Synchronize users from IDM Idenity Store to UME

Similar Messages

• Logging info about user, when deleting user from IDM

  Hi,
  I would like to be able create a report showing deleted users the last month.
  The problem is that I also need to fetch the user fullname, and some other IDM attributes as additional columns.
  This is not supported with a standard audit log report.
  So I would guess that I have two options:
  1. Somehow log information while the user is deleted. For example, somewhere in the "Delete User" workflow.
  But I can't find the values I'm looking for there. They are not available to me. (a user view for example).
  And it also seems hard to pass those values from the "Deprovision Form" to the "Delete User" workflow.
  So my question is here: How do I get access to a user view in the "Delete User" workflow, is that possible?
  2. I can get the values by looking directly in the audit log for each deleted user. There I can have a look at the ACCTATTRCHANGES to see what the users name was.
  But if the AuditLog has been cleared, then that information might not be available.
  I'm stuck..
  Anyone here that has an idea of how you can fetch deleted users fullname?
  Thanks & Regards,
  Henrik
  Edited by: user1154522 on May 24, 2011 2:18 AM

  Hi,
  One possible solution can be to add a handler in the delete user workflow.
  For every user that is to be deleted, write the requird information in a file/database. In your report query the information from there and geneate it.
  Note: You have to add condition to check if the users was properly deleted from IDM and resource (just to be sure) and then write/store the information in the File/table.
  If you want to store the information in the auditlog only, there is a column called comments that you can use, for this also, some customizations is needed in the Delete User Flow.
  Regards
  Arjun

• How to migrate user from IDM 5.5 to 6

  Our current users in IDM 5.5 have many attributes, admin roles and defer tasks. Does anyone know what is the best way to migrate the users withought missing user information from 5.5 database to 6?

  hi,
  u need to export each each user xml from idm 5.5 and import that idm 6.0. thats all i know.
  if anything we can do other than this plz let me know.

• Add user in LDAP from IDM

  Hi,
  creating a user from IDM on LDAP have the following error: "com.waveset.util.WavesetException: An error occurred adding user 'cn=pippo,ou=ac_bu,dc=atlan,dc=it' to resource 'LDAP'. javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Entry cn=pippo,ou=ac_bu,dc=atlan,dc=it violates the Directory Server schema configuration because it is missing attribute sn which is required by objectclass person] ", the 'sn' attribute, that is required, is not send.
  How do I send the attribute 'sn' and give 'sn' value 'lastname' ?
  Thank for you time.

  In attribute mappings map lastname(in IDM side) with sn(in LDAP side).

• Adding LDAP User store to UME

  We need to authenticate users against an LDAP server.  This works fine from the workbench where the UME ContentSource is database_only.  However, the central WebAs (Netweaver 2004) was installed with ContentSource of r3_rw.  According to the documentation, a prerequisite to adding an LDAP user store is: "You have installed a SAP Web Application Server Java where the UME is configured to use the database of the J2EE Engine as data source."  Since our WebAS Java is not configured this way, is there any way, short of re-installing the server, to add an LDAP user store?  TIA,
  Steve

  Hi Steve,
  Once you choose an ABAP data source, there is no going back.
  You can however synchronize the ABAP with the LDAP server. Have the ABAP user management periodically import users from the LDAP server.
  -Michael

• I have 1 iMac, two users (myself and my wife), 2 different Apple ID's, and I want to buy Pages from the App Store so we both can use. Is this possible without having to buy it twice?

  I am wanting to purchase the Pages app from the App Store. I do not want to purchase it 2 times, once for me, and again for my wife. We both share the same iMac, and we both use seperate Apple ID's. Is there a way to purchase it under my user, and have it download to her user as well? I have searched all over the forums for a cut and dry answer to this, to no avail. Any help in the matter would be appreciated, as I am a newbie on the Mac.

  No. You need to buy it for your Apple ID and for the other. You will have problems with updates

• TS3274 I keep getting an error when trying to download a tv series right on my iPad from the iTunes store. I am able to download on my laptop then synchronize but it's a hassle specially if my laptop is not with me. All other Apps seem to be working fine.

  I keep getting an error when trying to download a tv series right on my iPad from the iTunes store. I am able to download on my laptop then synchronize but it's a hassle specially if my laptop is not with me. All other Apps seem to be working fine. Help!

  If anyone is reading this still looking for what caused the issue and how to fix it here is what I discovered.
  The antivirus program our company uses, Bitdefender Antivirus Plus, was causing some of the PDF files not to open. After troubleshooting the different modules and settings the culprit was..
  Scan SSL in Privacy Control Settings. Turning it OFF solved the problem and all the PDF files that previously would not open now open just fine. This issue has been sent to Bitdefender for them to review. If you use a different antivirus program and are having this issue try locating the Scan SSL setting and see if turning it off solves the problem.

• How to remove user completely from IdM?

  Is there any way to remove/delete the user from the IdM completely? It means also from the "Top:Deleted users".
  E.g. when some testing user is created and deleted after and should not be in system any more.

  Thanks a lot - it works.
  My problem was that I didn't realize that there is a customized workflow mapped to 'deleteUser' process type...

• Couldn't fetch UME users from NWDS

  Hi Experts,
  I installed a CE 7.3 developworkspace in my laptop, and I'm develping some BPM demos.
  I created a task in the process compoent, and then I want to assign a potential user. I choose the User type, then input the user name and click search button. But the dialog seems has no response to this. The result is nothing, but the user has been created in the UME.
  Actually, this function was correct before. I could find user when I tried this demo first time. But it don't work right now.
  I don't know why. I'm sure the NWDS has been found the local server, I could build and deploye projects successfully.
  I think this maybe a bug of the NWDS, hope get some suggestion from you. Many thanks.
  Best Regards,
  Winters

  Hi,
  first let me thank you for your help. I've tried it, but unfortunately it still doesn´t work. Do you have any other suggestion.
  Regards,
  Adil

• How to classify new and old user account from idm system using SPML

  hi all,
  i can use SPML code to create new user on IDM system but, i can't classifying new or old user account
  any advise ? very thank you in advanced.
  athikom.

  Hi Vikram,
  Iam not sure though, did you chekced EXIT_SAPMM06E_022 if it helps you in anyway.
  Regards,
  Swarna Munukoti

• How to configure IDM to ignore root user, from a linux machine?

  I have a lot of linux machine, that I would like to mananger the users, with IDM.
  But, the root password of all machines, must be different in each machine, and the root user, can't be managed by IDM, due security reasons.
  Does any one know how to force IDM ignore root user on all machines?
  Thanks!

  You can define an "excluded accounts" rule for your resource to do just this. Identity Manager ships with a few default ones for Unix and Windows system accounts. You might start using one of those as a template for your own account rule.

• Problem with synchronization users in SSM 7.5 5.0

  First, sorry for my English
  I have installed NWCE 7.1 (SP Stack 09) & SSM 7.5 5.0 on a windows 2003
  I have read previous posts and I modified the Java Properties parameter to CPIC.
  I've also tried to delete the cache from the file manager.
  However synchronization does not work, gives the same error:
  Error message 'error' is undefined
  URL http://server.com:50000/strategy/pipadmin/pa_settings.htm
  Line # 547
  pipadmin and SSEL users are UME administrators
  Do not use any group in the Application Server A
  In defaultTrace_00.0.trc appears:
  Error # # Plain # # # Remote User was not set by AuthenticationFilter! #
  I think the error is on the side of the application server administrator, but I know that look ...
  I would appreciate any help.
  Regards.

  Good to hear from you Colin!
  First off, there has been some reports of using the Synchronize User Tables and not getting a pop-up that says it completed - BUT the users were sync'd. Check the Manage Application Groups section to see if the users show up there. If they did, you have sync'd. There does seem to be something in a later SP that dealt with that issue.
  Secondly, when using JPIP, on the Set System Defaults area you "lose" the Cache Directory, Max # of entries, and Global Cache setting. Gone, don't need them for JPIP. So it can be a little frightening when you don't see them.
  As you found. you now only see those WHEN CPIP is used.
  There are a number of reasons that JPIP is a better way to go - long-term:
  1) Tracing - PIP and PAS Trace - that is what you now see in the Set System Defaults window.  It's very useful for troubleshooting. Default is Disable and you keep them like that until you need to do troubleshooting. You Enable them, go through the steps that created a problem and then go pick up the trace file.
  2)  When using JPIP, you no longer use Extended Listener or Listener (Yes, it took me a while to get used to that).
  3) That means - you Don't need to be on the server to restart Services - you do that from Tools, which can be accessed from the url.
  4) JPIP allows you to restart specific instances, as well as restarting the whole service. That means if you know where the trouble is, you can restart that service without restarting all the services.
  5) There is a more information available using JPIP
  6) Using JPIP, you could run SSM off a single UNIX box.
  Hope this helps,
  Bob

• I bought a ipad mini online from the apple store. His battery doesn't last more than 6h. I return it back to them they send me a new one, but the problem is same. Battery doesn't last more than 5-6h!

  I have purchased a iPad mini online from the Apple store. Since day one I had 2 issues with it. First is that the battery life doesn't last more than 5-6h active usage, and the second one is with the wi-fi. It works properly but after I leave it for a while in sleep mode and try to reuse it, it doesn't want to open a web page or app store or mail (anything connected with the internet search) but it shows that is properly connected with my home network. So I have to turn off the wi-fi connection and turn it on again so it start to work properly. After couple off days this becomed very annoying so I contacted the support via phone and they gave me instructions for return it and that I'll receive a new one without aditional fee. I get the second device in the predicted time but again I have the same issues with the wi-fi and battery life. I will be pleased if someone from the Apple expert team explaine to me what should I do, because I dont find it for normal what is happening. On the Apple official site under the specifications for iPad mini it says that the battery lasts for at least 10h and the wi-fi problem isn't mentioned anywhere. Thanks in advance.

  This is a user to user forum. No one here is an employee or representative of Apple.
  If you want someone from Apple to explain what you should do make an appointment at an Apple store if there is one near you and take your iPad there and talk to Apple. If no Apple store is close enough then call Apple to find out what your alternatives are. There is a Contact Info link at the bottom of every page in this forum.

• All of my music that wasn't purchased from the itunes store has been faded out on my ipod, despite me being able to play them in itunes. half my songs have exclamation points but only in the 'on this ipod' section, and when i double-click no window appear

  I'm freaking out because almost all my music except for those songs purchased directly from the iTunes store has been deleted from my iPod - about 35 gigs. The songs show up, but they're all faded out and unplayable from my device (I have the newest version). Exclamation points appear beside all my songs in the "On this iPod" section, and yet I can't double-click to locate the files as nothing pops up. Some of my music has a weird circle next to it and is even more faded out when I'm in the "On this iPod" section - that's been happening for a couple of days. Yesterday I tried to set my settings to sync with my library only, and it worked, but this morning everything got even worse with the rest of my songs disappearing. What's happening???? Help??

  The syncing of music is one way, computer to phone. See this helpful document from a fellow user. Credit goes to the author.
  https://discussions.apple.com/docs/DOC-3141

• Cannot remove deleted user from people picker - SharePoint Foundation 2010

  So I think I've read all the people picker articles here and I can't find a solution so I thought I'd start a new thread. Here is the issue:
  A user was deleted from Active Directory and removed from SharePoint Foundation 2010. The user was still showing in the People Picker within the site collection, so we have performed a few things to try and get rid of this user.
  User is deleted from AD
  User is deleted from SharePoint Site Collection
  Have tried stsadm -o deleteuser
  Have removed all mention of this user from UserInfo table
  User does NOT show in
  https://<SiteCollectionURL/_layouts/people.aspx?MembershipGroupId=0
  Cannot find any mention of this user anywhere.
  Ran a full crawl as we read on a forum somewhere that it might help.
  If I try and add the user back to SharePoint I get "The user does not exist or is not unique"
  If I try "stsadm -o deleteuser -userlogin DOMAIN\USER -url https://<sitecollectionurl>" I get "The user does not exist or is not unique"
  I am not sure what else I can try now. Can anyone help?
  Thanks,
  Vinny
  Vinny

  No other domain trusts that this user could be in.
  Just so everyone can stop with the warnings, we do NOT regularly delete users from the UserInfo table and fully are aware of the problems behind it, which is why it is so rarely done. But at times, you have to do what you have to do to help a customer, you
  know? This one user is the only one that was removed from the UserInfo table, but there are a few other users that are also deleted (from SharePoint, not manually from UserInfo) that are still showing as well. This one user included.
  There MUST be another place that the people picker gets it's information from. ALL of the user's old information still shows in the people picker (username, email address, display name), and yet none of that information exists anywhere other than in the
  People Picker. Mailbox is gone from Exchange, User deleted from SharePoint, User deleted from Active Directory. Is there no cache someone could point me towards that People Picker might store information in.
  Vinny