### Read Normal Post in black font ###
Our expert team is providing online Oracle Apps DBA training via Web Conferencing, here is link for course content and Fee -> Oracle Apps DBA 11i course content - 26th April to 11th May
### Read Normal Post from here ###
Here are key points If you have to integrate Oracle Applications 11i/R12 with OID (for Single Sign-on access) and migrate users across two user repository (Apps and OID)
Users are migrated
1. From OID to Apps (FND_USER) - In this scenario users already exist in OID and you wish to move them to Apps
2. From Apps to OID - Users already exist in Apps 11i/R12 and you wish to move then to OID
3. Some users from Apps to OID and others from OID to Apps
Tools/Command to migrate users
1. AppsUserExport- To export account from Oracle E-Business Suite 11i/R12 to intermediate LDIF (Lightweight Directory Interchange Format) file. This is command line tool available in Apps. This is Java class file available under $JAVA_TOP/oracle/apps/fnd/oid
*Required to migrate data from Apps to OID
2. LDAPUserImport- Command line utility to read LDIF file (this file comes from OID containing users and their attribute). This is Java class file available under $JAVA_TOP/oracle/apps/fnd/oid
*Required to migrate data from OID to Apps
3. ldifmigrator- Command line tool in OID to migrate application specific data or from other directory (AD, iPlanet) to format which OID can understand. This tool is under $ORACLE_HOME/bin on OID node. For syntax of OID click here
*Required to migrate data from Apps to OID
4. bulkload- Command line tool to load OID data in bulk. This tool is available in ORACLE_HOME/ldap/bin on OID node. Limitation with this tool is that you have to shutdown OID (database and listener should be up and running during bulkload). For syntax of bulkload Click Here
*Required to migrate data from Apps to OID and large number of users (else use ldapadd)
5. ldapadd- Command line tool to add an entry in OID. Advantage over bulkload is that no need to shutdown OID. Disadvantage is that this can be used only if number of users to add is small.
For more on ldapadd Click Here
*Required to migrate data from Apps to OID and small number of users (else use bulkload)
6. ldifwrite- Command line utility to create LDIF file from OID data so that LDIF file can later be importaed to Apps using LDAPUserImport.
For more on ldifwrite Click Here
*Required to migrate data from OID to Apps
7. oidprovtool - This is OID command line tool to add/delete/modify provisioning profile. This tool is available under ORACLE_HOME/bin on OID node.
*Required to migrate data from Apps to OID only if “Two Way” or “OID to Apps” provisioning profile is enabled
8. provsubtool.orc- This is command line utility in OID($OH/ldap/odi/bin) to manage application specific subscription list.
Things you should know before user export/import
1. Profile option “Application SSO Login Types” at user level should not be set to Local, else that user will not come to intermediate LDIF file when “AppsUserExport” is executed.
2. Profile option “Application SSO LDAP synchronization” should not be set to NO, else user will not be migrated.
3. If no value is set for above two profile option at user level, then site level value will take effect.
4. Apps users whose user_id < 10 in FND_USER (like SYSADMIN, GUEST, CONCURRENT MANAGER, APPSMGR) should not be synchronized with OID Users.
5. There is limitation to attributes of users migrated from Apps to OID (Full list of supported attributes migrated check page 88-89 of guide mentioned below)
6. $JAVA_TOP should be in CLASSPATH before executing “java oracle.apps.fnd.oid.AppsUserExport” or “java oracle.apps.fnd.oid.LDAPUserImport” (Thanks Ravi for pointing this out)
7. If your provisioning profile (This instructs what user attributes to sync and which way) is configured to synch user data from OID to Apps or Both (OID to Apps and Apps to OID) and you are migrating initial data from Apps to OID (using AppsUserExport, ldifmigrator, bulkload.sh/ldapadd) then DISABLE you provisioning profile during migration process. Enable provisioning profile again after user load from apps to OID.
8. You should know your OID realm where you are going to/from migrate user data.
9. If multiple apps instances are registered with single OID then remove duplicate user data while loading from multiple apps instances to OID.
10. When users are bulk loaded in to OID, the password policy at OID is not enforced as passwords are encrypted in LDIF file.
11. Bulkload coomand to migrate users from Apps to OID does not automatically subscribe users to Apps. You have to manually subscribe them using provsubtool
12. LDAPUserImport command line utility to import data from OID to Apps updates both FND (Foundation) & TCA (Trading Community Architecture) data.
Migrating Users between Apps & OID
OID to Apps
1. Export Users from OID using ldifwrite (OID Node)
2. Import user to Apps using LDAPUserImport (Apps Node)
Apps to OID
1. Export user from Apps using LDAPUserExport (Apps Node)
2. Change file created in above step to ldif file using ldifmigrator (OID Node)
3. Import user to OID using bulkload/ldapadd (OID Node)
Related Doc
Apps 11i / OID Integration Guide Page 69 to 76
Apps R12/OID Integration Guide Chapter 6
Related Posts for Apps SSO/OID Integration
- 25 Things Apps DBA should know for Apps 11i/R12 Integration with OID/SSO
- Questions for Oracle Apps 11i & R12 Integration with 10g AS/SSO
- Oracle Single Sign-On Server for Apps DBA
- Clone Apps 11i/R12/12i integrated with SSO
- Notes/Docs to integrate Apps 11i with 10g AS Portal/OID/SSO
- Migrate Users to/from OID and Oracle Apps 11i/R12
- User created in Apps 11i/R12/12i not sync to OID
- Apps 11i/R12/12i Registration/Deregistration with OID/SSO : internals
- Error while running SSO registration on 11i : txkrun.pl -script=SetSSOReg
- How to Deregister SSO/OID from Oracle Apps 11i/R12/12i
- Error adding new User (11i) - unable to call fnd_ldap _wrapper .create_user
- Unable to call fnd_ldap_wrapper . create_user / update_user ORA-20001
Popularity: 13% [?]
Download R12 VMware Documentation
Good hands-on exercises (installation, patching, cloning), very experienced trainer worth for Money 
11 users commented in " Migrate Users to/from OID and Oracle Apps 11i/R12 "
Follow-up comment rss or Leave a TrackbackHey Atul,
Nice and to the point information. Gud work.
Cheers
Amit
Dear All,
we use oid 10.2.4 , we have problem in synchronizing data from oid to db. below lines are shown in the log file. Can any body help us?
Enabling API Debugging..
Initialization - Starting for Mode ChangeSync
Prov Reader - Initialize : Instantiating oracle.ldap.odip.prov.LDAPEventReader
LDAP URL : (srv-metasearc.padl.local:636 cn=odisrv+orclhostname=srv-metasearc,cn=registered instances,cn=directory integration platform,cn=products,cn=oraclecontext
Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
Connecting in SSL
LDAP Connection success
Update search count = 100
Intialized the LDAP Reader.
Status Attribute orcluserapplnprovstatus;rasaApp_rasaappDefault Subscription Status Attribute:orcluserapplnprovstatus;rasaapp
Prov Reader - Initialized
Prov Writer - Initialize : Instantiating oracle.ldap.odip.prov.PLSQLEventWriter
[fine] PLSQLEventWriter : Connecting …
Loaded driver..: oracle.jdbc.OracleDriver
Using Service Name to connect - URL : jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.1.2)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=nlidb))),user : nashr
DataBase Connection Success
[fine] PLSQLEventWriter : Call Stmt Initialized successfully….
Writer : Last Applied Change Key : 3480
Prov Writer - Initialized ..
Initialization - Ending ..
Event Propagation - Begin..
Event Propagation - End ..
Updating the Status..
Setting Event Success Count : 0
Setting Event Failure Count : 0
Propagation Status : SUCCESS
Last change Key Set to:3480
Profile status Update - SUCCESS
Cleaned/Closed Readers and Writers
Initialization - Starting for Mode Bootstrap
Prov Reader - Initialize : Instantiating oracle.ldap.odip.prov.AppBootstrapEventReader
Provisioning Failure Retry Limit for App is : 1000
Status Attribute in OID:orcluserapplnprovstatus;rasaApp_rasaapp
Default Subscription Status Attribute:orcluserapplnprovstatus;rasaapp
Timestamp attribute 20080713064905z
LDAP URL : (srv-metasearc.padl.local:636 cn=odisrv+orclhostname=srv-metasearc,cn=registered instances,cn=directory integration platform,cn=products,cn=oraclecontext
Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
Connecting in SSL
LDAP Connection success
AppBootstrap searchFilter : (&(objectclass=orcluserv2)(|(orcluserapplnprovstatus;rasaApp_rasaapp=PROVISIONING_FAILURE)(!(orcluserapplnprovstatus;rasaApp_rasaapp=*))))
Search Time : 16
App Bootstrap Search Successful for application : ‘null’
Intialized the App Bootstrap Event Reader.
Prov Reader - Initialized
Prov Writer - Initialize : Instantiating oracle.ldap.odip.prov.LDAPEventWriter
LDAP URL : (srv-metasearc.padl.local:636 cn=odisrv+orclhostname=srv-metasearc,cn=registered instances,cn=directory integration platform,cn=products,cn=oraclecontext
Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
Connecting in SSL
LDAP Connection success
Retreived Factory from Profile..
Prov Writer - Initialized ..
Initialization - Ending ..
Event Propagation - Begin..
More Data Found..
Reader finds some data…
More Data Found..
Getting Users for the BootStrap cases..
More Data Found..
Processing User - cn=user2
UserCreateTimeStamp 20080714131248z
Application TimeStamp 20080713120917z
Upgrade Timestamp 20080713064905z
Current status : null
Current User FailCount : 0
[fine] Inside Generate Events..
[fine] Object Type identified as : USER
[fine] LDAP Changetype : ADD
[fine] getObjTypeRules:Processing Event Defn (0) - ,Object Type:ENTRY
[fine] getObjTypeRules:Processing Event Defn (1) - ,Object Type:USER
[fine] getObjTypeRules:Matched Object Type :USER
[fine] getObjTypeRules:# Event Rules:0
[fine] EventEngine: No ObjectType Rules for :USER - changeType : ADD
[fine] EventEngine: # Generated Events : 0
Events to write 0
Process Event Status for 0
Not calling status processor
Event Propagation - End ..
Updating the Status..
Cleaned/Closed Readers and Writers
Hi Sir,
This iS Ravi from UK. According the doc –Before MIgrating EBS users to OID, we have to set CLASSPATH env variable point to $APPL_TOP/java(in $APPL_TOP there is no java dir so how we can set CLASSPATH for the $APPL_TOP/java). OR the $JAVA_TOP is already pointing to CLASSPATH env variable so there is any java path has to add existing paths of CLASSPATH env variable in adovars.env ?
Please suggest me and guide.
Thanks in advance
Regards,
Ravi
$APPL_TOP/java should be in CLASSPATH before executing “java oracle.apps.fnd.oid.AppsUserExport” or “java oracle.apps.fnd.oid.LDAPUserImport”
Hi Sir,
This $APPL_TOP/java should be in CLASSPATH is temporary purpose (like export CLASSPATH=$APPL_TOP/java) or permannetly in adovars.env?
before executing “java oracle.apps.fnd.oid.AppsUserExport” or “java oracle.apps.fnd.oid.LDAPUserImport” .
Why CLASSPATH should be in $APPL_TOP/java?
Thanks for your support. Please
Regards,
Ravi
Hi Sir,
The $APPL_TOP/java(created java dir in $APPL_TOP) should be in CLASSPATH is temporary setting(like export CLASSAPTH=$APLL_TOP/java) or permanent setting in adovars.env ?
Please suggest for above.
Thanks,
Ravi
Hi,
The $APPL_TOP/java is sameas $JAVA_TOP….rite?
Hi Sir,
After implementing of Infrastructure 10.1.4 integration with EBS 11i .Canot open the Application home page through sso page but I can open EBS home page throug login of OracleAS10g Infra server console navigate :homepage> >SSO:orasso>Administer via SSO web Application.
Why EBS home page is not opening through http://server:port/oa_servlets/AppsLogin. of using SSO page ?
Any idea on it.
Waiting for your suggestion.
Thanks in advance.
Regards,
Ravi
Ravi,
Install IE http header (tool to enable debugging in browser which shows HTTP header)
Then try accessing apps url to check if this is forwarding request to SSO page or not.
Check in error_log & Jserv log of 11i to check issue
Hi Atul,
I have registered at http://www.teachmeoracle.com , but still my id has not been activated.
MY ICQ Number is : 0601
Username is: vivek_modi1
Please help me on this.
Thanks and Regards,
Vivek Modi.
Facing Issue:
~~~~~~~~~~~~~~~
When we are cloning an 111i Application, after DB recovery when we try to connect to DB from MT Node using below string, we are getting error as,
From MT Node: sqlplus apps/****@SID
SQL*Plus: Release 10.2.0.3.0 - Production on Fri Dec 26 22:55:13 2008
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
ERROR:
ORA-30006: resource busy; acquire with WAIT timeout expired
Any idea for this error.
This errror we are getting only for RAC Instances only and not for Single node DB.
Please advice.
Thanks
Hi Atul,
Please let me know how to restrict the same user connecting with multiple sessions in 11i
in profile option level
Thanks,
Rajesh
Leave A Reply