given xxx.jsp as an 'errorpage' parameter in the page directive tag. If we directly access the JSP from the WebLogic, and there is an system error, the error page specified in the JSP is getting displayed. But if we access the JSP from iPlanet and there is an system error, instead of displaying the error page, iPlanet is asking whether we want to download the file. If we say yes it downloads the actual JSP code itself. We have defined the mime types in obj.conf file as well as mime.types for the iPlanet.
              If anyone knows how this can be solved, it would be of great help
              Regards,
              Krish
              

    How did you configure the obj.conf file? proxy by mime type or ppath? It
              seems errorPage.jsp was not proxyed and treated as a unknown mime type.
              Krishnaraja <[email protected]> wrote in message
              news:3a372d79$[email protected]..
              >
              > Hi,
              >
              > We are using iPlanet 4.0 as the webserver and WebLogic 5.1 as the
              application server on different solaris machines. We have put our JSPs in
              the weblogic application server and proxy the requests from iplanet to
              weblogic.
              >
              > We are facing a problem with the errorPage in the 'Page Directive' tag of
              the JSP. We have given xxx.jsp as an 'errorpage' parameter in the page
              directive tag. If we directly access the JSP from the WebLogic, and there is
              an system error, the error page specified in the JSP is getting displayed.
              But if we access the JSP from iPlanet and there is an system error, instead
              of displaying the error page, iPlanet is asking whether we want to download
              the file. If we say yes it downloads the actual JSP code itself. We have
              defined the mime types in obj.conf file as well as mime.types for the
              iPlanet.
              >
              > If anyone knows how this can be solved, it would be of great help
              >
              > Regards,
              > Krish
              

  • Can iDSIE (Meta-directory) be used as a single authentication point from iPlanet Web Server for multiple databases using direct "or" indirect connectors?

    Basically, the latest release of iPlanet Web Server forces the user/group information source to be an LDAP database. Currently, the user accounts are in Active Directory, NT, Oracle and NetWare Directory Service in this heterogeneous environment.
    What I am looking for is a meta-directory product which can do two things:
    1-Single authentiation point for users in mulitple databases from iPlanet Web Server.
    2-Single administration point for all of the databases listed above.
    For example, can I add/modify/delete a user account at the meta-directory level and have this propagate to all of the databases listed above reducing the administration to one meta-directory product?

    With an Virtual Directory solution, you can authenticate Iplanet Web Server against nearly anything including any LDAPv3 Directory Server, Microsoft Active Directory, Windows NT Domains, Oracle RDBMS, IBM DB2 RDBMS, Microsoft SQL, and others.
    All of this is done dynamically and doesn't require any heavyweight synchronization process. The Virtual Directory acts as a dynamic schema / DIT / data translation engine for different types of repositories.
    OctetString's Virtual Directory Engine is one such example. You can download a 30 day evaluation copy at:
    http://www.octetstring.com
    It will take you all of 30 minutes to get iPlanet Web Server authenticated against and using groups from things like Oracle RDBMS, Windows NT Domains, or Active Directory.

  • How to migrate SSL Certificate from iPlanet 6.0 to WLS 8.1

    We'd like to migrate our application from iPlanet 6.0 to WLS 8.1, however, we don't have any idea to migrate the cert from iPlanet to WLS, please advise. Thanks!

    Apple does not support intermediate iOS updates...you can only update to the latest iOS version that will run on your iOS device.  Therefore, you have to update to iOS 8.1, not 7.1.2.  The files appropriate to your device are only available in 8.1.

  • Migration from iplanet webserver to Sun Directory Server

    Hi,
    I have Oracle Iplanet WebServer Enterprise edition V6.0 SP2 in my dev environment. I would want to migrate the system to Sun Java System Directory Server V6.0. I have looked up the migration guide for Sun DS V6.0. But i could not find any reference to Iplanet WebServers.
    Can anybody please let me know the migration procedure for migrating from Iplanet Server to Sun Directory server.
    Any help would be appreicated
    Thank you
    Nowfal

    Please ignore this question since we have dropped the plan to migrate, instead set a new DS instance from the beginning

  • Exporting Users From Iplanet Directory

    How do you export users from Iplanet Directory Server so that they can be imported into a MS Active Directory either 2000 or 2003?
    Any help would be appreciated with step by step instructions.
    Jippy35

    Thanks Andbrowny
    I gave it a go, but got a strange error, does this mean anything to you?
    admin$ sudo ldapsearch -LLL -H ldap://127.0.0.1 -b "cn=users,dc=my,dc=domain,dc=net" > userexport.ldif
    Password:
    SASL/GSSAPI authentication started
    ldapsasl_interactive_binds: Local error (-2)
    additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found)
    I suspect my OD is screwed, as slapd maxes out all 8 cores every few days, and takes out the mail server as a side effect.
    The Linux link wasn't applicable to this, all the commands and paths are different to MacOS X unfortunately.

  • Migration from iPlanet Web Proxy to ISA 2000

    Hi,
    I'm doing a project to migration from iPlanet Web Proxy 3.5 (AIX based) to ISA 2000 (Windows 2000). Anyone have experience can give me some idea to plan this migration?
    Which file in AIX iPlanet proxy store all the Filter URLs (Black list) ? And which file store all the users, groups with permissions?
    If you can refer me some "How to" documentation, I appreciate your help.
    Vince2008

    sriram already answered this pretty well, but as someone having been in the same situation (migrating from 6.0sp6 to 6.1sp8 a few months ago) I thought I'd chime in.
    obj.conf is not an issue whatsoever, since this file does not change in any way between the versions. This was a very nice discovery, and made our work a lot easier. :)
    magnus.conf is still pretty much the same, and using the migration tool in 6.1 will migrate server.xml and all other files properly, so that is absolutely the easiest way, if you have only a couple of configs. Us, we used it to generate a new template to see all changes, and then updated our internal configuration templates with the new look and generated all files on our own from there.
    You will need to modify magnus.conf manually afterward and update the path to the wlproxy though, since you should use proxy61.dll/so rather than proxy36.
    There are also quite a lot of entries in magnus.conf that are deprecated in 6.1, but still kept by the migration tool. Doesn't really hurt in any way, but that is my current task - cleanup.
    Regarding rollback, that depends on how you migrate. We wanted to use the same ports as well as windows service names (to avoid having to update all scripts), so we had to uninstall 6.0 before installing 6.1. But really, the possibilities you have here are so strictly decided by your network setup, uptime requirements, etc, that it is hard for anyone on the outside to answer.
    Edited by: David.Eriksson on Aug 18, 2008 1:54 AM

  • Migrating from  iplanet 6.0sp5 to S1WS6.1sp1

    Do we need license upgrade to move from iplanet 6.0sp5 to S1WS6.1sp1?
    Thanks in advance,
    Vijay

    Hi,
    Can you please confirm:
    1] What user you installed the original 6.0 Web Server as?
    2] What user you are running the original 6.0 Web Server as?
    3] What user you installed the new 7.0 Web Server as?
    4] What user you are running the new 7.0 Admin Server instance as?
    5] What platform your are running this all on?
    regards
    Tracey

Maybe you are looking for

  • Active Directory Web Services service terminated unexpectedly

    Hi everyone: I'm having a problem with the Active Directory Web Services service does not start. Attach the event ID: Log System: Log Name: System Source: Service Control Manager Date: 1/6/2015 6:55:19 PM Event ID: 7034 Task Category: None Level: Err

  • Anyone want a pretty background, masculine background, etc. ??

    I've been bored with the backgrounds on my iWeb pages and so decided to play around with some plain page templates that Suzanne Boben put together for any of us to download. Here's a link to results. You can use any photo and get any page theme backg

  • SAAJ and namespace

    Hi, I am having a problem in running SAAJ client for Axis running on Tomcat. My SAAJ code is as follows; SOAPConnectionFactory soapConnectionFactory = SOAPConnectionFactory.newInstance(); SOAPConnection connection = soapConnectionFactory.createConnec

  • DDI or DDK for Yes/No dropdown

    Hi Simple one this... I require a number of dropdowns (15) for Yes/No options. Should I use a dropdownbyIndex or dropdownbykey. If I use a dropdownbykey, am I right in thinking that I can use a domain that has X and space for a value and the Yes/No d

  • I can't  get my ipod touch to sync on my computer

    I plugged in my ipod touch as usual. Things were fine. Suddenly - all itunes downloads are gone.I am still registered with intunes