This post covers installation of Oracle Identity Manager (OIM) connector to provision or reconcile users to/from Oracle Internet Directory (OID). There is another way to integrate OIM 11g with OID 11g using Oracle Virtual Directory (OVD) which is LDAP Sync .

This post is for OIM-OID integration using pre-built connector and assumes that

  • Oracle Internet Directory is already installed, for OID 11g installation click here.
  • Oracle Identity Manager is already installed, for OIM 11g installation click here

.

OIM Connector for OID Key Points

  • Current OIM connector version for OID is 9.0.4.14
  • You can use OIM-OID connector version 9.0.4.12 to integrate OIM 9.X/11g with OID 10g/11g
  • This post uses OID superuser “cn=orcladmin” to connect from OIM to OID (It is recommended to create user in OID, dedicated to be used by OIM-OID connector)

.

OIM-OID connector installation/configuration

1. Download OIM-OID connector from  here

2. Download LDAP-1_2_4.zip from here (Click on “Download JNDI 1.2.1” and then click on  ldap-1_2_4.zip)  extract LDAP-1_2_4.zip and copy ldap.jar, ldapbp.jar (this is under lib directory) and copy it to $ORACLE_HOME/server/ThirdParty (on OIM Server)

3. Install OIM-OID connector
3.1 Copy OIM/OID connector software (OID_904120.zip) to $ORACLE_HOME/ server/ ConnectorDefaultDirectory (on OIM Server)

3.2
Unzip OID_904120.zip

3.3
Login to OIM Administrator URL (http://server:14000/oim – xelsysadm / xelsysadm_password)

3.4
Click on Advanced tab (This is OIM Advanced Administration Console)
.

.
3.5 Click on Install Connector under System Management
.

.
3.6 From Connector List drop down select “Oracle Internet Directory 9.0.4.12” and click Load and then click on Continue
.

.
3.8 On successful connector installation, message indicating successful installation is displayed. In my case installation failed at compilation

DOBJ.EVT_INTERNAL_ERROR Adapter Compilation Failure Bulk Exception
.

.
.
Check logs in $MW_HOME/ user_projects/ domain/ base_domain/ servers/ oim_server1/ logs

____________
<Dec 19, 2010 6:54:17 PM GMT> <Error> <XELLERATE.ACCOUNTMANAGEMENT> <BEA-000000> <Class/Method: tcAdapterOperationsBean/compileAdapter encounter some problems: maoRejections:The event handler /tmp/oracle/oim/adapters/adpOIDCREATEUSER.java (Too many open files) on data object $classname$ encountered an

internal error. : /tmp/oracle/oim/adapters/adpOIDCREATEUSER.java (Too many open files)>
<Dec 19, 2010 6:54:17 PM GMT> <Error> <XELLERATE.ADAPTERS> <BEA-000000> <Class/Method: tcAdpUtils/genXellerateAdapter encounter some problems:

/tmp/oracle/oim/adapters/adpOIDADDUSERTOROLE.java (Too many open files)
java.io.FileNotFoundException: /tmp/oracle/oim/adapters/adpOIDADDUSERTOROLE.java (Too many open files)
at java.io.FileOutputStream.open(Native Method)
at java.io.FileOutputStream.<init>(FileOutputStream.java:179)
at java.io.FileOutputStream.<init>(FileOutputStream.java:131)
___________

Fix : Increase number of open file by updating /etc/security/limits.conf

3.9 Run Oracle Identity Manager PurgeCache utility to load the server cache with content from the connector resource bundle in order to view the list of prerequisites

set WL_HOME
ORACLE_HOME/server/bin/purgeCache.sh All

When prompted for
[Enter the admin username:]  entter xelsysadm
[Enter the admin username:]  entter xelsysadm
[Enter the service URL:]  t3://server:14000

Note: Ensure that WebLogic Full Client jar file is created under $WL_HOME/server/lib/wlfullclient.jar , check here

3.10 Configure IT resource

3.10.1Login to OIM Administrator URL (http://server:14000/oim – xelsysadm/xelsysadm_password) and click on Advanced tab on top right menu bar

3.10.2 Click on “Manage IT Resource” under Configuration
.

.

3.10.3 In the IT Resource Type field on the Manage IT Resource page, select OID Server and then click Search. Click the edit icon for the IT resource. 


.
3.10.4 Specify values for the parameters of the IT resource.

Admin ID: DN value of the user who has administrator rights on the Oracle Internet Directory server  (cn=orcladmin,cn=users,dc=mydomain,dc=com)
Admin Password : Password of user mentioned in Admin ID
Root DN: OID Domain (also called Realm)
Port : OID Port (default port for OID 11g is 3060 and for OID 10G 389 )
Server: OID Server
.

.
4. Perform first time reconciliation
First-time or full reconciliation involves reconciling all existing user records from the target system (OID) into Oracle Identity Manager (OIM)

4.1Perform lookup field synchronization (Run following tasks – Organization Lookup Reconciliation, Role Lookup Reconciliation, Group Lookup Reconciliation)

4.1.1From OIM Administration console, click on “Advanced” under “System Management” click on “Search Scduled Jobs” and search for “OID Organization Lookup Reconciliation”, Click on “Run Now

Repeat this for “OID Role Lookup Reconciliation” & “OID Group Lookup Reconciliation”

4.2 Perform user reconciliation

4.2.1From OIM Administration console, click on “Advanced” under “System Management” click on “Search Scheduled Jobs” and search for “OID User Target Recon Task“, click on “Run Now”

If you get error like
______
Exception java.lang.NoClassDefFoundError: com/sun/jndi/ldap
Message /ctl/PagedResultsControl
_______

Enure that you have ldapbp.jar & ldap.jaris in $ORACLE_HOME/server/ThirdParty

5. Test Provisioning Operation using link here

.

References

Related Posts for Identity Manager


  1. Oracle Identity Manager (User Provisioning – Thor)
  2. Installing Oracle Identity Manager (Thor Xellerate)
  3. Oracle Identity Manager 9.1 released
  4. Oracle Identity Manager (Thor Xellerate) Architecture
  5. Resource, Reconciliation, Provisioning and Connector in Oracle Identity Manager #OIM
  6. Oracle Identity Manager (OIM) Connector for Oracle Internet Directory (OID) : Architecture and Overview
  7. Step by Step Installation of OIM Design Console 9.1.0
  8. Error while running PurgeCache in OIM 11g : LoginException unable to find LoginModule class : WebLogic Full Clinet
  9. Integrate OIM 11g with OID using connector for Provisioning / Reconcilliation – Installation
  10. PurgeCache in OIM 11g : CategoryName
  11. OIM LDAP Sync : Overview and Key Points
  12. OIM 11g : How to export/import/delete Files from MDS
  13. Where are OAM details stored in OIM (account unlock, password reset)
  14. libOVD adapters in OIM LDAP Integration : LDAPsync – view and modify Adapter settings (bindDN and bindPassword)
  15. Error Starting OIM Design Console (xlclient.sh) on Linux java.lang. NoClassDefFoundError
  16. OIM 11g Challenge Questions (PCQ) for forgot password
  17. Oracle EBS Integration with OIM (Identity Manager) : Things you should know
  18. Users not synced from OID to OIM : Debug Scheduled Job
  19. OIM Connector for Microsoft : AD, Exchange, Windows, Password Management
  20. Connector Server for OIM connectors : .NET or JAVA
  21. OIM 11g Challenge Questions – Everything you must know
  22. OIM 11g How to add Challenge Questions
  23. OIM : Assign AD resource : An error occurred because the Adapters are not compiled : How to compile adapters in OIM
  24. OIM User Creation : An Error occurred while performing create user operation. Unable to get LDAP connection
  25. OIM – AD integration : Active Directory Group Lookup Recon failed with error Remote Framework Key is invalid
  26. Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) Password Synchronization: Things you must know : Part I
  27. Provision resource “Microsoft Exchange” to user in OIM : Status remains in Provisioning : Part I
  28. Target Resource (or Managed Resource) vs Trusted Source (or Authoritative Source) Mode : OIM integration with applications (AD, OID, OVD, EBS, SAP, HR, LDAP)
  29. 500 Internal server accessing OIM application : com.bea. security.MicroSM. getInstance oracle.iam. platform. authz.impl
  30. Your account is locked. You can unlock your account by going to Forgot Password
  31. OIM 11g : How to find User and Manager details : USR table
  32. OIM 11g : User Detail/Attribute (Description) not visible in OIM User screen : EBS / OID / OIM integration
  33. OIM 11g: The add proxy operation for user XXXXX failed with following error oracle. bpel. services. workflow. client. workflowservieclientException javax.xml.ws.WebServiceException could not determine wsdl ports
  34. Oracle Identity Manager BP07 for 11gR1 PS1 11.1.1.5.7 (16097399) is now available – (Part of Identity Management SUite BP03 16209876)
  35. OIM 11g : SQL to List User’s Manager
  36. OIM integrated with OAM (SSO) showing OIM login screen : User Soft Locked
  37. OIM 11g: Beware if you are applying WebLogic patch !
  38. Help Me : Microsoft Active Directory Password Sync version and latest patch for Oracle Identity Manager 9.1.1.5
  39. Upgrade OIM connector for Microsoft Exchange to 11.1.1.6 Part I
  40. OIM Administrators : Is your OIM database Growing ? Do you purge enough ?
  41. EBS Integration with OIM : Employee Reconciliation : NumberFormatException: “BUSINESS_GROUP_ID”
  42. OIM EBS User Management : eBusiness UM Lookup Definition Reconciliation failed with Invalid Schedule Task Parameter