Integrate OIM 11g with OID using connector for Provisioning / Reconcilliation – Installation

This post covers installation of Oracle Identity Manager (OIM) connector to provision or reconcile users to/from Oracle Internet Directory (OID). There is another way to integrate OIM 11g with OID 11g using Oracle Virtual Directory (OVD) which is LDAP Sync .

This post is for OIM-OID integration using pre-built connector and assumes that

  • Oracle Internet Directory is already installed, for OID 11g installation click here.
  • Oracle Identity Manager is already installed, for OIM 11g installation click here

.

OIM Connector for OID Key Points

  • Current OIM connector version for OID is 9.0.4.14
  • You can use OIM-OID connector version 9.0.4.12 to integrate OIM 9.X/11g with OID 10g/11g
  • This post uses OID superuser “cn=orcladmin” to connect from OIM to OID (It is recommended to create user in OID, dedicated to be used by OIM-OID connector)

.

OIM-OID connector installation/configuration

1. Download OIM-OID connector from  here

2. Download LDAP-1_2_4.zip from here (Click on “Download JNDI 1.2.1” and then click on  ldap-1_2_4.zip)  extract LDAP-1_2_4.zip and copy ldap.jar, ldapbp.jar (this is under lib directory) and copy it to $ORACLE_HOME/server/ThirdParty (on OIM Server)

3. Install OIM-OID connector
3.1 Copy OIM/OID connector software (OID_904120.zip) to $ORACLE_HOME/ server/ ConnectorDefaultDirectory (on OIM Server)

3.2
Unzip OID_904120.zip

3.3
Login to OIM Administrator URL (http://server:14000/oim – xelsysadm / xelsysadm_password)

3.4
Click on Advanced tab (This is OIM Advanced Administration Console)
.

.
3.5 Click on Install Connector under System Management
.

.
3.6 From Connector List drop down select “Oracle Internet Directory 9.0.4.12” and click Load and then click on Continue
.

.
3.8 On successful connector installation, message indicating successful installation is displayed. In my case installation failed at compilation

DOBJ.EVT_INTERNAL_ERROR Adapter Compilation Failure Bulk Exception
.

.
.
Check logs in $MW_HOME/ user_projects/ domain/ base_domain/ servers/ oim_server1/ logs

____________
<Dec 19, 2010 6:54:17 PM GMT> <Error> <XELLERATE.ACCOUNTMANAGEMENT> <BEA-000000> <Class/Method: tcAdapterOperationsBean/compileAdapter encounter some problems: maoRejections:The event handler /tmp/oracle/oim/adapters/adpOIDCREATEUSER.java (Too many open files) on data object $classname$ encountered an

internal error. : /tmp/oracle/oim/adapters/adpOIDCREATEUSER.java (Too many open files)>
<Dec 19, 2010 6:54:17 PM GMT> <Error> <XELLERATE.ADAPTERS> <BEA-000000> <Class/Method: tcAdpUtils/genXellerateAdapter encounter some problems:

/tmp/oracle/oim/adapters/adpOIDADDUSERTOROLE.java (Too many open files)
java.io.FileNotFoundException: /tmp/oracle/oim/adapters/adpOIDADDUSERTOROLE.java (Too many open files)
at java.io.FileOutputStream.open(Native Method)
at java.io.FileOutputStream.<init>(FileOutputStream.java:179)
at java.io.FileOutputStream.<init>(FileOutputStream.java:131)
___________

Fix : Increase number of open file by updating /etc/security/limits.conf

3.9 Run Oracle Identity Manager PurgeCache utility to load the server cache with content from the connector resource bundle in order to view the list of prerequisites

set WL_HOME
ORACLE_HOME/server/bin/purgeCache.sh All

When prompted for
[Enter the admin username:]  entter xelsysadm
[Enter the admin username:]  entter xelsysadm
[Enter the service URL:]  t3://server:14000

Note: Ensure that WebLogic Full Client jar file is created under $WL_HOME/server/lib/wlfullclient.jar , check here

3.10 Configure IT resource

3.10.1Login to OIM Administrator URL (http://server:14000/oim – xelsysadm/xelsysadm_password) and click on Advanced tab on top right menu bar

3.10.2 Click on “Manage IT Resource” under Configuration
.

.

3.10.3 In the IT Resource Type field on the Manage IT Resource page, select OID Server and then click Search. Click the edit icon for the IT resource. 


.
3.10.4 Specify values for the parameters of the IT resource.

Admin ID: DN value of the user who has administrator rights on the Oracle Internet Directory server  (cn=orcladmin,cn=users,dc=mydomain,dc=com)
Admin Password : Password of user mentioned in Admin ID
Root DN: OID Domain (also called Realm)
Port : OID Port (default port for OID 11g is 3060 and for OID 10G 389 )
Server: OID Server
.

.
4. Perform first time reconciliation
First-time or full reconciliation involves reconciling all existing user records from the target system (OID) into Oracle Identity Manager (OIM)

4.1Perform lookup field synchronization (Run following tasks – Organization Lookup Reconciliation, Role Lookup Reconciliation, Group Lookup Reconciliation)

4.1.1From OIM Administration console, click on “Advanced” under “System Management” click on “Search Scduled Jobs” and search for “OID Organization Lookup Reconciliation”, Click on “Run Now

Repeat this for “OID Role Lookup Reconciliation” & “OID Group Lookup Reconciliation”

4.2 Perform user reconciliation

4.2.1From OIM Administration console, click on “Advanced” under “System Management” click on “Search Scheduled Jobs” and search for “OID User Target Recon Task“, click on “Run Now”

If you get error like
______
Exception java.lang.NoClassDefFoundError: com/sun/jndi/ldap
Message /ctl/PagedResultsControl
_______

Enure that you have ldapbp.jar & ldap.jaris in $ORACLE_HOME/server/ThirdParty

5. Test Provisioning Operation using link here

.

References

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

41 comments
Raj says March 24, 2011

Do properties(like search context in OID) need to be changed before running “OID Role Lookup Reconciliation” & “OID Group Lookup Reconciliation”?

Reply
tcarlson says March 30, 2011

We are receiving the following error:
<java.io.FileNotFoundException: /opt/oracle/product/ fmw/user_projects/domains/IDMDomain/ servers/AdminServer/ data/ldap/ replicadata/ wls_ods1.status (Too many open files)

Above you mention increasing the number of open file by updating /etc/security/limits.conf… to how many? Which requirement is increased? ulimit -n returns 1024…

Reply
Atul Kumar says March 31, 2011

@ tcarlson,
It depends on operating system you are using .

Set value to atleast 4096

Check this

http://download.oracle.com/docs/cd/E17904_01/integration.1111/e10226/appx_trouble.htm#BABCCJJE

Reply
vamsi56 says May 25, 2011

The page that selects the connector says that:

No configuration files exist for this connector.

Ensure that valid configuration XML files exist in the configuration directory.

Reply
vamsi56 says May 26, 2011

It was solved..I have restarted the oim server and it worked

Reply
vamsi56 says May 26, 2011

Now, when I try to provision the user the above OID resource, it throws me an exception as

DOBJ.ORC_NO_ORDER
An error occurred while retrieving process information null : null

I did not get this error while I was installing the connector.

Reply
Gupta says May 27, 2011

Hi,

I am trying to do OIM 11g trusted source reconciliation using GTC + DBAT.

I finished all the steps. I got a message that “connector created successfully” in the design console and i successfully run that job but the user not created in OIM .

I don’t know what is the problem please help me…

Thanks & Regards,
Gupta Katakam.

Reply
Atul Kumar says May 27, 2011

@ Gupta,

As per trusted source reconciliation ->
http://download.oracle.com/docs/cd/E17904_01/doc.1111/e14309/about.htm#OMDEV405

– If the reconciliation engine detects new target system accounts, it creates corresponding Oracle Identity Manager users.

Enable debugging in connector , use logging feature as described in

http://download.oracle.com/docs/cd/E17904_01/doc.1111/e14308/log.htm#CEGEAGIB for logger Xellerate.GC.*

Reply
Gupta says May 30, 2011

Thanks for your reply,

I can’t understand why I am getting the error that

“Misfire Handler Error in QRTZ: Problem with creating a user in OIM by using GTC connector”

please send me solution to fix this problem….

Thanks & Regards,

Gupta Katakam.

Reply
Atul Kumar says May 30, 2011

@ Gupta,
See if your issue is related to

1288334.1 MisfireHandler: Error handling misfires: Unexpected runtime exception: null

Above note is from Oracle My Support (earlier metalink)

Reply
vamsi56 says June 10, 2011

Hi Atul,

Could you please provide one section related to database application table – reconciliation and provisioning.
—-> reconcile to OIM —-> OIM provisioning this data to another database

Then, a developed application will verify the user credentials with .

Thanks,
Vamsi.

Reply
vamsi56 says June 10, 2011

Hi Atul,

Could you please provide one section related to database application table – reconciliation and provisioning.
hr_database data —-> reconcile to OIM —-> OIM provisioning this data to another database app_database

Then, a developed application will verify the user credentials with app_database.

Thanks,
Vamsi.

Reply
Jeremy says November 3, 2011

Hello – has anyone succeeded in getting the OID User Trusted or Target Recon jobs to run using the “periodic” scheduler in OIM 11g? While these jobs run fine when I kick them off manually with “Run Now”, they don’t seem to get started properly by the periodic scheduler. I see one line logged in my log files (com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation LDAP RECONCILIATION CLASS Instance Created) but nothing after that.

Reply
Naveen says November 15, 2011

Hi Atul,
I am able to create organisation unit, groups and users in OIM and it is getting to OID using the OID connector without an issue. But I am not able to add the user to a group during provisioning.When I am creating a user and provisioning it, I am not to search the role or groups.What needs to be done here?

Reply
oamadminuser says December 19, 2011

Hi again Atul,
Do you have an article or any comments on installing and configuring the HR (R12) -> OID (11g) connector?

According to the Administrator’s Guide to DIP 11.1.1, this needs both integration profile (e.g. prepackaged profile) and HR Agent.

But after installing Weblogic 10.3.5 and OID 11.1.1.5 (with DIP and OID, but not OIF), I see nothing in the Enterprise Manager console for Synchronization or Provisioning profiles, though $MW_HOME/Oracle_IDM1/ldap/odi/confg/hragent.properties, oraclehragent.cfg.master and oraclehragent.map.master all exist.

I will install the 2 EBiz connectors from OTN, but do I need any other Fusion Middleware s/w e.g. SOA, to get the HR connector going?

Do I need to install other components of Fusion Middleware e.g. SOA to get the HR connector going?

Your comments much appreciated. Thanks,

Reply
Atul Kumar says December 19, 2011

@ oamadminuser,

Q: I will install the 2 EBiz connectors from OTN, but do I need any other Fusion Middleware s/w e.g. SOA, to get the HR connector going?

A: which EBiz conector are you talking ?
Is this EBS user management and EBS employee reconciliation ?, is yes then you would need OIM/SOA 11g

Reply
Jyothi says May 7, 2012

Hi Atul, I in my idenitity management envt, I have installed OVD also along with OID. So, does it mean that I do not need to install OIM connector for OID ? Can you please confirm this one. Otherwise, I will have to install and configure connector now.

Also, when I created 2 users in OIM console, I see them in OID. Does it mean the reconciliation has already taken place ?

thank you for your time and greatly apprecite.

Jyothi

Reply
    Atul Kumar says May 8, 2012

    @ Jyoti,
    During OIM configuration did you select LDAPSynch ? If yes, then that almost similar to configuring OID connector.

    If you can see users from OIM to OID, it looks like LDAPSynch is configured and working fine for you.

    Reply
Jyothi says May 8, 2012

Thank you Atul. I can see the users crated in OIM are visible in OID and also I can login into OIM using these users. Earlier I had issues with new users but the issue is resolved.

thanks
Jyothi

Reply
Alex says May 15, 2012

Hey Atul,

I’m getting a very similar error message during OID install, wondering if you have ever seen this:

DOBJ.EVT_INTERNAL_ERROR
The event handler null on data object $classname$ encountered an internal error. : null

java.lang.NullPointerException

I looked in design console and all the adapters are there but cannot be compiled, throwing the same error.

Any ideas?

Reply
mskosan says May 15, 2012

Hi Atul,

Thanks for your post. I have a question, when I run the “OID User Trusted Recon”, my OIM log file reports the error: ReconciliationException: Matching rule where clause is null. Do you have any ideas on how to resolve this error?

Reply
Odesa says June 7, 2012

Hi, Mahendra
Thanks for your post.
Do you have any ideas on how you to integrate or configure the OIM using connector Microsoft Active Directory User Management?

Thanks you,

Reply
Atul Kumar says June 7, 2012

@ Odesa,
To configure/deploy OIM connector for microsoft active directory user management check this guide
http://docs.oracle.com/cd/E22999_01/doc.111/e20347/deploy.htm

Regards
Atul Kumar

Reply
Gupta says June 15, 2012

Hi Atul,

Thank you for your previous replies about DBAT Connector.

Now I am trying to perform OID User Trusted Recon. My OIM version is 11.1.1.5 and I am using OID 904140.

The problem is When I run the OID User Trusted Recon newly created records in OID as well as modified records in OID are only get recoiled. Existed user records in OID not get reconciled to OIM. I changed Last Trusted Recon TimeStamp in Manage IT Resource to 0 and tried but still the issue is not solved.

Could you please tell me which parameters I need to change.

Thanks,
Gupta

Reply
sunnyajmera says October 31, 2012

Hi Atul,

Do you have any example of using OID connector 11.1.1.5 with OIM11g?

Reply
Atul Kumar says October 31, 2012

@ sunnyajmera,
Are you not using LDAPSync to integrate OIM11g with OID ? Why do you want to install and configure connector ?

Atul

Reply
sunil sharma says January 28, 2013

Hi Atul,
In the step given above when i click on continue the oim_server1 server get closed with the error in the diagnostic log is

Caused by: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique
constraint (DEV_OIM.OIMHOME_JARS_UNIQUE) violated

at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:457)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:889)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:476)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:204)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:540)
at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.
java:217)
at oracle.jdbc.driver.T4CPreparedStatement.executeForRows(T4CPreparedSta
tement.java:1079)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStateme
nt.java:1466)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePrep
aredStatement.java:3752)
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePrepar
edStatement.java:3887)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeUpdate(Oracl
ePreparedStatementWrapper.java:1508)
at weblogic.jdbc.wrapper.PreparedStatement.executeUpdate(PreparedStateme
nt.java:172)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.exec
uteDirectNoSelect(DatabaseAccessor.java:831)
… 103 more

#
# A fatal error has been detected by the Java Runtime Environment:
#
# java.lang.OutOfMemoryError: requested 278408 bytes for Chunk::new. Out of swap
space?
#
# Internal Error (allocation.cpp:272), pid=8824, tid=9188
# Error: Chunk::new
#
# JRE version: 6.0_24-b07
# Java VM: Java HotSpot(TM) Server VM (19.1-b02 mixed mode windows-x86 )
# An error report file with more information is saved as:
# D:\Oracle\Middleware\user_projects\domains\base_domain\hs_err_pid8824.log
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
#

D:\Oracle\Middleware\user_projects\domains\base_domain\bin>

Reply
sunil sharma says January 28, 2013

Hi,
These are some other log details

[ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: d75f319c62a949fd:-397c155:13c7f5c03b9:-8000-00000000000000eb,0] [APP: oim#11.1.1.3.0] Can’t insert page ‘/tiles/common/tjspHeader.jsp’ : Software caused connection abort: socket write error[[
java.net.SocketException: Software caused connection abort: socket write error
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at weblogic.servlet.internal.ChunkOutput.writeChunkTransfer(ChunkOutput.java:568)
at weblogic.servlet.internal.ChunkOutput.writeChunks(ChunkOutput.java:539)
at weblogic.servlet.internal.ChunkOutput.flush(ChunkOutput.java:427)
at weblogic.servlet.internal.CharsetChunkOutput.flush(CharsetChunkOutput.java:298)
at weblogic.servlet.internal.ChunkOutputWrapper.flush(ChunkOutputWrapper.java:188)
at weblogic.servlet.jsp.JspWriterImpl.flush(JspWriterImpl.java:99)
at org.apache.struts.tiles.taglib.InsertTag$InsertHandler.doEndTag(InsertTag.java:893)
at org.apache.struts.tiles.taglib.InsertTag.doEndTag(InsertTag.java:465)
at jsp_servlet._layouts.__tjspclassiclayout._jsp__tag1(__tjspclassiclayout.java:302)
at jsp_servlet._layouts.__tjspclassiclayout._jspService(__tjspclassiclayout.java:236)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:526)
at weblogic.servlet.internal.RequestDispatcherImpl.include(RequestDispatcherImpl.java:447)
at weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:163)
at weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:184)
at sun.reflect.GeneratedMethodAccessor808.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.tiles.TilesUtilImpl.doInclude(TilesUtilImpl.java:129)
at org.apache.struts.tiles.TilesUtil.doInclude(TilesUtil.java:152)
at org.apache.struts.tiles.taglib.InsertTag.doInclude(InsertTag.java:764)
at org.apache.struts.tiles.taglib.InsertTag$InsertHandler.doEndTag(InsertTag.java:896)
at org.apache.struts.tiles.taglib.InsertTag.doEndTag(InsertTag.java:465)
at jsp_servlet._pages.__ciwinstallpages._jsp__tag1(__ciwinstallpages.java:151)
at jsp_servlet._pages.__ciwinstallpages._jspService(__ciwinstallpages.java:82)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:416)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:327)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

please let me know how to solve these issue.Thanks in advance.It is connected with above message.

Reply
Atul Kumar says January 28, 2013

@ Sunil Sharma,
Your issue is

____

Caused by: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (DEV_OIM.OIMHOME_JARS_UNIQUE) violate

# java.lang.OutOfMemoryError: requested 278408 bytes for Chunk::new. Out of swap space?
____

Bounce OIM and then try again, raise an SR for ORA-00001: unique constraint (DEV_OIM.OIMHOME_JARS_UNIQUE) violate

Reply
sunil sharma says January 28, 2013

Hi Atul,
Thanks for your reply.We dont have oracle support,so it is not possible for us to raise sr. Please suggest any other solution.If possible please give solution to my question on modification of user also.There i have provide the necessary log details,please check that also.

Reply
Keith says March 27, 2013

Hi Atul,
I would like to setup a different user for the connector other than orcladmin. Can you tell me what rights need to be assigned out of OID for this?

Reply
Diana says August 30, 2013

Got a ??? Related to OIM 11gr2 request catalog. I got an application that needs the user db connector and the entitlement for AD groups. (2request) Since those are separate request an it confuses people how can I create a rule that triggers a request than when a user is provision to an account it adds entitlement to AD right away.

Reply
    Atul Kumar says August 30, 2013

    @ Diana,

    When you define policy to provision AD resource form you select Assigned Groups option and select all the groups that you need in AD .

    Reply
Priya says August 30, 2013

Hope you are doing well.

while running the OID Connector Group Lookup Reconciliation task
I am getting this error
org.identityconnectors.framework.common.exceptions.ConfigurationException: Bundle oimjar://local:0ldapbp.jar is missing required attribute ‘ConnectorBundle-FrameworkVersion’.

I ‘ve done the Pre & Post installation task of the connector software (OID-11.1.1.6.0.zip) without any Issue.

Here is the IT resource Details and Parameters that i configured.

Parameter Value
Configuration Lookup Lookup.OID.Configuration
Connector Server Name
baseContexts “dc=oracle,dc=com”
credentials ********
failover
host oracle.com
port 3060
principal cn=orcladmin
ssl false

also Extracted ldap.jar and ldapbp.jar
from the lib directory of ldap-1_2_4.zip. and copied these two jar files to
the $OIM_ORACLE_HOME/server/ThirdParty directory AND run the PurgeCache.sh all without any issue.

Could you tell what am missing here.

Reply
rajus says February 12, 2014

Hi Atul:

If we have OAM 10 g installation where we used the Identity Server capabilities in Identity Server portion of OAM. Now ehen we want to move all of this to OAM 11g, should we use OIM with a connector to OID to do same provisioning and manage those users through OIM?

The reason I am asking is now in 11g OAM/OIM are separate and I believe OAM 11g doesn’t have any user/group/org management features in OAM 11g.

So to keep the business process same as before (using workflows in OAM 10g) to create users, we should use OIM 11g+connector+SOA workflow to achieve similar result?

Thanks in advance.

Cheers,
rajus

Reply
maninder says February 18, 2014

Following are the details.

1: OIM version: OIM 11.1.1.5.0
2: OID Connector version: 9.0.4.12
3:LDAP version(OID version): 11.1.1.5.0
4: followed the steps below using the Doc link http://docs.oracle.com/cd/E22999_01/doc.111/e28603/deploy.htm#BGBHFEHF

4.1: downloaded and Installed the OID connector on default directory of the OIM home. On to the Admin console loaded the OID connector and Installed it.
4.2: IT resource Configuration.
4.3: Run the scheduled task
Perform lookup field synchronization (Run following tasks – Organization Lookup Reconciliation, Role Lookup Reconciliation, Group Lookup Reconciliation) and OID User Target Recon Task“, click on “Run Now”

Just to inform that the users are provisioned from OIM to OID.
Not sure y recon is not happening.

Reply
Atul Kumar says February 18, 2014

@maninder,
Is there issue with Recon ?

Do you see recon event generated in OIM console ?

Reply
maninder says February 18, 2014

yeah recon is not working ,
there is no recon event generated in OIM consol

Reply
Atul Kumar says February 18, 2014

@ What do you see in logs when scheduled Job is run

Reply
maninder says February 18, 2014

there is no error in log .

except the following line every time I run the job

[userId: oiminternal] [ecid: 44565d18e5e0a0a9:13eb4a56:14443bb7d98:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] Generic Information: db query:select RECON_EVENTS.RE_KEY, RECON_BATCHES.RB_PROFILE_NAME, RECON_EVENTS.RE_MODIFY from RECON_EVENTS, RECON_BATCHES where RECON_EVENTS.RB_KEY = RECON_BATCHES.RB_KEY and RECON_EVENTS.RE_CURR_RETRY_CNT > 0 and RECON_EVENTS.RE_CHANGE_TYPE != ‘DELETE’ and (RECON_EVENTS.RE_STATUS IN (‘Creation Failed’, ‘Update Failed’) or (RECON_EVENTS.RE_ENTITY_TYPE = ‘Account’ and RECON_EVENTS.RE_STATUS IN (‘No User Match Found’, ‘No Org Match Found’)) or (RECON_EVENTS.RE_ENTITY_TYPE = ‘User’ and RECON_EVENTS.RE_STATUS IN ‘Data Validation Failed’) or (RECON_EVENTS.RE_ENTITY_TYPE = ‘Role’ and RECON_EVENTS.RE_STATUS = ‘Data Validation Failed’ and RECON_EVENTS.RE_NOTE like ‘Invalid Role Category%’) or (RECON_EVENTS.RE_ENTITY_TYPE = ‘RoleRole’ and RECON_EVENTS.RE_STATUS IN (‘No Role Parent Found’, ‘No Role Match Found’)) or (recon_events.RE_ENTITY_TYPE = ‘RoleUser’ and recon_events.RE_STATUS IN (‘No Role Member Found’, ‘No Role Match Found’))) order by re_key

Reply
Add Your Reply