SJSDS recon issue with oim 11g

Similar Messages

• IPlanet Target Recon issue in OIM 11g

  Hi,
  I have a user in OIM and iPlanet. Normally we used to link the user from iPlanet to OIM while running iPlanet Target Recon scheduler. It was working before, suddenly we are getting the below error.
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: EnterpriseDirectory from cache>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <Failed to load profile from MDS /db/EnterpriseDirectory. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/EnterpriseDirectory".>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <*Failed to load profile from MDS /db/EnterpriseDirectory_backup. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object* "/db/EnterpriseDirectory_backup".>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012122> <Reading configurations from the database for object name EnterpriseDirectory>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: tos not null>
  <Error> <oracle.iam.reconciliation.impl> <IAM-5010000> <Generic Information: {0}
  oracle.iam.reconciliation.exception.ConfigException: java.lang.NullPointerException
  at oracle.iam.reconciliation.impl.config.ProfileManager.lookupProfile(ProfileManager.java:174)
  at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.getProfile(ReconOperationsServiceImpl.java:2013)
  at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:367)
  at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:355)
  at Thor.API.Operations.tcReconciliationOperationsIntfEJB.ignoreEventx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
  at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
  at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy572.ignoreEventx(Unknown Source)
  at Thor.API.Operations.tcReconciliationOperationsIntfEJB_troehf_tcReconciliationOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
  at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
  We haven't deploy any patches recently and no major changes in that environment.
  Please help me to fix this issue.

  Kevin,
  I have deleted those three files from MDS and tried to recreate reconciliation profile. It throws below same error
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Unable to delete backup profile : /db/EnterpriseDirectory_backup, moving forward ...>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Unable to delete, as profile does not exist : /db/EnterpriseDirectory moving forward ...>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <Failed to load profile from MDS /db/EnterpriseDirectory. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/EnterpriseDirectory".>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <Failed to load profile from MDS /db/EnterpriseDirectory_backup. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/EnterpriseDirectory_backup".>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012122> <Reading configurations from the database for object name EnterpriseDirectory>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: tos not null>
  <Error> <XELLERATE.SERVER> <BEA-000000> <Error encountered during recon profile creation
  oracle.iam.reconciliation.exception.ConfigException: java.lang.NullPointerException
  at oracle.iam.reconciliation.impl.config.ReconPostImportConfigHandler.reconUpdate(ReconPostImportConfigHandler.java:153)
  at oracle.iam.reconciliation.impl.config.ReconPostImportConfigHandler.configure(ReconPostImportConfigHandler.java:110)
  at com.thortech.xl.dataobj.tcOBJ.configureReconProfile(tcOBJ.java:115)
  at com.thortech.xl.ejb.databeansimpl.tcOBJBean.configureReconProfile(tcOBJBean.java:80)
  It is trying to delete those files from MDS first before start creating new one. though it was not there it throws those exceptions. This is what I'm guessing.
  I have added filename like EnterpriseDirectory and EnterpriseDirectory_backup under /db/..... location and tried to recreate recon profile. I got the following information in logs
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Operation DELETE on MetadataObject /db/EnterpriseDirectory_backup>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Operation DELETE on MetadataObject /db/EnterpriseDirectory>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Operation CREATE on MetadataObject /db/EnterpriseDirectory_backup>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <*Failed to load profile from MDS /db/EnterpriseDirectory*. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/EnterpriseDirectory".>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012131> <Performing XML schema validation on EnterpriseDirectory>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012122> <Reading configurations from the database for object name EnterpriseDirectory>
  <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: tos not null>
  <Error> <XELLERATE.SERVER> <BEA-000000> <Error encountered during recon profile creation
  oracle.iam.reconciliation.exception.ConfigException: java.lang.NullPointerException
  It is deleting the existing file and creating EnterpriseDirectory_backup file only and tried to load EnterpriseDirectory file inside /db/ location before creating the file.
  Correct me if I'm wrong.
  MDS repository holds the path of file name and where it needs to store but in backend in which format it is storing all xml files, any idea?
  Edited by: S.K.N on Jun 4, 2012 7:02 PM

• After new weblogic domain configuration with oim 11g, not able to login

  After new weblogic domain configuration with oim 11g, not able to login for the frist time as xelsysadm.
  it says invalid sign in. and in logs it says password is invalid.
  Please help me in asap...

  Thanks Pallavi for the effort. I tried commenting out, its still the same. It do not throw exception this time. However, It tells me that the recon event is completed and linked to user. When I go to user's profile, I dont see the resource provisioned.
  Also,
  The Account ID in recon manager of Web Console and the Account ID that is stored in the tables, doesn't match.
  I wrote a custom code to fetch account and user details and here is the output,
  User Key : 13 -- has Login Id : USER_CS
  Account with account key : 49 is with user key : [USER_CS]
  Getting Account Data......
  {UD_TEST_1P_EMPLOYEENUMBER=1567, UD_TEST_1P_NAME=Kim1}
  However the Account Id in recon manager is : 91
  This seems fine.
  Doesn't this mean, the account is reconciled successfully?
  The problem is that, I am not able to see this resource in User's resource profile.
  Edited by: Shashi kiran on Apr 18, 2013 3:56 PM

• Issue with OEM 11g

  Hi All,
  I am facing issue with OEM 11g. It was went down automatically, however i am not able to find the specific reasons. As of now it has been started.
  But in want to know the reasons why it was went down. Please guide me how to troubleshoot.
  Thanks

  Hi,
  emctl.log
  29281 :: Tue Oct 25 08:34:37 2011::AgentStatus.pm:emdctl status returned 3
  19917 :: Thu Dec 15 19:40:11 2011::AgentStatus.pm:Processing status agent
  19917 :: Thu Dec 15 19:40:12 2011::AgentStatus.pm:emdctl status returned 3
  "emagent.log"
  2011-12-14 20:37:07,994 Thread-894492032 [Cluster Database] InstanceProperty (DBVersion) is marked OPTIONAL but is being used (00506)
  2011-12-14 20:37:08,008 Thread-894492032 [Load Balancer Switch] InstanceProperty (snmpTimeout) is marked OPTIONAL but is being used (00506)
  2011-12-14 20:37:12,582 Thread-894492032 EMAgent started successfully (00702)
  2011-12-15 15:32:21,924 Thread-1112975680 <HTTP Listener> Agent Signaled to EXIT by emctl (00800)
  2011-12-15 15:32:22,960 Thread-894492032 EMAgent normal shutdown (00703)
  2011-12-15 15:32:36,318 Thread-654290304 Starting Agent 10.2.0.4.0 from /app/oracle/PROD/db/tech_st/11.1.0 (00701)
  2011-12-15 15:32:37,001 Thread-654290304 [Database Instance] InstanceProperty (DBVersion) is marked OPTIONAL but is being used (00506)
  2011-12-15 15:32:37,165 Thread-654290304 [Cluster Database] InstanceProperty (DBVersion) is marked OPTIONAL but is being used (00506)
  2011-12-15 15:32:37,228 Thread-654290304 [Load Balancer Switch] InstanceProperty (snmpTimeout) is marked OPTIONAL but is being used (00506)
  2011-12-15 15:32:39,828 Thread-654290304 EMAgent started successfully (00702)
  2011-12-15 15:32:21,924 Thread-1112975680 WARN http: -1,5: nmehl_httpListener: signaled to exit from emctl
  2011-12-15 15:32:22,960 Thread-1112975680 WARN : Signalled to Exit Normally. Signaled to exit from emctl
  2011-12-15 15:32:36,322 Thread-654290304 WARN http: snmehl_connect: connect failed to (odbivprod.ivcf.org:1158): Connection refused (error = 111)
  2011-12-15 15:32:36,322 Thread-654290304 ERROR pingManager: nmepm_pingReposURL: Cannot connect to https://odbivprod.ivcf.org:1158/em/upload/: retStatus=-32
  2011-12-15 15:32:36,356 Thread-654290304 WARN command: Job Subsystem Timeout set at 600 seconds
  2011-12-15 15:32:36,399 Thread-654290304 WARN upload: Upload manager has no Failure script: disabled
  2011-12-15 15:32:36,672 Thread-654290304 WARN metadata: Name FileSystems has already been used
  2011-12-15 15:32:36,672 Thread-654290304 WARN metadata: Name FileSystems has already been used
  2011-12-15 15:32:36,954 Thread-654290304 WARN metadata: Metric waiting_sessions does not have any data columns
  2011-12-15 15:32:36,954 Thread-654290304 WARN metadata: Metric session_wait_chains does not have any data columns
  2011-12-15 15:32:36,954 Thread-654290304 WARN metadata: Metric hung_system_traces does not have any data columns
  2011-12-15 15:32:37,019 Thread-654290304 WARN metadata: Metric osm_diskGroupPolicies does not have any data columns
  2011-12-15 15:32:37,285 Thread-1116055872 ERROR : (nmecmgr.c,3210):Memory 0x0 encountered, expect struct_id=11011
  2011-12-15 15:32:37,286 Thread-1122355520 ERROR : (nmecmgr.c,3210):Memory 0x0 encountered, expect struct_id=11011
  2011-12-15 15:32:37,286 Thread-1125505344 ERROR : (nmecmgr.c,3210):Memory 0x0 encountered, expect struct_id=11011
  2011-12-15 15:32:37,338 Thread-1119205696 ERROR : (nmecmgr.c,3210):Memory 0x0 encountered, expect struct_id=11011
  2011-12-15 15:32:37,451 Thread-1119205696 WARN TargetManager: Query returned 0 rows (only one expected) for the dynamic property from_cluster
  2011-12-15 15:32:37,451 Thread-1119205696 ERROR : (nmecmgr.c,3210):Memory 0x0 encountered, expect struct_id=11011
  2011-12-15 15:32:37,480 Thread-1119205696 ERROR : (nmecmgr.c,3210):Memory 0x0 encountered, expect struct_id=11011
  2011-12-15 15:32:37,481 Thread-1119205696 ERROR : (nmecmgr.c,3210):Memory 0x0 encountered, expect struct_id=11011
  2011-12-15 15:32:37,544 Thread-1125505344 ERROR : (nmecmgr.c,3210):Memory 0x0 encountered, expect struct_id=11011
  2011-12-15 15:32:37,550 Thread-1125505344 ERROR : (nmecmgr.c,3210):Memory 0x0 encountered, expect struct_id=11011
  2011-12-15 15:32:37,555 Thread-1125505344 ERROR : (nmecmgr.c,3210):Memory 0x0 encountered, expect struct_id=11011
  Edited by: Vinod Ranjan on 15 Dec, 2011 9:40 PM

• Issue with OIM AD Trusted Recon

  Hi All,
  I am using OIM 11g BP05 and Active Directory Connector 11.1.1.5.0 version.
  While running the Active Directory User Trusted Recon, I am getting below exception in logs:
  <Dec 17, 2012 12:36:08 PM PST> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.RECON.SEARCHRECONTASK> <BEA-000000> <oracle.iam.connectors.icfcommon.recon.SearchReconTask : handle : Recon event skipped>
  <Dec 17, 2012 12:36:09 PM PST> <Error> <oracle.iam.reconciliation.impl> <IAM-5010000> <Generic Information: {0}
  oracle.iam.reconciliation.exception.InvalidDataFormatException: Required column name RECON_RECON_OBJECTGUID and value does not exist
       at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.checkRequiredColValue(ReconOperationsServiceImpl.java:1918)
       at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.convertReconFieldsToOIMFields(ReconOperationsServiceImpl.java:1506)
       at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:371)
       at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:356)
       at Thor.API.Operations.tcReconciliationOperationsIntfEJB.ignoreEventx(Unknown Source)
       at sun.reflect.GeneratedMethodAccessor1393.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
       at java.lang.reflect.Method.invoke(Method.java:611)
       at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  I have already added the field RECON_OBJECTGUID in the RO and mapped it in Process Definition and also created the reconcilliation profile. I don't know why it's looking for RECON_RECON_OBJECTGUID. I tried creating this column too in RO and did all the mapping and after that, its give the same error but column name is now RECON_RECON_RECON_OBJECTGUID.
  Any pointers on this issue?
  Regards,
  Sunny
  Edited by: delhi on Dec 17, 2012 3:02 PM

  My Mistake, I was making RECON_OBJECTGUID as requiered field.

• OIM API portablity issue  with OIM 9.1 / Weblogic 10.3

  Hi , We have a existing piece of code which does some User Mutation through OIM API.
  [I am not well versed with OIM ]
  The code was running fine with Weblogic 8.3 and previous OIM version.
  Here is the piece of code.
  logger.info("Initializing OIM Params from config location:" oimConfigFileUtil.getOIMConfigBase());+*
  +          System.setProperty("XL.HomeDir", oimConfigFileUtil.getOIMConfigBase().getAbsolutePath());+
  +          System.setProperty("java.security.auth.login.config", oimConfigFileUtil.getOIMAuthWLFile().getAbsolutePath());+
  +          ConfigurationClient.ComplexSetting configClient = ConfigurationClient.getComplexSettingByPath("Discovery.CoreServer");+
  +          env = configClient.getAllSettings();+
  *+          try {+*
  +               oimAccessFactory = new tcUtilityFactory(env, oimConfigFileUtil.getUserID(), oimConfigFileUtil.getPassword());+
  I traced all the dependecy's for this piece of code.
  If I run this with Weblogic.jar[8.1] it gives me
  java.io.InvalidClassException: com.thortech.xl.dataaccess.tcDataSet; local class incompatible: stream classdesc serialVersionUID = -5446056666465114187, local class serialVersionUID = -8857647322544023100*
  With the compatablity issue I substituted with weblogic.jar:10.3 , now its giving me all classpath issues.
  Can someone layout the exact jars that are required for this to work?
  Thanks
  Vignesh

  Installl a Design Console. Copy any files that are required. Then take the class paths that are listed in the classpath and basecp files and put those into your application classpath files.
  -Kevin

• SOAP API integration problem with OIM 11g R1

  Hi,
  We're facing a problem when we are attempting to provision for a third party Web Service application in OIM 11g R1.
  During development and test running in an IDE environment, JDeveloper, the soap wsdl requests are triggered and a response is received successfully. However, when we shift the work and integrate it with OIM using design console, there seems to be an error indicating an invalid wsdl location. We have used the super class Exception, in try-catch block for handling of the exceptions. Please see the log message.
  Xl Home Dir :/oracle/Middleware/Oracle_IDM1/server
  Running CREATEUSERTASK
  Target Class = org.identityconnectors.Provisioning.QuickShareUserProvisioning
  URL : XXXXX
  User ID : XXXX
  Password : XXXX
  ERROR: Invalid wsdl location robi/XXXX_saved_wsdl.wsdl
  When we simply run the jar file from the command line, it gives us, java.lang.NoClassDefFoundError: javax/xml/rpc/Service
  [oracle@idmlab JavaTasks]$ java -jar archive1.jar
  URL : XXXXX
  User ID : XXXX
  Password : XXXX
  Exception in thread "main" java.lang.NoClassDefFoundError: javax/xml/rpc/Service
  at java.lang.ClassLoader.defineClass1(Native Method)
  at java.lang.ClassLoader.defineClassCond(ClassLoader.java:631)
  at java.lang.ClassLoader.defineClass(ClassLoader.java:615)
  at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
  at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
  at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
  at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
  at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
  at org.identityconnectors.Provisioning.QuickShareUserProvisioning.createUser(QuickShareUserProvisioning.java:41)
  at org.identityconnectors.Provisioning.QuickShareUserProvisioning.main(QuickShareUserProvisioning.java:215)
  Caused by: java.lang.ClassNotFoundException: javax.xml.rpc.Service
  at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
  at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
  ... 14 more
  Any help or suggestion, appreciated!
  Thanks
  Tamim Khan

  Hi Kevin,
  Thanks a lot for the response. But, when i deployed the composite SAR in to the server from Jdeveloper, i checked the option to "Overwrite any existing composite with same revision ID". SO, i used the same revision ID (Say 1.0), will this also need to be disabled?
  Thanks,
  Srini

• ESSO PG Connector Issue in OIM 11G

  I setup ESSO Provision Gateway Connector in OIM 11G.
  But during "add credential task" I get error:
  "*The add_credential execution failed. Error: Error in sending instruction from provisioning manager in Api Command (400) Bad Request. Add Credential Command failed to get invoked*".
  In Event Log of the Windows Server 2008 with the Provision Gateway I saw:
  "*Unexpected end tag. Line 6, position 1015*", "*server cannot clear headers after http headers have been sent*".
  It means a syntax error in xml request of connector to web-service of Provision Gateway.
  Wireshark shows me sent xml-request:
  "<?xml version="1.0" encoding="UTF-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <soapenv:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
  <wsse:UsernameToken><wsse:Username>cn=adm,o=petro</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">12345678</wsse:Password><wsse:Nonce>QFJ903k1GFWnAoqZ/Npijg==</wsse:Nonce><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2010-12-07T11:47:02.502Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header><soapenv:Body><AddCredential xmlns="http://passlogix.com/UP/"><strRequest>&lt;?xml version = '1.0' encoding = 'UTF-8'?&gt;
  &lt;addRequest&gt;&lt;attributes&gt;&lt;attr name="objectclass"&gt;&lt;value&gt;urn.oasis.names.tc:SPML:1:0#GenericString&lt;/value&gt;&lt;/attr&gt;&lt;attr name="provisioningAgent"&gt;&lt;value&gt;Provisioning Agent&lt;/value&gt;&lt;/attr&gt;&lt;attr name="ssoUserId"&gt;&lt;value&gt;SGP63234&lt;/value&gt;&lt;/attr&gt;&lt;attr name="creationTime"&gt;&lt;value&gt;2010-12-07 11:47:02.491Z&lt;/value&gt;&lt;/attr&gt;&lt;attr name="executionTime"&gt;&lt;value&gt;2010-12-07 11:47:02.490Z&lt;/value&gt;&lt;/attr&gt;&lt;attr name="applicationId"&gt;&lt;value&gt;SAP&lt;/value&gt;&lt;/attr&gt;&lt;attr name="userId"&gt;&lt;value&gt;EBELOV&lt;/value&gt;&lt;/attr&gt;&lt;attr name="description"&gt;&lt;value&gt;SAP&lt;/value&gt;&lt;/attr&gt;&lt;attr name="password"&gt;&lt;value&gt;Q123&lt;/value&gt;&lt;/attr&gt;&lt;attr name="thirdField"&gt;&lt;value&gt;888&lt;/value&gt;&lt;/attr&gt;&lt;/attributes&gt;&lt;/addRequest&gt;</strRequest></AddCredential></soapenv:Body></soapenv:Envelope>*</#document>*"
  I saved it to xml-file and opened in Internet Explorer and there was error.
  Then I decided to watch the view of this request in OIM 9.1.0.2 to compare with request in OIM 11G.
  I found out next one:
  the main difference was in last tag "*</#document>*".
  I take this tag off from xml-file, taken from request of OIM 11G and saved the file.
  Edited xml-file was correct.
  Is it error in connector or in OIM 11G?How to solve it?Can anyone help me?

  Hi!
  I get the same error during Add Credential task with the ESSO PG connector in OIM 11g.....
  The add_credential execution failed. Error: Error in Sending instruction from the provisioning manager in API Command  (400)Bad Request.
  com.passlogix.integration.provision.client.CommandInvocationException: Error in Sending instruction from the provisioning manager in API Command  (400)Bad Request
  Where I can check the xml file?
  You could solve the problem?
  Thanks in advance!!!

• AD Password Sync connector 9.1.1 With OIM 11g R2 - ERROR OVER SSL

  I have set up AD password sync with from AD to OIM 11G R2
  The password syncs from AD to OIM 11G R2 on non ssl port 389.
  But if fails on SSL Port 636.
  Errors in OIMMain.Log:_
  Debug [10/11/2012 10:49:34 AM] Inside ConnectToADSI
  Debug [10/11/2012 10:49:34 AM]
  ldap_connect failed with
  Debug [10/11/2012 10:49:34 AM] Server Down
  Debug [10/11/2012 10:49:34 AM]
  Steps Carried Out thus far:_
  AD is up and running.
  Configured AD Password Sync Connector on 636 and selected ssl.
  Created Certificate on OIM host, configured custom identity key store on weblogic. Restarted Weblogic.
  Imported Certificate to AD. After this, restarted the AD
  I can Telnet port 636 from OIM Box and also connect to AD through LDAP Browser on 636 and view OU and CN, so this seems fine.
  Provisioning from OIM through Connector Server to AD works over SSL and this works fine.
  Help would be appreciated.
  Many Thanks

  This question is now been fixed.
  Instead of explicitly stating 636 for SSL,
  Use the same port 389 for ssl and also configured oim port to be 140001 which is the ssl port for oim in the configuration of OIM Password Sync.
  Export Certificates from AD to java security keystore and to weblogic keystore
  Export .pem certificate created on OIM host machine to AD.
  Restart weblogic, oim and AD
  Everything would work fine.
  For all the other information, refer to doc.
  Thanks

• Iplanet process form issue in OIM 11g

  Hi,
  When I try to provision a user to iPlanet. It throws below error in OIM Admin console itself in OIM 11g
  This resource is not configured correctly. Contact your System Administrator.
  Form does not have any fields defined.
  I'm not able to see my process form when I try to provision, eventhough I have fields over there. I'm assumption is there is some problem with Process Definition and Process form linkage for iPlanet resource. I don't think OIM will allow to attach new process form in current process defiintion. Correct me If I'm worng.
  Is there any way to check this linkage from backend. any queries available to check from OIM DB?
  Pls help me to fix this?

  Hi,
  When I try to provision a user to iPlanet. It throws below error in OIM Admin console itself in OIM 11g
  This resource is not configured correctly. Contact your System Administrator.
  Form does not have any fields defined.
  I'm not able to see my process form when I try to provision, eventhough I have fields over there. I'm assumption is there is some problem with Process Definition and Process form linkage for iPlanet resource. I don't think OIM will allow to attach new process form in current process defiintion. Correct me If I'm worng.
  Is there any way to check this linkage from backend. any queries available to check from OIM DB?
  Pls help me to fix this?

• Queries Related with OIM 11g

  Hi Experts,
  I have few basic queries related with OIM 11.1.1.3
  1) Can we use GTC connector to export data of users (Newly created users on daily basis) to CSV file?
  I think No, But just wanted to confirm with you guys.
  2) The LdapConfig utils in OIM11.1.1.3 provides facility to replicate the users in OID. Like whenever I am creating a user in OIM..Its creating it in OID as well.
  My question here is:
  a) Since we dont have any process form here so how can i add a new attribute in the data which is getting created in OID through OIM? Like I want to provision a custome attribute along with existing attributes..how will i achieve this?
  b) In OIM11.1.1.3, In what scenario we can use OID connector and LdapConfig settings? Like..when to use connector..for provisoning data in OID.
  Rajiv,Kevin,Sunny...waiting for ur valuable inputs :)
  Regards,
  J
  Edited by: J_IDM on May 18, 2011 2:56 AM

  Thanks Rajiv,
  We have process form. We don't have Object Form but we have Request Dataset for that.
  But since my OID is configured using LdapConfig and I am not using OID connector. So I dont see any process form associated with my OID.
  How can i add new attribute here (Suppose carLicense I need to provision to OID)?
  You'll use OID connector when you'll have OID as a target system.
  Even I am not using any connector but my users are succesfully created in OID..using OIM 11g.
  So I just wanted to know..under what circumstances we should go for LdapConfig(Auto OID user creation) and OID connector in OIM 11g
  Thanks very much!!
  J

• Create user from trsuted recon fails in oim 11g

  Hi,
  Create user functionality is failing in OIM 11g becasue i am missing one field mapping and that is Role. I dont know which attribute of trusted recon should be mapped to OIM Role field. What mapping am i missing? I am getting below error in logs:
  Caused by: oracle.iam.platform.entitymgr.MissingRequiredAttributeException: [Role]
  at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.checkRequired(EntityManagerImpl.java:1510)
  at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:265)
  at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:241)
  at sun.reflect.GeneratedMethodAccessor2787.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMetho
  [2013-12-27T06:04:46.066-08:00] [oim_server1] [ERROR] [] [oracle.iam.reconciliation.impl] [tid: [ACTIVE].ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: b33006816923ec25:17564607:14333cadc4a:-8000-0000000000001f29,0] [APP: oim#11.1.2.0.0] The following exception occurred: {0}[[
  oracle.iam.reconciliation.exception.CreateException: oracle.iam.platform.kernel.EventFailedException: IAM-3051103:The create operation on user entity failed in action stage.:
  at oracle.iam.reconciliation.impl.EntityTypeHandler.create(EntityTypeHandler.java:98)
  at oracle.iam.reconciliation.impl.EntityTypeHandler.applyRule(EntityTypeHandler.java:76)
  at oracle.iam.reconciliation.impl.EntityTypeHandler.process(EntityTypeHandler.java:49)
  at oracle.iam.reconciliation.impl.ActionEngine.processEvent(ActionEngine.java:176)
  Caused by: oracle.iam.platform.kernel.EventFailedException: IAM-3051103:The create operation on user entity failed in action stage.:
  at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createEventFailedException(UserManagerUtils.java:278)

  Role is nothing but User Type(Full-Time Employee, Contractor...etc)

• Help required related with OIM 11g Email Notification

  Experts,
  I have a requirement where I have to pass the User's Password through autogenerated email.
  But I have a scenario where I dont have to provision any target resource for users..so i dont have access to Notification Tab for such kind of users.
  I thought of writing a custom Event Handler to send email using custom code.
  But IN OIM 11g , I found that Inside, Advanced->Notification Template-> Create User Self Service Notification … is getting triggered with UserID: $userLoginId<br> and its woking fine.
  But once I added Password: $password<br> In the same template, its not providing me the password.
  So I think the Parameters associated with this Event "Self register user" does not have $password.
  Is there any way to check which all parameters can be accessed in these Events?
  Also, what is the best way to send password to users who does not any target resources associated?
  Thanks,
  Regards,
  J

  Hi I am trying to get the Create User Self Service Notification template working but for some reason I get an error in the log saying unexpected error occured while sending notification. and I am not recieving any mails..I have done the following steps
  created an IT resource with the name same as the value of Email Server property
  have made the value of RequestNotification property 1
  is there anything else I need to do..
  Can you also give some details as to how you have created the IT Resource...is the authentication true/false if true does any username and password do..
  Thank you

• OIM-AD connector Issues in OIM 11g

  Hi
  We are trying to provision user from OIM 11G to AD using Administration Tab of Admin Console.
  As part of ADITResource configuration , follwoing fields are included.In the Enterprise manager OIM server log, we are getting the below error message.
  Error Message In Enterprise manager OIM server log -
  Module     OIMCP.ADCS
  Thread ID     [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'
  Message     com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks : createUser : Wrong Value Specified in Root Context of IT ResourceOr Organization DN_
  However, in Admin console Selfservice-->Task-->Provisioning -->Shows error as
  Response:Connection Error encountered
  Response Description:     Error encountered while connecting to target system
  We have sucessfully tested the connection using Diagnoistic Dashboard (XIMDD) & Ldap Browser.
  IT Resource Details-
  Parameter                               Value
  AD Sync installed (yes/no)                     no
  ADAM LockoutThreshold Value                5
  ADDisableAttr Lookup Definition                Lookup.ADProvisioning.DisableAttrLookup
  ADGroup LookUp Definition                     Lookup.ADReconciliation.GroupLookup
  Abandoned connection timeout                600
  Admin FQDN                               cn=administrator,cn=Users,dc=example,dc=com
  Admin Login                               administrator
  Admin Password                          ********
  Allow Password Provisioning                     yes
  AtMap ADGroup                          AtMap.ADGroup
  AtMap ADUser                               AtMap.AD
  AtMap Group                               AtMap.ADGroup
  Atmap ADOrg                               AtMap.ADOrg
  Backup Server URL                          [NONE]
  Connection pooling supported                false
  Connection wait timeout                     100
  Custom Attribute Name      
  CustomizedReconQuery      
  Inactive connection timeout                     600
  Initial pool size                               1
  Invert Display Name                          no
  LDAP Connection Timeout                     30000
  Last Modified Time Stamp                     0
  Last Modified Time Stamp Group                0
  Max pool size                               30
  Min pool size                               2
  Native connection pool class definition      
  OIM User UDF      
  Pool excluded fields      
  Pool preference                               Default
  Port Number                               389
  Remote Manager Prov Lookup                AtMap.AD.RemoteScriptlookUp
  Remote Manager Prov Script Path      
  ResourceConnection class definition           com.thortech.xl.integration.ActiveDirectory.ADResourceConnectionImpl
  Root Context                               dc=example,dc=com
  SSL Port Number                          636
  Server Address                               WIN-PEUB23TMMT4.example.com
  Target Locale: Country                     US
  Target Locale: Language                     en
  Target Locale: TimeZone                     GMT
  Target supports only one connection           false
  Timeout check interval                     100
  UPN Domain                               example.com
  Use Disable Attr                          false
  Use SSL                               false
  Validate connection on borrow                true
  isADAM                               no
  isUserDeleteLeafNode                          no
  For Organization we have selected ou=Test,dc=example,dc=com in our lookup defination
  Please suggest....
  Thanks

  It's not Key, it's the Scheduled Task attribute "IT Resource Name"
  Documentation: http://download.oracle.com/docs/cd/E11223_01/doc.910/e11197/using_conn.htm#CHDFBAAC
  Here is the documentation on the lookup format: http://download.oracle.com/docs/cd/E11223_01/doc.910/e11197/intro.htm#CHDHCCJD
  -Kevin

• Email issue in OIM 11g

  I have created one Task assignement adapter and assigned to one user (myself). I have enabled that Send Mail check box, However I am NOT getting email from OIM 11g.
  I have already defined EMail server IT resource details as below
  Authentication: False
  Server Name: &&&&&&&&
  User Login: xelsysadm
  User Password: xelsysadm
  Could you please let me know what could be the reason???

  I do not think so since We are able to send emails during AD provisioning in same domain.
  In my case Do I need to provide From address anywhere in OIM?
  Pls suggest.