### Read Normal Post in black font ###
Our expert team is providing online Oracle Apps DBA training via Web Conferencing, here is link for course content and Fee -> Oracle Apps DBA 11i course content – 26th April to 11th May
### Read Normal Post from here ###
Here are key points If you have to integrate Oracle Applications 11i/R12 with OID (for Single Sign-on access) and migrate users across two user repository (Apps and OID)
Users are migrated
1. From OID to Apps (FND_USER) – In this scenario users already exist in OID and you wish to move them to Apps
2. From Apps to OID – Users already exist in Apps 11i/R12 and you wish to move then to OID
3. Some users from Apps to OID and others from OID to Apps
Tools/Command to migrate users
1. AppsUserExport- To export account from Oracle E-Business Suite 11i/R12 to intermediate LDIF (Lightweight Directory Interchange Format) file. This is command line tool available in Apps. This is Java class file available under $JAVA_TOP/oracle/apps/fnd/oid
*Required to migrate data from Apps to OID
2. LDAPUserImport- Command line utility to read LDIF file (this file comes from OID containing users and their attribute). This is Java class file available under $JAVA_TOP/oracle/apps/fnd/oid
*Required to migrate data from OID to Apps
3. ldifmigrator- Command line tool in OID to migrate application specific data or from other directory (AD, iPlanet) to format which OID can understand. This tool is under $ORACLE_HOME/bin on OID node. For syntax of OID click here
*Required to migrate data from Apps to OID
4. bulkload- Command line tool to load OID data in bulk. This tool is available in ORACLE_HOME/ldap/bin on OID node. Limitation with this tool is that you have to shutdown OID (database and listener should be up and running during bulkload). For syntax of bulkload Click Here
*Required to migrate data from Apps to OID and large number of users (else use ldapadd)
5. ldapadd- Command line tool to add an entry in OID. Advantage over bulkload is that no need to shutdown OID. Disadvantage is that this can be used only if number of users to add is small.
For more on ldapadd Click Here
*Required to migrate data from Apps to OID and small number of users (else use bulkload)
6. ldifwrite- Command line utility to create LDIF file from OID data so that LDIF file can later be importaed to Apps using LDAPUserImport.
For more on ldifwrite Click Here
*Required to migrate data from OID to Apps
7. oidprovtool – This is OID command line tool to add/delete/modify provisioning profile. This tool is available under ORACLE_HOME/bin on OID node.
*Required to migrate data from Apps to OID only if “Two Way” or “OID to Apps” provisioning profile is enabled
8. provsubtool.orc- This is command line utility in OID($OH/ldap/odi/bin) to manage application specific subscription list.
Things you should know before user export/import
1. Profile option “Application SSO Login Types” at user level should not be set to Local, else that user will not come to intermediate LDIF file when “AppsUserExport” is executed.
2. Profile option “Application SSO LDAP synchronization” should not be set to NO, else user will not be migrated.
3. If no value is set for above two profile option at user level, then site level value will take effect.
4. Apps users whose user_id < 10 in FND_USER (like SYSADMIN, GUEST, CONCURRENT MANAGER, APPSMGR) should not be synchronized with OID Users.
5. There is limitation to attributes of users migrated from Apps to OID (Full list of supported attributes migrated check page 88-89 of guide mentioned below)
6. $JAVA_TOP should be in CLASSPATH before executing “java oracle.apps.fnd.oid.AppsUserExport” or “java oracle.apps.fnd.oid.LDAPUserImport” (Thanks Ravi for pointing this out)
7. If your provisioning profile (This instructs what user attributes to sync and which way) is configured to synch user data from OID to Apps or Both (OID to Apps and Apps to OID) and you are migrating initial data from Apps to OID (using AppsUserExport, ldifmigrator, bulkload.sh/ldapadd) then DISABLE you provisioning profile during migration process. Enable provisioning profile again after user load from apps to OID.
8. You should know your OID realm where you are going to/from migrate user data.
9. If multiple apps instances are registered with single OID then remove duplicate user data while loading from multiple apps instances to OID.
10. When users are bulk loaded in to OID, the password policy at OID is not enforced as passwords are encrypted in LDIF file.
11. Bulkload coomand to migrate users from Apps to OID does not automatically subscribe users to Apps. You have to manually subscribe them using provsubtool
12. LDAPUserImport command line utility to import data from OID to Apps updates both FND (Foundation) & TCA (Trading Community Architecture) data.
Migrating Users between Apps & OID
OID to Apps
1. Export Users from OID using ldifwrite (OID Node)
2. Import user to Apps using LDAPUserImport (Apps Node)
Apps to OID
1. Export user from Apps using LDAPUserExport (Apps Node)
2. Change file created in above step to ldif file using ldifmigrator (OID Node)
3. Import user to OID using bulkload/ldapadd (OID Node)
Related Doc
Apps 11i / OID Integration Guide Page 69 to 76
Apps R12/OID Integration Guide Chapter 6
Related Posts for Apps SSO/OID Integration
- 25 Things Apps DBA should know for Apps 11i/R12 Integration with OID/SSO
- Questions for Oracle Apps 11i & R12 Integration with 10g AS/SSO
- Oracle Single Sign-On Server for Apps DBA
- Clone Apps 11i/R12/12i integrated with SSO
- Notes/Docs to integrate Apps 11i with 10g AS Portal/OID/SSO
- Migrate Users to/from OID and Oracle Apps 11i/R12
- User created in Apps 11i/R12/12i not sync to OID
- Apps 11i/R12/12i Registration/Deregistration with OID/SSO : internals
- Error while running SSO registration on 11i : txkrun.pl -script=SetSSOReg
- How to Deregister SSO/OID from Oracle Apps 11i/R12/12i
- Error adding new User (11i) – unable to call fnd_ldap _wrapper .create_user
- Unable to call fnd_ldap_wrapper . create_user / update_user ORA-20001
- Oracle Access Manager 11g is now certified with E-Business Suite (Apps) R12
- Integrate Oracle Apps (E-Business Suite) R12 with Oracle Access Manager (OAM) 11g for SSO
- EBusiness Suite (Apps R12) integration with OAM 11g : inter component communication and Ports to open in FireWall
- 10g WebGate Installation with OAM 11g : Access Server ID, Port and WebGate ID
- EBS R12 integration with WebCenter – Error retrieving WSDL at URL OA_HTML/ portlets/ WSRPBaseService?WSDL
- Integrate E-Business Suite with Oracle WebCenter (11.1.1.5) using OID and OAM (11g) as SSO
- EBS R12 integrated with SSO (OAM/OSSO) prompting for username / password again : Your Oracle E-Business Suite account has not been linked
- EBS OAM integration : Logout should re-direct to different URL
Oracle WebLogic Administrator [USD 399]- 03rd Dec, 2011
Good hands-on exercises (installation, patching, cloning), very experienced trainer worth every penny 
27 users commented in " Migrate Users to/from OID and Oracle Apps 11i/R12 "
Follow-up comment rss or Leave a TrackbackHey Atul,
Nice and to the point information. Gud work.
Cheers
Amit
Dear All,
we use oid 10.2.4 , we have problem in synchronizing data from oid to db. below lines are shown in the log file. Can any body help us?
Enabling API Debugging..
Initialization – Starting for Mode ChangeSync
Prov Reader – Initialize : Instantiating oracle.ldap.odip.prov.LDAPEventReader
LDAP URL : (srv-metasearc.padl.local:636 cn=odisrv+orclhostname=srv-metasearc,cn=registered instances,cn=directory integration platform,cn=products,cn=oraclecontext
Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
Connecting in SSL
LDAP Connection success
Update search count = 100
Intialized the LDAP Reader.
Status Attribute orcluserapplnprovstatus;rasaApp_rasaappDefault Subscription Status Attribute:orcluserapplnprovstatus;rasaapp
Prov Reader – Initialized
Prov Writer – Initialize : Instantiating oracle.ldap.odip.prov.PLSQLEventWriter
[fine] PLSQLEventWriter : Connecting …
Loaded driver..: oracle.jdbc.OracleDriver
Using Service Name to connect – URL : jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.1.2)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=nlidb))),user : nashr
DataBase Connection Success
[fine] PLSQLEventWriter : Call Stmt Initialized successfully….
Writer : Last Applied Change Key : 3480
Prov Writer – Initialized ..
Initialization – Ending ..
Event Propagation – Begin..
Event Propagation – End ..
Updating the Status..
Setting Event Success Count : 0
Setting Event Failure Count : 0
Propagation Status : SUCCESS
Last change Key Set to:3480
Profile status Update – SUCCESS
Cleaned/Closed Readers and Writers
Initialization – Starting for Mode Bootstrap
Prov Reader – Initialize : Instantiating oracle.ldap.odip.prov.AppBootstrapEventReader
Provisioning Failure Retry Limit for App is : 1000
Status Attribute in OID:orcluserapplnprovstatus;rasaApp_rasaapp
Default Subscription Status Attribute:orcluserapplnprovstatus;rasaapp
Timestamp attribute 20080713064905z
LDAP URL : (srv-metasearc.padl.local:636 cn=odisrv+orclhostname=srv-metasearc,cn=registered instances,cn=directory integration platform,cn=products,cn=oraclecontext
Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
Connecting in SSL
LDAP Connection success
AppBootstrap searchFilter : (&(objectclass=orcluserv2)(|(orcluserapplnprovstatus;rasaApp_rasaapp=PROVISIONING_FAILURE)(!(orcluserapplnprovstatus;rasaApp_rasaapp=*))))
Search Time : 16
App Bootstrap Search Successful for application : ‘null’
Intialized the App Bootstrap Event Reader.
Prov Reader – Initialized
Prov Writer – Initialize : Instantiating oracle.ldap.odip.prov.LDAPEventWriter
LDAP URL : (srv-metasearc.padl.local:636 cn=odisrv+orclhostname=srv-metasearc,cn=registered instances,cn=directory integration platform,cn=products,cn=oraclecontext
Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
Connecting in SSL
LDAP Connection success
Retreived Factory from Profile..
Prov Writer – Initialized ..
Initialization – Ending ..
Event Propagation – Begin..
More Data Found..
Reader finds some data…
More Data Found..
Getting Users for the BootStrap cases..
More Data Found..
Processing User – cn=user2
UserCreateTimeStamp 20080714131248z
Application TimeStamp 20080713120917z
Upgrade Timestamp 20080713064905z
Current status : null
Current User FailCount : 0
[fine] Inside Generate Events..
[fine] Object Type identified as : USER
[fine] LDAP Changetype : ADD
[fine] getObjTypeRules:Processing Event Defn (0) – ,Object Type:ENTRY
[fine] getObjTypeRules:Processing Event Defn (1) – ,Object Type:USER
[fine] getObjTypeRules:Matched Object Type :USER
[fine] getObjTypeRules:# Event Rules:0
[fine] EventEngine: No ObjectType Rules for :USER – changeType : ADD
[fine] EventEngine: # Generated Events : 0
Events to write 0
Process Event Status for 0
Not calling status processor
Event Propagation – End ..
Updating the Status..
Cleaned/Closed Readers and Writers
Hi Sir,
This iS Ravi from UK. According the doc –Before MIgrating EBS users to OID, we have to set CLASSPATH env variable point to $APPL_TOP/java(in $APPL_TOP there is no java dir so how we can set CLASSPATH for the $APPL_TOP/java). OR the $JAVA_TOP is already pointing to CLASSPATH env variable so there is any java path has to add existing paths of CLASSPATH env variable in adovars.env ?
Please suggest me and guide.
Thanks in advance
Regards,
Ravi
$APPL_TOP/java should be in CLASSPATH before executing “java oracle.apps.fnd.oid.AppsUserExport” or “java oracle.apps.fnd.oid.LDAPUserImport”
Hi Sir,
This $APPL_TOP/java should be in CLASSPATH is temporary purpose (like export CLASSPATH=$APPL_TOP/java) or permannetly in adovars.env?
before executing “java oracle.apps.fnd.oid.AppsUserExport” or “java oracle.apps.fnd.oid.LDAPUserImport” .
Why CLASSPATH should be in $APPL_TOP/java?
Thanks for your support. Please
Regards,
Ravi
Hi Sir,
The $APPL_TOP/java(created java dir in $APPL_TOP) should be in CLASSPATH is temporary setting(like export CLASSAPTH=$APLL_TOP/java) or permanent setting in adovars.env ?
Please suggest for above.
Thanks,
Ravi
Hi,
The $APPL_TOP/java is sameas $JAVA_TOP….rite?
Hi Sir,
After implementing of Infrastructure 10.1.4 integration with EBS 11i .Canot open the Application home page through sso page but I can open EBS home page throug login of OracleAS10g Infra server console navigate :homepage> >SSO:orasso>Administer via SSO web Application.
Why EBS home page is not opening through http://server:port/oa_servlets/AppsLogin. of using SSO page ?
Any idea on it.
Waiting for your suggestion.
Thanks in advance.
Regards,
Ravi
Ravi,
Install IE http header (tool to enable debugging in browser which shows HTTP header)
Then try accessing apps url to check if this is forwarding request to SSO page or not.
Check in error_log & Jserv log of 11i to check issue
Hi Atul,
I have registered at http://www.teachmeoracle.com , but still my id has not been activated.
MY ICQ Number is : 0601
Username is: vivek_modi1
Please help me on this.
Thanks and Regards,
Vivek Modi.
Facing Issue:
~~~~~~~~~~~~~~~
When we are cloning an 111i Application, after DB recovery when we try to connect to DB from MT Node using below string, we are getting error as,
From MT Node: sqlplus apps/****@SID
SQL*Plus: Release 10.2.0.3.0 – Production on Fri Dec 26 22:55:13 2008
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
ERROR:
ORA-30006: resource busy; acquire with WAIT timeout expired
Any idea for this error.
This errror we are getting only for RAC Instances only and not for Single node DB.
Please advice.
Thanks
Hi Atul,
Please let me know how to restrict the same user connecting with multiple sessions in 11i
in profile option level
Thanks,
Rajesh
Hi!Atul..
I installed OIM11.1.1.3.0 and OER11.1.1.5.0 for Migration.
How to migrate UserData from OIM10g to OIM11g by using the OracleEnterpriseRepository.
Thanks&Regards,
Veeru
@ Veeru,
I am not clear with requirement, Do you want to use Enterprise Repository (OER) to migrate user data from OIM ? (never heard of OER to be used for this purpose)
Do you have any reference doc or any link which talks about using OER for user migration ?
Hi!
Thanks for your reply..
I followed below link for DataMigration.. ..http://www.techrepublic.com/article/migrating-user-files-and-settings/5090551..,in this link he gave this 11.1.1.x.x-OER-10gMigrate.zip file..when i search this zip file..i didnt get anywhere,then i approched the oracle Discussion forum,one of the reply, I got the zip file by using the OER111150_generic.jar..
then after I completed my Installation.then what should I do right now?
Thanks in Advanced,
Veeru
@ Veeru, I can’t find any thing in link which suggestes that this is for OIM (Oracle Identity Manager) or using OER
Thanks for your reply..
Is it use for Data Migration from OIM10g to OIM11g.
What should I do?Please let me know Which is the best option for DataMigration?
Regards,
Veeru
@ Veeru,
Do you have two OIM systems (OIM 10g & OIM 11g) across which you wish to replicate users
or
You have OIM 10g which you wish to upgrade to OIM 11g
OIM – Oracle Identity Manager
Hi!
Thanks for your reply,
Yes,I had two OIM systems(OIM 10g & OIM 11g).I have to Migrate the entire data from OIM10g to OIM11g.Please let me Know Which is the right way to get the Data.
I want to migrate.
Thanks in Advanced,
Veeru
Hi!
1. I’m beginner to OIM. I don’t know about OIM.
2. But,I have two OIM systems(OIM 10g & OIM 11g).
3. I have to Migrate the entire data from OIM10g to OIM11g.
Please let me Know Which is the right way to get the Data.
I want to migrate.
Thanks & Regards
Nagendra.
@ Nagendra,
What you need is a upgrade path from 10g OIM to 11g OIM (I was expecting OIM upgrade in OIM 11.1.1.5 but it looks like its not out yet)
Here is 11.1.1.5 IDAM upgrade guide (steps fro OIM upgrade are not yet in doc)
http://download.oracle.com/docs/cd/E21764_01/upgrade.1111/e10129/toc.htm
So for OIM 10g to OIM 11g will have upgrade scripts which will upgrade OIM schema from 10g OIM to 11g OIM.
Hi!AthulKumar,
Iam new beginer to OIM.now iam insatlling OER11g,but in which way i use the OER11g.Whats the main role and purpose of OER11g.Could you please give the details of OER11g??
Thanks & Regards,
Veeru
@ Veeru,
Check this post to know more about OER 11g http://onlineappsdba.com/index.php/2010/02/25/oracle-launches-soa-governance-11g-enterprise-repository-service-registry-soa-management-with-em-and-web-services-manager/
Hi!
Thanks for your reply,
But i want to see the entire picture for about OER11g.with screen shots. how to use am I?
Thanks & Regards,
veeru
Hi Atul,
I installed OID11.1.1.3 and E-Business Suite 12.1.1 on different machines.
Now I want to Register and integrate Oracle E-Business Suite instance with Oracle Internet Directory (OID).
How to set up user synchronization (provisioning) between Oracle E-Business Suite and OID and
how to Verify that user provisioning is working correctly before proceeding with the rest of this integration.
Thanks & Regars,
Nagendra.
@ Nagendra,
Use below command on EBS
$FND_TOP/bin/txkrun.pl \
-script=SetSSOReg \
-registeroid=yes \
Follow section 6 of doc 876539.1 – Using the Latest Oracle Internet Directory 11gR1 Patchset with Single Sign-on and Oracle E-Business Suite
and Appendix A, Section 1.2. Register Instance and Section 1.4: Register OID of
376811.1 Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On
Also follow my EBS – OID/SSO series at (ignore SSO piece from here).
I am going to cover step by step EBS R12 integration with OID 11.1.1.4 on this blog so stay tuned.
Hi Atul,
I want to integrate OAM 11g and EBS 12.1.1. For that it needs OID(11g).How can I set up and verify synchronization and provisioning of users between EBS and OID.
Thanks & Regards,
Narendra.Ch
Hi Atul,
I’ve been using LDAPUserImport to read a file generated by ldifwrite. It imports users into FND_USER but populates the customer_id column there.
When users are manually created in “Define User” that column is not populated. Is there a way to use LDAPUserImport without populating customer_id? I have already disabled various Business Events named “Cust%create” but no luck.
Thanks,
Leave A Reply