Slow Sun IDM Reconciliation Performance

Similar Messages

• SUN IDM 8.1.0.3: performance tuning on SPARC platform

  Hi all!
  In our environment we have SUN IDM 8.1.0.3 on Sun SPARC Enterprise T5120 Server, 4 Core 1.2GHz UltraSPARC T2 processor, 4GB FBDIMM memory (4 1GB). As application server we use Sun GlassFish 2.1. In this configuration we have noticed that there is some performance issue: all IDM web pages are opened very slowly. For example, opening the page “Roles - > List Roles” takes about 20 seconds whereas in the virtual machine with 2.4 GHz x86 CPU and 1 Gb RAM opening this page takes about 3 seconds.
  I have performed Java JVM tuning on Sparc machine and has obtained throughput about 98% but the page is still open slow.
  I assume that problem is in the GlassFish tuning on Sparc platform.
  Does anybody have an experience in the GlassFish tuning on Sparc platform and can give some advice or links how I can do this?
  Or maybe anybody has other idea than tuning on Sparc platform which cause this performance issue?
  Any ideas are welcome.
  Thanks’ in advance!

  Where's your database for this located? On the same server or another server? It is more likely the database than Glassfish being the weak and slow link here unless badly tuned GC is taking up all the CPU cycles.

• SUN IDM with Windows Vista

  Hello,
  Has anybody tried installing SUN IDM with windows vista
  I tried IDM 7.1 with vista home premium and doesnt seem to work. Curious to know if any body has success with vista
  Awaiting replies
  Thanks,

  What error message are you getting?
  Have you installed Java and an apllication servers as requested?
  1) Set Up a Java Virtual Machine Software Development Kit and Java Compiler
  The application requires a Java compiler and a Java Virtual Machine (JVM) to run the Java classes that perform actions within Identity Manager. Both of these can be found in a Java SDK. Download from or http://java.sun.com/javase/downloads/index_jdk5.jsp *** You should add JAVA_HOME to your list of system environment variables and to your system path. To do this, add JAVA_HOME to your system environment and JAVA_HOME\bin to your path, making sure to list it before any other Java environment variables.
  2) Install Tomcat application server from official http://tomcat.apache.org/ to local hard drive. Configure Tomcat memory requirements and restart. Min: 256k

• SUN IDM 8.1 - Web Services MQ

  Hi
  I want to use Web Services using the MQ transport layer using SUN IdM 8.1.
  I believe SPML needs to be used but not sure.
  Is this something any one has tried before?
  If yes can you pls send me any relevant information.
  Thanks

  Where's your database for this located? On the same server or another server? It is more likely the database than Glassfish being the weak and slow link here unless badly tuned GC is taking up all the CPU cycles.

• SUN IDM

  Is it possible to install the Sun IDM apache tomcat web server in a different zone than the JBOSS web app container. If so can anyone provide documentation on how to do this

  Hi Arjun,
  Thanks for responding to my post.
  The search is working as expected in all 3 environments DEV,VAL and PROD.
  The search and alignment performed by the Rule where as DB connection and Saving to XLS performed by the custom JSP file.
  Since search is working fine I don't think any permissions issue with AD or LDAP.
  Couple of things I noticed from server.log from all environments
  SEVERE|sun-appserver2.1.1|javax.enterprise.system.container.web|_
  ThreadID=297;_ThreadName=httpSSLWorkerThread-9084-102;_RequestID=5efa3ecb-0ec9-4695-ab51-8049257b
  9d57;|StandardWrapperValve[jsp]: PWC1406: Servlet.service() for servlet jsp threw exception
  java.lang.IllegalStateException: PWC3991: getOutputStream() has already been called for this resp
  onse
  and
  WARNING|sun-appserver2.1.1|javax.enterprise.system.stream.err|_ThreadID=78;_ThreadName=Provisioner;_RequestID=531d32b0-6d9a-4
  3e-bd74-0bc9478ffdae;|org.xml.sax.SAXParseException: XML document structures must start and end within the same entity.
  at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
  This is logging when the custom jsp is executing.
  getOutputStream() has already been called for this response.
  I am not sure if this is the root cause, since it is logging in DEV and VAL also.
  Other things I noticed are.
  Yester day I conducted 10 tests and all are taking 6 min 18 sec or 6 min 19 sec or 6 min 22 sec.
  Also I noticed that the number of user records exported to xls depends on the transfer rate.
  For example,
  if the file download transfer rate is 1.50 KB then the user records are between 1200 to 1800 where as the search user records are 16590.
  if the file download transfer rate is 800 B then the user records are between 200 to 600 where as the search user records are 16590.
  Not sure where to check this time value(attribute) 6 min 18 sec..
  Please provide me some info where else I need to check.
  Thanks,
  Ravi.

• I'm about to buy a 27" i-Mac. I would like to connect my 30" Cinema Display to it as a second monitor. What will I need to do that? Will this slow down the overal performance?

  I'm about to buy a 27" i-Mac. I would like to connect my 30" Cinema Display to it as a second monitor. What will I need to do that? Will this slow down the overall performance?

  The new iMacs do not come with a MiniDisplayPort, they have Thunderbolt, so unless you are talking about purchasing one of the previous generation iMacs such as this refurbished model in the online Apple store, it won't work. And yes, if you are going to get the full range of video resolutions you will need the Dual-Link version.
  For details see the store's web page on the Dual-Link display adapter.

• How to delete the recon Taskresults in Sun IdM 7.1 thru automation

  How to delete the recon Taskresults in Sun IdM 7.1 thru automation either thru workflows or using java programs...
  We need to delete only recon Taskresults.

  Hi Dinesh,
  Try using waveset.adminRoles
  Thanks

• Error while Reading Idocs from ECC 6.0 to Sun IDM .

  Hi Gurus,
  We have a scenerio where we have to update the Sun IDM Server with all the changes in HR Data happening in ECC.
  For that... we have
  1. Created a Logical System for Sun IDM server, Port, RFC Connection (TCP/IP).
  2. Assigned Partner Profiles, Distribution Model etc. for msg. type HRMD_A ;
  3. We have created a Communications User used by the IDM server to connect to ECC.
  Idocs are created daily and are in status 03 - Data passed to Port OK !
  and on the In Sun Identity manager 8.0 we have created SAP resource adapter for ECC 6.0,
  after giving resource parameters our test connection is successful.
  We also changed edit synchronisation policy for the same but when we start synchronisation in IDM, it is unable to read any idocs although Idocs are generated in SAP .
  Log file gives the message as "Incoming IDoc list request containing 0 documents"
  We also have one more error ;
  some times while doing a connection test : JCO.Server could not find server function '剆䍟偉乇'
  while most of the times the connection is successful.
  Please suggest .

  Hi Gurus,
  The error got resolved .
  The changes in the settings i did :
  SAP SIDE : Made the RFC Connection Unicode.
  IDM SIDE : Checked on the "SAP Server Unicode" checkbox; while doing the HR Activ Synch Settings.
  This Resolved the error.
  regards
  Vaibhav

• Looking for some one who can help me in SUN IDM

  Hi Friends,
  I am looking for some one who can help me to learn sun IDM. Off couse I will pay for your time.
  I can be reached at [email protected]
  Please let me know if you have some time
  Thx

  Hi Zebra,
  I really appreciate your reply. I would like to discuss out of this forum so that no one here annoyed with our newbie questions. Please send me email as I listed earlier to discuss best ways. I send email to Andy to join us.

• Movement of accounts in AD natively; How Sun IDM identity is affected

  Dear Reader,
  We are planning to integrate Windows Active Directory with Sun IDM 6.0 SP1. Even after integrating AD with Sun IDM there will be lots of changes to the native account like especially moving the account from one OU to another etc
  Since Sun IDM identity has the distinguished name of AD account for its reference; if someone moves the AD Account natively how will that affect IDM identity.
  I heard from couple of my friends that Sun IDM uses objectGUID to refer account in AD so even if the account is moved from one OU to another there will be no issue, is that right?
  Will Sun IDM 6.0 SP1 work that way or this fix was introduced in the later release?
  Is there any other factor involved in this which will affect the way Sun IDM works when the account is moved natively?
  Any help is appreciated
  Thanks in advance

  We use IdM 7.1.1.11 and AD.
  Sun does use the GUID once it has it. And, if the dn changes and the GUID stays the same, IdM won't care. Although in examining logs I saw that Sun asks AD first based on the GUID, then if it can't find it, reverts to the dn. We manage what OU our accounts are in via IdM. So we don't allow AD admins to move accounts around. During our initial migration, we are syncing up GUIDs, and correcting any bad OU values. Don't know if that helps, but I have some experience looking at some of this and can offer my oberservations.

• Exploratory Programming of the Sun IDM API

  Exploratory Programming of the Sun IDM API using Rhino
  Sun IDM comes with a JavaScript interpreter (Rhino) that can be invoked from the command-line. This gives developers an easy way to explore the large number of classes that comprised the product.
  Let's say for example that you need the approvers of a role object in order to display them on a form. (The role view provides this information, but let's ignore this for the purpose of this example.) The role javadoc mentions two methods to get the approvers, getApproverRefs() and getApprovers(). Unfortunately they are not described clearly, and the difference between the two is not clear either.
  In order to understand what these methods do and what they return, you can use the interpreter to invoke each one directly.
  First start the interpreter with the 'lh.bat js' command:
  lh.bat jsYou will be greeted with the javascript prompt "js>"
  Then the first thing to do is to login to the application server. Copy-paste the following code into the shell interpreter.
  // Java packages are prepended with the word 'Packages'
  // and are imported using the 'importPackage' function
  importPackage(Packages.com.waveset.util);
  importPackage(Packages.com.waveset.object);
  importPackage(Packages.com.waveset.security.authn);
  importPackage(Packages.com.waveset.session);
  importPackage(Packages.com.waveset.ui);
  importPackage(Packages.java.util);
  // Use arguments[0] and arguments[1] if you want to pass credentials from the command line
  // Here we just use the built-in account "configurator"
  var epass = new EncryptedData("configurator");
  var session = SessionFactory.getSession("configurator", epass);
  print("Waveset session established");Alternatively save the above code to a text file called "idm-init.js" and load the file from the interpreter.
  js> load("idm-init.js")
  Waveset session establishedOnce a session has been established, objects can be loaded from the repository. Enter this line at the prompt to get the role object named "testrole3"
  js> var roleObject = session.getObject("Role", "testrole3");Enter the variable name at the prompt to cause the interpreter to invoke the object's 'toString' method.
  js> roleObject
  Role:testrole3Use a 'for' loop to print out all of the object's method and fields.
  js> for (i in roleObject) { print(i) }Enter a method's name to invoke it. Let's call getApproverRefs().
  js> var approvers1 = roleObject.getApproverRefs();
  js> approvers1
  [User:role1approver(id=#ID#1CC1759638D9AF96:182C132:10F3E8040B5:-7FBE), User:role2approver(id=#ID#1CC1759638D9AF96:182C132:10F3E8040B5:-7FB8)]
  js> approvers1.get(0).getClass();
  class com.waveset.object.ObjectRefNow let's check out getApprovers().
  js> var approvers2 = roleObject.getApprovers();
  js> approvers2
  [Lcom.waveset.object.WSUser;@d3c69c
  js> approvers2[0].getClass()
  class com.waveset.object.WSUserSo getApproverRefs() returns a list of ObjectRef objects, while getApprover() returns an array of WSUser objects.
  In summary the Sun IDM JavaScript interpreter can be used to explore the product's vast API. This article used the role class and its getApprovers() and getApproverRefs() methods as an example for exploratory programming. Other applications include automated testing and administrative scripts.
  [email protected]

  Yes you can customise IDM it is all available in courses and the manuals also provide some info.
  As long as you can write the code you need in java or javascript you can call it from IDM: that could be an interface to you naming app.
  Otherwise use the SPML interface if you want to use something else then the GUI. This is also described in the manuals.
  WilfredS

• Expert pls help: Sun IDM with ldap active sync

  Hi all,
  Currently i am configuring Sun IDM 6.0 SP1 to active sync with Sun directory server. I have enabled Retro Change Log but yet i cant find my changeNumber in directory server. Could anyone show me a way (search?) to get what changeNumber directory server currently running?

  Check the account used by IDM to access DS can search cn=changelog branch. If he is not Directory Manager, you probably need to set an ACI on that branch.
  HTH

• Managing LDAP groups and roles through SUN IDM

  Hi Guys,
  We have a requirement to build the following functionality in our Sun IDM tool.
  1.     Ability to create/manage Static LDAP group.
  2.     Ability to create/manage filtered LDAP group.
  3.     Ability to create/manage Static LDAP roles.
  4.     Ability to create/manage filtered LDAP roles.
  Can anyone let us know any pointers as to how to accomplish this or any ideas for the path to follow for this.
  Any reply will be appreciated.

  http://myidm.blogspot.com/2009/06/how-to-create-groups-in-ldap-or-active.html

• SUN IDM Role removal does not remove the set atributes

  Hi,
  I am using SUN IDM Roles to set a multi valued attrubute on a resource using merge with value property.
  But when I remove any of the assigned role the corresponding ATTRIBUTE value is not getting removed.
  Is there anything specific which needs to be done.
  eg: Role1 sets attribute PRIV on resource A to "ADMIN"
  Role2 sets attribute PRIV on resource A to "MANAGER"
  If I assign both Role1 and Role2 the PRIV will have "ADMIN" and "MANAGER"
  But if I remove Role1 still "ADMIN" is present under PRIV.
  Is there any workaround for this. Please advice.
  - Thanks, ARK

  Try using "Authoritative Merge with Value" instead of just "Merge with Value".

• Getting Error IDM8.1patch11WebLogic Server com/sun/idm/idmx/txn/Transaction

  I installed IDM 8.1 Patch 11 on WebLogic server. When I start the server I am getting following error. The Login page never shows up. I will appreciate if you can give me the pointer.
  ] Root cause of ServletException.
  java.lang.NoClassDefFoundError: com/sun/idm/idmx/txn/TransactionManager
       at com.waveset.ui.LoginHelper.csrfGuardTokenEnabled(LoginHelper.java:2471)
       at com.waveset.ui.LoginHelper.handleCSRFGuardToken(LoginHelper.java:2186)
       at jsp_servlet.__login._jspService(__login.java:251)
       at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at com.sun.idm.profiler.instrumentation.RequestTimingFilter.doFilter(RequestTimingFilter.java:76)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Edited by: 842717 on Mar 8, 2011 12:16 PM

  You are receiving this error because one of the fields being pulled from IdM, exceeds he column limit defined in the GLOBALUSERS database table.
  I received this error before because the PRIMARYEMAIL column in the GLOBALUSERS table was defined as [PRIMARYEMAIL] [nvarchar](50).
  I went into Microsoft SQL Server Management Studio and updated the field to [PRIMARYEMAIL] [nvarchar](100), and then the import worked.
  Hope this helps,
  Larry L. Viars | Senior Consultant
  Logic Trends, Identity & Access Management Specialists