This post covers steps to view and edit libOVD configuration like change binddn and password in adapter configuration.

In OIM 11.1.1.5+ libOVD is alternative to OVD for LDAPSync (integrating OIM with LDAP server like AD or OID)

In OIM 11.1.1.3, If you wish to configure LDAPSync then OVD is mandatory. From 11.1.1.5 OIM onwards, OVD is not mandatory (libOVD is used to sync data between OIM and OID).

  • libOVD configuration is created during OIM configuration stage ($ORACLE_HOME/bin/config.sh) when you select LDAPsync and LDAP server is OID, AD, or ODSEE (earlier Sun directory server).
  • LibOVD configuration is stored in directory $DOMAIN_HOME/ config/ fmwconfig/ ovd/ oim and contains information like LDAP server host, port, binddn (user to connect from OIM to OID for synchronisation).
  • By default configuration tool creates two OVD adapters (oid1 and CHANGELOG_oid1) of type LDAP. To view and change you can use WebLogic Scripting Tool (WLST) or through MBeans in FMW enterprise manager control (/em).

 

During configuration binddn used is cn=orcladmin and modifierDNFilter is set to cn=orcladmin (i.e. If DN of modifier in LDAP server is orcladmin then don’t synchronise user) because of which users updated/created in OID by cn=orcladmin are not being synchronised to OIM (If LDAPSync is configured then users created/updated/deleted in OID/AD should automatically be synchronised to OIM using scheduled Jobs “LDAP User Create and Update Reconciliation and LDAP User Delete Reconciliation” in OIM. More on issues around recon jobs in OIM in future post)

 

Managing libOVD Adapter via WLST

1. Start WLST

cd $MW_HOME/oracle_common/common/bin
./wlst.sh

2. Connect to Admin Server

connect(‘weblogic’,'welcome1′,’t3://innowave12.com:7001′)  — Here weblogic is admin user name of weblogic domain, innowave12.com is server name on which Admin Server is running and 7001 is admin server port is running

3. To list adapters for OIM

listAdapters(contextName=’oim’)

You should see output like

_______
Adapter Name : oid1
Adapter Type : LDAP 

Adapter Name : CHANGELOG_oid1
Adapter Type : LDAP

_______

 

4.  To get adapter details for adapter oid1

 getAdapterDetails(adapterName=’oid1′, contextName=’oim’)

______
wls:/ohsdomain/domainRuntime> getAdapterDetails(adapterName=’oid1′, contextName=’oim’)

DETAILS OF ADAPTER :  oid1
Adapter Type                : LDAP
Name                        : oid1

Virtual NameSpace           : dc=com
Remote NameSpace            : dc=com

LDAP Host                   : [innowave12.com : 3060]
Secure                      : false
Bind DN                     : cn=orcladmin
Pass Credentials            : Always
Max size of Connection Pool : 10

________

5. To modify BindDN to oimLDAP user created during OIM-OAM integration

Update username and password in adapter oid1

modifyLDAPAdapter(adapterName=’oid1′,attribute=’BindDN’, value=’cn=oimLDAP,cn=SystemUsers,dc=com’, contextName=’oim’)

modifyLDAPAdapter(adapterName=’oid1′,attribute=’BindPassword’, value=’welcome1′, contextName=’oim’)

Update username and password in adapter CHANGELOG_oid1

modifyLDAPAdapter(adapterName=’CHANGELOG_oid1′,attribute=’BindDN’, value=’cn=oimLDAP,cn=SystemUsers,dc=com’, contextName=’oim’)

modifyLDAPAdapter(adapterName=’CHANGELOG_oid1′,attribute=’BindPassword’, value=’welcome1′, contextName=’oim’)

 Note: Realm (Domain Name) in OID in above command is “dc=com” , change this value as per your setting.

6. To modify modifierDNFilter in libOVD, open file $DOMAIN_HOME/ config/ fmwconfig/ ovd/ oim/ adapter.os_.xml and search for modifierDNFilter

Change from
!(modifiersname=cn=orcladmin)

to
!(modifiersname=cn=oimLDAP,cn=SystemUsers,dc=com)

Note: OID domain or Realm in this case is dc=com

 

Reference

Related Posts for Identity Manager


  1. Oracle Identity Manager (User Provisioning – Thor)
  2. Installing Oracle Identity Manager (Thor Xellerate)
  3. Oracle Identity Manager 9.1 released
  4. Oracle Identity Manager (Thor Xellerate) Architecture
  5. Resource, Reconciliation, Provisioning and Connector in Oracle Identity Manager #OIM
  6. Oracle Identity Manager (OIM) Connector for Oracle Internet Directory (OID) : Architecture and Overview
  7. Step by Step Installation of OIM Design Console 9.1.0
  8. Error while running PurgeCache in OIM 11g : LoginException unable to find LoginModule class : WebLogic Full Clinet
  9. Integrate OIM 11g with OID using connector for Provisioning / Reconcilliation – Installation
  10. PurgeCache in OIM 11g : CategoryName
  11. OIM LDAP Sync : Overview and Key Points
  12. OIM 11g : How to export/import/delete Files from MDS
  13. Where are OAM details stored in OIM (account unlock, password reset)
  14. libOVD adapters in OIM LDAP Integration : LDAPsync – view and modify Adapter settings (bindDN and bindPassword)
  15. Error Starting OIM Design Console (xlclient.sh) on Linux java.lang. NoClassDefFoundError
  16. OIM 11g Challenge Questions (PCQ) for forgot password
  17. Oracle EBS Integration with OIM (Identity Manager) : Things you should know
  18. Users not synced from OID to OIM : Debug Scheduled Job
  19. OIM Connector for Microsoft : AD, Exchange, Windows, Password Management
  20. Connector Server for OIM connectors : .NET or JAVA
  21. OIM 11g Challenge Questions – Everything you must know
  22. OIM 11g How to add Challenge Questions
  23. OIM : Assign AD resource : An error occurred because the Adapters are not compiled : How to compile adapters in OIM
  24. OIM User Creation : An Error occurred while performing create user operation. Unable to get LDAP connection
  25. OIM – AD integration : Active Directory Group Lookup Recon failed with error Remote Framework Key is invalid
  26. Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) Password Synchronization: Things you must know : Part I
  27. Provision resource “Microsoft Exchange” to user in OIM : Status remains in Provisioning : Part I
  28. Target Resource (or Managed Resource) vs Trusted Source (or Authoritative Source) Mode : OIM integration with applications (AD, OID, OVD, EBS, SAP, HR, LDAP)
  29. 500 Internal server accessing OIM application : com.bea. security.MicroSM. getInstance oracle.iam. platform. authz.impl
  30. Your account is locked. You can unlock your account by going to Forgot Password
  31. OIM 11g : How to find User and Manager details : USR table
  32. OIM 11g : User Detail/Attribute (Description) not visible in OIM User screen : EBS / OID / OIM integration
  33. OIM 11g: The add proxy operation for user XXXXX failed with following error oracle. bpel. services. workflow. client. workflowservieclientException javax.xml.ws.WebServiceException could not determine wsdl ports
  34. Oracle Identity Manager BP07 for 11gR1 PS1 11.1.1.5.7 (16097399) is now available – (Part of Identity Management SUite BP03 16209876)
  35. OIM 11g : SQL to List User’s Manager
  36. OIM integrated with OAM (SSO) showing OIM login screen : User Soft Locked
  37. OIM 11g: Beware if you are applying WebLogic patch !
  38. Help Me : Microsoft Active Directory Password Sync version and latest patch for Oracle Identity Manager 9.1.1.5
  39. Upgrade OIM connector for Microsoft Exchange to 11.1.1.6 Part I
  40. OIM Administrators : Is your OIM database Growing ? Do you purge enough ?