Regarding Password Sync

hi,
I have 3 solaris resources connected to IDM. I have assigened all these resources to one user with a password.
I tried changing the password from the IDM and tried logging in to solaris resources and I was successful.
Please let me know if i can do viceverse i.e. can i change the password in one of the solaris console so that it will get reflected in the remaining 2 solaris machines as well. Please suggest.

Hi!
In order to accomplish something like this you must develop a custom passwd command that will send of the password to IDM. The prefered way of doing this would be to use SPML as an approach.
Another option that i prefer to do/use is to educate the customer and set up IDM to be THE only place where users have to change and manage their password.
If you are curious about SPML, please see the documentation as part of the IDM which contains a section about using SPML with IDM and also see http://www.openspml.com.
Easiest however would be to go with the latter solution.
Hope my 2 cents will guide you.
//L

Similar Messages

Password Sync Connector for AD

Hello All,
I am newbie.
In my organization, we are trying to set up a password sync connector to change/update passwords iin microsoft active directory.
We are planning to have a simple form that interacts with OIM. And OIM provisions the password update to the corresponding user record in Active Directory.
Form has
Username:--
Old password:--
New password:--
After the password is updated in the OIM, I am not sure how to provision it to Active directory.
Please help me out with this.
Regards,
VSN

See this post.
Re: how to trigger update in oim attribute to resource
You'll need to trigger the password change from the OIM User Profile onto your target application form. This would then trigger the Password Updated task on that provisioning process definition.
-Kevin

Issue with installing password sync on Windows 2008

I have installed pwd sync 64 bit on Windows 2008. Configured it in direct mode (no jms). But when I change the password of a user it is not syncing with the IdM. We have the 32 bit pwd sync working fine on Win 2003. Is there any special steps for installing, configuring 64 bit pwd sync on Win 2008. Thanks. Jack

Hi again Tim-
Given the error "failed to crack URL" I believe you're hitting an issue we have documented as bug # 21999. Here's the jist of it and a possible way around it.
==========
When installing password sync on a Windows 2008 system, if you are not
logged in as 'Administrator', the installer and the configure applications
may be subject to Windows File And Registry Virtualization (FARV). This may
cause the registry entries for password sync to be written to the user portion
of the registry, rather than the system portion. Subsequently, password sync
will fail with the message "failed to crack URL".
To work around FARV, either run the MSI installer from a privileged cmd.exe
prompt, or run the configure.exe application using the "Run As Administrator"
functionality (right-click on the configure.exe application, select "Run As
Administrator").
==========
Hope this helps.
Regards,
Alex

Mapping file for Password Sync

The directions are -
Synchronizing Passwords from Oracle Internet Directory to Microsoft Active Directory - Before Active Directory Connector can synchronize passwords in this direction, do the following:
Add a mapping rule that enables password synchronization. For example:
Userpassword: : :inetorgperson:unicodepwd: :user
Req -
Can some one share there mapping file which they would have used for password Sync . you can mail it to me on [email protected]
Regards,
Rashid

Hi,
Below is the mapping I used :
DomainRules
cn=users,dc=test,dc=com:cn=users,dc=coreid,dc=test,dc=com
AttributeRules
# Organizational Unit Mapping
ou: : :organizationalunit:ou: : organizationalunit
# Container mapping
cn: : :orclcontainer: cn: :Container
#Domain cannot be exported
#name: : :domain: dc: :domain
cn:1: :inetorgperson:cn: :User
uid|cn: : :inetorgperson:SAMAccountName: :User
#orclSAMAccountName:1: :inetorgperson:SAMAccountName: :User: truncl(orclSAMAccountName,'$')
#cn:1: :inetortperson:SAMAccountName: :User
# attribute rule for mapping Active Directory LOGIN id
#mail: : :person:sn: :User:
mail: : :person:UserPrincipalName: :User:
# attribute rule for mapping entry and to create orclUserV2
# There should be a mapping rule with orcluserv2 objectclass
# without which the PORTAL may not function properly
sn: : :inetorgperson:sn: :person
givenname: : :inetorgperson:givenname: :person
cn: : :person:displayName: :person
# mail needs to be assigned valid value for default settings ing DAS
mail: : :inetorgperson:mail: :person
userpassword: : :inetorgperson:unicodepwd: :person:
cn: : :person:useraccountcontrol: :person:"512"
mobile: : :inetorgperson:mobile: :organizationalperson:
orclisenabled: : :inetorgperson:obuseraccountcontrol: :oblixOrgPerson:"ACTIVATED"
# GROUP ENTRY MAPPING RULES
cn: : :orclgroup:cn: :group:
# This will work successfully only when cn doesn't have any
# special characters associated with it.
cn: : :orclgroup:SAMAccountName: :group:
uniquemember: : :groupofuniquenames:member: :group:

DirSync with Password Sync - Account Expiry

Hi All,
New to Office 365 - Hence a basic question.
We have been exploring various DirSync options and considering DirSync with password sync at the moment.
The msdn documentation suggests DirSync with Password sync sets the account expiry to 'Never Expire'.
I understand we can also set account expiry for all tenant user accounts through Set-MsolPasswordPolicy cmdlet.
If I use this cmdlet for setting expiry to say 90 days, will password sync overwrite the account expiry to 'Never expire' on next synchronization?
Please advise.
Regards,
Ajay Suri

If you don't check the "Enable Password Sync"
checkbox, then the Azure password policies would apply, of course.
The attributes included in DirSync are listed
here.
Yes, when you use Dirsync, all attributes are mastered on-prem. This doesn't apply to passwords unless you check the box in #1. Also, this doesn't apply to objects created in Azure manually (i.e. ones that weren't/aren't synced).
Mike Crowley | MVP
My Blog --
Planet Technologies

OIM AD Password Sync issue

HI,
I am doing OIM 9.1.01 AD Password Sync.
I installed AD Password Sync connector in AD Machine. During installation it asked to mention OIM host name and SPML port for that i deployed SMPL in OIM using command line successfully.
While installation AD Password Sync Connector in Oracle Identity Manager Configuration Parameters i have given like these.
Host : rwoim
Port : 8080 (sample value)
Administrator Login :admin
Administrator Password: admin1234
OIM User Attribute : Users.User ID
OIM Application Server Type : WebLogic
Use SSL : Yes
Client Certificate Subject Name : TQL17
where in Port parameter (Enter the number of the port at which the Oracle Identity Manager SPML Web service is listening.
Sample value: 8080)
But i don't know which port SPML using and its enable or not in OIM server. I am strucked at installation.
Please give any one suggestion.
regards
Ramu

Hi Sagar,
i had success with OIM AD Password Sync process with AD Port 389 and SPML Port 7001 and passwords are updating from AD to OIM successfully.
From OIM over AD SSL passwords are updating in AD successfully.
But when again reinstalled the AD Password Sync connector with AD Port 636, passwords are not updating from AD to OIM.
Below the log file saying ldap_connect failed with
Debug [2/6/2012 5:25:35 PM] Server Down
***********Inside sgslldpcopenLDAPConnection****************
Debug [2/6/2012 5:25:35 PM] Inside sgsladac c-tor
Debug [2/6/2012 5:25:35 PM] AD Host
Debug [2/6/2012 5:25:35 PM] 10.129.149.137
Debug [2/6/2012 5:25:35 PM]
Debug [2/6/2012 5:25:35 PM] AD Port
Debug [2/6/2012 5:25:35 PM] 636
Debug [2/6/2012 5:25:35 PM]
Debug [2/6/2012 5:25:35 PM] AD Base DN
Debug [2/6/2012 5:25:35 PM] DC=oimad,DC=com
Debug [2/6/2012 5:25:35 PM]
Debug [2/6/2012 5:25:35 PM]
Debugging the code
Debug [2/6/2012 5:25:35 PM] Inside ConnectToADSI
Debug [2/6/2012 5:25:35 PM]
ldap_connect failed with
Debug [2/6/2012 5:25:35 PM] Server Down
Debug [2/6/2012 5:25:35 PM]
Debug [2/6/2012 5:25:35 PM]
Connection to AD failed
Debug [2/6/2012 5:25:35 PM]
***********Out of openLDAPConnection****************
Debug [2/6/2012 5:25:35 PM] Inside sgsladac destructor
regards
Ramu

OIM Password sync connector installation issue

Hi All,
I am trying to configure password synchronziation between OIM & Active Directory. while installing AD Password Sync connector on AD Host it is returniing following.
Error occurred while uploading prepAD.ldif. , please refer to %TEMP%\oimpwdsync.log. Please upload
prepAD.ldif to Active Directory Domain Controller before applying ACLs.
Kindly suggest me on this.
Regards,
Madhu

I'm also getting the same error.
This is the content of the log file :
(Apr 14, 2011 6:19:27 AM), Install, com.oracle.installshield.adpwd.pathValidator, dbg, Directory does not exists, will get created at the installation time
(Apr 14, 2011 6:19:38 AM), Install, com.installshield.product.actions.UninstallerJVMResolution, dbg.jvm, attempting to use the current JVM
(Apr 14, 2011 6:19:38 AM), Install, com.installshield.product.actions.UninstallerJVMResolution, dbg.jvm, searching for a JVM
(Apr 14, 2011 6:19:38 AM), Install, com.installshield.product.service.product.PureJavaProductServiceImpl$Installer, err, ProductException: (error code = 601; message="JVM not found")
STACK_TRACE: 8
ProductException: (error code = 601; message="JVM not found")
     at com.installshield.product.actions.JVMResolution.install(JVMResolution.java:171)
     at com.installshield.product.service.product.PureJavaProductServiceImpl$InstallProduct.checkUninstallerJVMResolution(PureJavaProductServiceImpl.java:4793)
     at com.installshield.product.service.product.PureJavaProductServiceImpl$InstallProduct.install(PureJavaProductServiceImpl.java:4554)
     at com.installshield.product.service.product.PureJavaProductServiceImpl$Installer.execute(PureJavaProductServiceImpl.java:3758)
     at com.installshield.wizard.service.AsynchronousOperation.run(AsynchronousOperation.java:41)
     at java.lang.Thread.run(Unknown Source)
(Apr 14, 2011 6:19:38 AM), Install, com.oracle.installshield.adpwd.execTool, err, Cannot run program "C:\Program": CreateProcess error=2, The system cannot find the file specified
(Apr 14, 2011 6:19:38 AM), Install, com.installshield.wizardx.ascii.ModifyFile, msg2, ASCII file C:\Program Files\oracle\OIMADPasswordSync\prepAD.ldif does not exist and will be created.
(Apr 14, 2011 6:19:38 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, gen exp
(Apr 14, 2011 6:19:38 AM), Install, com.oracle.installshield.adpwd.ldapModify, err, C:\Program Files\oracle\OIMADPasswordSync\prepAD.ldif (The system cannot find the file specified)
Anyone fixed it. I have checked JAVA env is set in my machine
C:\>echo %JAVA_HOME%
D:\oracle\Middleware\jdk160_14_R27.6.5-32
C:\>java -version
java version "1.6.0_12"
Java(TM) SE Runtime Environment (build 1.6.0_12-b04)
Java HotSpot(TM) Client VM (build 11.2-b01, mixed mode)
Did anyone fix the issue?

Error in AD Password Sync

Hi,
I am using OIM 9.1. I am using AD connector and AD password sync connector. (connector version 9.0.4.1.10) i have deployed AD connector as well as AD Passwod Sync connector. In xlconfig.xml file I have specified "USR_UDF_PASSSTATUS" as the field in which result should be set. When I am changing user's password in Active Directory, it is changing in OIM successfully but I am getting error in updating the status in the user field.
Following is the trace from log file:
24 Aug 2008 16:14:39 INFO Logger created
24 Aug 2008 16:14:39 INFO Triggering Password Synchronization mechanism
24 Aug 2008 16:14:39 INFO Value of the installedFlag=>true
24 Aug 2008 16:14:39 INFO Password Reset Installed..get the ITResourceType and ITResourceName
24 Aug 2008 16:14:39 INFO IT ResourceType Name=>AD Server
24 Aug 2008 16:14:39 INFO ITResourceName=>ADITResource
24 Aug 2008 16:14:39 INFO Logging to OIM server
24 Aug 2008 16:14:39 INFO Logging into OIM Server with an auth mechanism
24 Aug 2008 16:14:39 INFO Necassary Configurations read
24 Aug 2008 16:14:39 INFO Logging into OIM Server with uname/pwd based auth
24 Aug 2008 16:14:52 INFO Logging into OIM Server with uname/pwd based auth
24 Aug 2008 16:14:52 INFO Initializing API instances
24 Aug 2008 16:14:52 INFO Login completed
24 Aug 2008 16:14:52 INFO Get the value of IT Resource parameter
24 Aug 2008 16:14:52 INFO Set the value of IT Resource parameter to LDAP connection variables
24 Aug 2008 16:14:52 INFO Check whether the ADsync is activated through ADServer or OIM user
24 Aug 2008 16:14:52 INFO Inside checkOIMFlag
24 Aug 2008 16:14:52 INFO Going to connect AD
24 Aug 2008 16:14:52 INFO Successful connected to AD
24 Aug 2008 16:14:52 INFO Check the value of the customAtrributeName
24 Aug 2008 16:14:52 INFO Enumerate the attributes
24 Aug 2008 16:14:52 INFO objectGUID-->f0f668d90fc80645ac344dce042cf152
24 Aug 2008 16:14:52 INFO samName-->DES.DPOLICE126
24 Aug 2008 16:14:52 INFO userPrincipalName-->[email protected]
24 Aug 2008 16:14:52 INFO User Defined field value-->0
24 Aug 2008 16:14:52 INFO Custom Atrribute value is 0
24 Aug 2008 16:14:52 INFO return from checkOIMFlag
24 Aug 2008 16:14:52 INFO Password for this user needs to be updated through synchronization
24 Aug 2008 16:14:52 INFO userId--->DES.DPOLICE126
24 Aug 2008 16:14:52 INFO matchType--->UserID
24 Aug 2008 16:14:52 INFO Inserted DES.DPOLICE126 in Input
24 Aug 2008 16:14:52 INFO Find the user in OIM :
24 Aug 2008 16:14:52 INFO After findUser :: userRS.size : 1
24 Aug 2008 16:14:52 INFO User DES.DPOLICE126 = 1128
24 Aug 2008 16:14:52 INFO Set the value of UDF field to ADSYNCH_TRUE value
24 Aug 2008 16:14:52 INFO Going to update the USR_UDF_PWDCHANGEDINDICATION to ADSYNCH_TRUE
24 Aug 2008 16:14:52 INFO update the value of USR_UDF_PWDCHANGEDINDICATION to ADSYNCH_TRUE
24 Aug 2008 16:14:52 INFO Invoking OIM API for setting Password
24 Aug 2008 16:14:52 INFO Password changed
24 Aug 2008 16:14:52 ERROR Unable to update status
Thor.API.Exceptions.tcStaleDataUpdateException
     at com.evermind.server.rmi.RMICall.EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER(RMICall.java:109)
     at com.evermind.server.rmi.RMICall.throwRecordedException(RMICall.java:125)
     at com.evermind.server.rmi.RMIClientConnection.obtainRemoteMethodResponse(RMIClientConnection.java:571)
     at com.evermind.server.rmi.RMIClientConnection.invokeMethod(RMIClientConnection.java:515)
     at com.evermind.server.rmi.RemoteInvocationHandler.invoke(RemoteInvocationHandler.java:63)
     at com.evermind.server.rmi.RecoverableRemoteInvocationHandler.invoke(RecoverableRemoteInvocationHandler.java:28)
     at com.evermind.server.ejb.StatelessSessionRemoteInvocationHandler.invoke(StatelessSessionRemoteInvocationHandler.java:43)
     at __Proxy3.updateUser(Unknown Source)
     at Thor.API.Operations.tcUserOperationsClient.updateUser(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
     at Thor.API.Security.LoginHandler.oracleLoginSession.runAs(Unknown Source)
     at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
     at $Proxy0.updateUser(Unknown Source)
     at com.thortech.xl.integration.adpasswordsynch.ChangePassword.changePassword(Unknown Source)
     at com.thortech.xl.integration.adpasswordsynch.ChangePassword.main(Unknown Source)
24 Aug 2008 16:14:52 INFO Set the value of UDF field to ADSYNCH_FALSE value
24 Aug 2008 16:14:53 INFO Going to update the USR_UDF_PWDCHANGEDINDICATION to ADSYNCH_FALSE
24 Aug 2008 16:14:53 INFO changed the USR_UDF_PWDCHANGEDINDICATION to ADSYNCH_FALSE
24 Aug 2008 16:14:53 INFO Password synch over
24 Aug 2008 16:14:53 INFO Before System.exit(0):
Can someone please tell me why I am getting this error?
Thanks & Regards,
Yash Shah

Dont do any thing. just restart your machine,a dn re-configure, because first time passwordsync10.dll has not initialized on AD machine. after that just put same parameter value what you have given previously. it will work
same time verify if AD Authentication or xelsysadm Authentication is wrong

AD Password Sync connector functionality

Hi,
I have installed AD Password Sync connector as per the documentation. I have added the User Defined field USR_UDF_PWDCHANGEDINDICATION and also field USR_UDF_PASSSTATUS.
After installation I have done changes in the xlconfig.xml file and in that file under <Results></Results> tab i specified results to be shown in the USR_UDF_PASSSTATUS field.
now when i am changing the user's password in Active Directory natively then i can find from log that it is first setting the value of USR_UDF_PWDCHANGEDINDICATION filed to ADSYNC_TRUE and then after changing password in OIM, it is setting it back to ADSYNC_FALSE.
But I am getting error in updating USR_UDF_PASSSTATUS field... follwoing error come in log file:
22 Aug 2008 09:36:35 INFO Set the value of UDF field to ADSYNCH_TRUE value
22 Aug 2008 09:36:35 INFO Going to update the USR_UDF_PWDCHANGEDINDICATION to ADSYNCH_TRUE
22 Aug 2008 09:36:37 INFO update the value of USR_UDF_PWDCHANGEDINDICATION to ADSYNCH_TRUE
22 Aug 2008 09:36:37 INFO Invoking OIM API for setting Password
22 Aug 2008 09:37:01 INFO Password changed
22 Aug 2008 09:37:01 ERROR Unable to update status
Thor.API.Exceptions.tcStaleDataUpdateException
     at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.updateUserData(Unknown Source)
     at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.updateUser(Unknown Source)
     at com.thortech.xl.ejb.beans.tcUserOperationsSession.updateUser(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at org.jboss.invocation.Invocation.performCall(Invocation.java:345)
     at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:214)
     at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:149)
     at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:154)
     at org.jboss.webservice.server.ServiceEndpointInterceptor.invoke(ServiceEndpointInterceptor.java:54)
     at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:48)
     at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:106)
     at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:335)
     at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:166)
     at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:153)
     at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:192)
     at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
     at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
     at org.jboss.ejb.Container.invoke(Container.java:873)
     at sun.reflect.GeneratedMethodAccessor116.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
     at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
     at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
     at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245)
     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
     at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:805)
     at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:406)
     at sun.reflect.GeneratedMethodAccessor138.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
     at sun.rmi.transport.Transport$1.run(Transport.java:148)
     at java.security.AccessController.doPrivileged(Native Method)
     at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
     at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
     at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
     at java.lang.Thread.run(Thread.java:534)
     at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Unknown Source)
     at sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)
     at sun.rmi.server.UnicastRef.invoke(Unknown Source)
     at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
     at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:119)
     at org.jboss.invocation.InvokerInterceptor.invokeInvoker(InvokerInterceptor.java:227)
     at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:167)
     at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
     at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
     at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:97)
     at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:86)
     at $Proxy4.updateUser(Unknown Source)
     at Thor.API.Operations.tcUserOperationsClient.updateUser(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
     at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
     at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
     at $Proxy2.updateUser(Unknown Source)
     at com.thortech.xl.integration.adpasswordsynch.ChangePassword.changePassword(Unknown Source)
     at com.thortech.xl.integration.adpasswordsynch.ChangePassword.main(Unknown Source)
22 Aug 2008 09:37:01 INFO Set the value of UDF field to ADSYNCH_FALSE value
22 Aug 2008 09:37:01 INFO Going to update the USR_UDF_PWDCHANGEDINDICATION to ADSYNCH_FALSE
22 Aug 2008 09:37:01 INFO changed the USR_UDF_PWDCHANGEDINDICATION to ADSYNCH_FALSE
22 Aug 2008 09:37:01 INFO Password synch over
22 Aug 2008 09:37:01 INFO Before System.exit(0):
Also, when I am changing password in Active Directory in OIM, Change User Password is task run for Active Directory and it is updating the password in Active Directory again.
Can someone please tell me, is it proper functionality of AD Password Sync. Actually I am really confused with the functionality of this AD password sync connector.
Thanks & Regards,
Yash Shah

That is the problem...
When I installed the connector I didn't get any error and I get a message the connector was installed ok. I think I will reinstall it.
Thanks,
Renato

Password Sync not happening in AD with SSL 636

I am working on OIM 9.1.0. I followed the Connector Guide for Microsoft Active Directory Password Synchronization.(Connector version 9.1.1)
Configured AD with SSL. AD SSL Provisioning (636) is working fine.
Configuration of SSL on Weblogic was done (generation of keys, signing, export, etc) & imported the Certificate in AD.
Installed Password Sync on AD(389) without SSL & it worked.
I re-configured it to SSL (AD 636) but it shows errors
Can anyone give some info on it.
***********Inside sgslldpcopenLDAPConnection****************
Debug [2/9/2012 4:43:35 PM] Inside sgsladac c-tor
Debug [2/9/2012 4:43:35 PM] AD Host
Debug [2/9/2012 4:43:35 PM] 10.129.149.131
Debug [2/9/2012 4:43:35 PM]
Debug [2/9/2012 4:43:35 PM] AD Port
Debug [2/9/2012 4:43:35 PM] *636*
Debug [2/9/2012 4:43:35 PM]
Debug [2/9/2012 4:43:35 PM] AD Base DN
Debug [2/9/2012 4:43:35 PM] DC=oimpad,DC=com
Debug [2/9/2012 4:43:35 PM]
Debug [2/9/2012 4:43:35 PM]
Debugging the code
Debug [2/9/2012 4:43:35 PM] Inside ConnectToADSI
Debug [2/9/2012 4:43:35 PM]
ldap_connect failed with
Debug [2/9/2012 4:43:35 PM] Server Down
Debug [2/9/2012 4:43:35 PM]
Debug [2/9/2012 4:43:35 PM]
Connection to AD failed
Debug [2/9/2012 4:43:35 PM]
***********Out of openLDAPConnection****************
Debug [2/9/2012 4:43:35 PM] Inside sgsladac destructor
Debug [2/9/2012 4:43:36 PM] Datastore --- Connect to AD
Debug [2/9/2012 4:43:36 PM]
***********Inside sgslldpcopenLDAPConnection****************
Debug [2/9/2012 4:43:36 PM] Inside sgsladac c-tor
Debug [2/9/2012 4:43:36 PM] AD Host
Debug [2/9/2012 4:43:36 PM] 10.129.149.131
Debug [2/9/2012 4:43:36 PM]
Debug [2/9/2012 4:43:36 PM] AD Port
Debug [2/9/2012 4:43:36 PM] 636
Debug [2/9/2012 4:43:36 PM]
Debug [2/9/2012 4:43:36 PM] AD Base DN
Debug [2/9/2012 4:43:36 PM] DC=oimpad,DC=com
Debug [2/9/2012 4:43:36 PM]
Debug [2/9/2012 4:43:36 PM]
Debugging the code
Debug [2/9/2012 4:43:36 PM] Inside ConnectToADSI
Debug [2/9/2012 4:43:36 PM]
ldap_connect failed with
Debug [2/9/2012 4:43:36 PM] Server Down
Debug [2/9/2012 4:43:36 PM]
Debug [2/9/2012 4:43:36 PM]
Connection to AD failed
Debug [2/9/2012 4:43:36 PM]
***********Out of openLDAPConnection****************
Regards,
Praveen

Both the URLs are working & I configured the SSL one. Telnet to the port also happens with IP & hostname in OIM & Ad servers
http://pwoim:7001/spmlws/OIMProvisioning
https://pwoim:7002/spmlws/OIMProvisioning

Password Sync by ISW

Hi,
Password sync is not happening from AD to LDAP .user unable to login to the Directory server when a user changes their password by using ctrl+alt+del in AD with new password.But changing the password from LDAP then user can able to login to the AD system with new password. I found the below entry in error log file is
LDAP modify operation of entry uid=today,ou=People,dc=sso,dc=com failed at null. Error code: 65, reason: null" (Action ID=CNN101-126BBE825B4-17, SN=7) . can any one suggest this............?
Thanks and Regards
Santosh

Hi,
Error 65 is an object class violation. Usually it's because some required attribute is missing. AD have optional attributes that are mandatory in Sun Directory Server user entry. You should check the error log from Sun DS, maybe you will find more information about the error.
Vincent

OIM AD password Sync connector. Connection to AD through SSL

Hi.
I am trying to configure AD password sync connector 9.1.1.5 with patch 14627510 to connecto to AD through SSL.
At this moment, connector is able to connect to OIM through SSL but not to the AD. If i set AD port number to 389 on the connector configuration, everything works fine.
If i set it to 636, it is not able to connect to the AD.
I've imported the AD SSL certificate to <connector install directory>\OIMADPasswordSync\_jvm\lib\security\cacerts and restarted the domain controller but still no luck.
To test that the certificate and everything else is OK, i've also installed a jxplorer and imported the same certificate into <jexplorer install directory>\jxplorer321\security\cacerts. Jxplorer is able to connect to the AD through SSL on port 636 so user credentials, certificate, etc.. are ok
Connector documentation doesn't mention anything regarding SSL connection to AD, it only describes SSL connection to OIM.
Anyone has donde this before? Is there any additional step i should follow to enable SSL connection from AD password sync connector to AD? Does the connector support SSL connection to AD?
Regards.

have you tried importing the cert in cacerts under $JAVA_HOME?

AD password Sync connector .. LOAD Balanced

we are using AD password sync 9.0.4.x connector with 4 domain controllers. OIM is on 9.1.0.2. Is it possible to configure AD password sync with load balanced Domain Controllers. User are binding to all domain controllers. Please let me know how to achieve this. I am not able to find any document on this. Thanks
Akshay

In password synch the event stream is as follows:
User changes password on the user's machine
The user's machine contacts a "suitable" AD domain controller and updates the user password
The first AD domain controller contacts other AD DCs in order to replicate the change
At some point the AD DC that contains the OIM password synch client module gets updated
The AD password synch client module contacts OIM and updates the password in OIM
Unless you change the OIM AD password synch client you can't have the connection go through a load balancer. According to the connector manual section 2.2 Installing the Password Synchronization Module(http://download.oracle.com/docs/cd/E11223_01/doc.904/e10450.pdf) you can do this at install time but I don't know if it can be done post installation.
Best regards
/Martin

PASSWORD SYNC WITH AD

Hi All,
Please Help Regarding This Issue
I Cannot Resolve password sync with this AD
My Idm Version Is 9.1
My Active Directory Running on Windows 2003
=========================================================================================
My AD SYNC LOG
15 Sep 2008 19:05:51 INFO Logger created
15 Sep 2008 19:05:51 INFO Triggering Password Synchronization mechanism
15 Sep 2008 19:05:52 INFO Value of the installedFlag=>true
15 Sep 2008 19:05:52 INFO Password Reset Installed..get the ITResourceType and ITResourceName
15 Sep 2008 19:05:52 INFO IT ResourceType Name=> AD Server
15 Sep 2008 19:05:52 INFO ITResourceName=> ADITResource
15 Sep 2008 19:05:52 INFO Checking for OIM Server to synchronize password for the user--> IDMUSER
15 Sep 2008 19:05:52 INFO Port: 1099
15 Sep 2008 19:05:52 INFO Host: idmkuneh
15 Sep 2008 19:06:04 INFO OIM Server is up and running !!
15 Sep 2008 19:06:04 INFO Logging to OIM server
15 Sep 2008 19:06:04 INFO Logging into OIM Server with an auth mechanism
15 Sep 2008 19:06:04 INFO Necessary Configurations read
15 Sep 2008 19:06:04 INFO Logging into OIM Server with uname/pwd based auth
15 Sep 2008 19:06:04 INFO Finally !!
15 Sep 2008 19:06:04 INFO Before System.exit(0):
=========================================================================================
MY XLCONFIG.XML
- <xl-configuration>
<appServerName>jboss</appServerName>
- <Discovery>
- <CoreServer>
<java.naming.provider.url>jnp://idmkuneh:1099</java.naming.provider.url>
<java.naming.factory.initial>org.jnp.interfaces.NamingContextFactory</java.naming.factory.initial>
</CoreServer>
</Discovery>
- <Security>
- <XLSymmetricProvider>
- <KeyStore>
<Provider>com.sun.crypto.provider.SunJCE</Provider>
</KeyStore>
</XLSymmetricProvider>
- <XLPKIProvider>
- <KeyStore>
<Location>.xlkeystore</Location>
<Password encrypted="true">FlbwcjDZAB0hS3Q8F7PB4g==</Password>
<Type>JKS</Type>
<Provider>sun.security.provider.Sun</Provider>
</KeyStore>
- <Keys>
- <PrivateKey>
<Alias>xell</Alias>
<Password encrypted="true">FlbwcjDZAB0hS3Q8F7PB4g==</Password>
</PrivateKey>
</Keys>
<SignatureAlgorithm>SHA1withDSA</SignatureAlgorithm>
<SignatureProvider>sun.security.provider.Sun</SignatureProvider>
<VerifySigner>false</VerifySigner>
</XLPKIProvider>
</Security>
- 
- <ADSync>
- <Login>
<UseSignature>false</UseSignature>
<Username>xelsysadm</Username>
<Password encrypted="true">aPM3F6YImvbctkGkE4C4Ww==</Password>
</Login>
- <UserMatch>
- 
<MatchingMethod>UserID</MatchingMethod>
<FieldName>UD_ADUSER_LOGIN</FieldName>
<ResourceObject>AD User</ResourceObject>
</UserMatch>
- <Result>
<UpdateUDF>false</UpdateUDF>
<FieldName>USR_UDF_ADPWDRES</FieldName>
<SuccessValue>SUCCESS</SuccessValue>
<FailureValue>FAIL</FailureValue>
<AppendTimeStamp>true</AppendTimeStamp>
</Result>
- <ADConnectorConfig>
<Installed>true</Installed>
<ITResourceType>AD Server</ITResourceType>
<ITResourceName>ADITResource</ITResourceName>
</ADConnectorConfig>
</ADSync>
- <Cache>
- <XLCacheProvider>
<MultiCastAddress>10.10.10.30</MultiCastAddress>
</XLCacheProvider>
</Cache>
</xl-configuration>
=========================================================================================
Thanks Before
Gde

Which version of AD Connector and AD Pass Sync Agent are you using?
I think the Filed Name is now UD_ADUSER_UID.
Did you complete all the post installation steps of Password Sync Agent?

Transition from DirSync + Password Sync to ADFS

Hi All,
We are planning to move from DirSync + Password Sync to SSO using ADFS.
I am trying to understrand the transition steps required including user experience and any down time.
As I understand, when the ADFS infrastrucutre is ready and deployed and trust has been set up, the authentication will automatically move from cloud to the on-premises AD.
What I want to know is - what happens to passwords synchronized to Azure AD?
DO they remain their but not just used anymore?
Also, what will happen if we do not turn off the password sync option in DirSync.
Will it continue to sync the passwords although they will not be used for authentication?
Are there any guidelines available - blog/technet etc describing this transition please?
Regards,
Ajay Suri

Some information on the "Password Sync as a Backup" option:
http://social.technet.microsoft.com/wiki/contents/articles/17857.aad-sync-how-to-switch-from-single-sign-on-to-password-sync.aspx
Joseph Palarchio
http://www.itworkedinthelab.com

Regarding Password Sync

Similar Messages

Maybe you are looking for