This post covers steps to debug reconciliation issues for Users/Roles from LDAP server to OIM 11g.

Users between OIM 11g and OID (or other LDAP Servers) can be synchronised either using LDAPSync  (For LDAPsync with OVD check here ) or using OIM connectors (For OID connector click here).

I recently integrated OIM with OID using LDAPSync and then configured OIM to reconcile users from identity store (OID in my case). As part of this integration I also successfully executed scheduled job “LDAP  User Create and Update Full Reconciliation” (This scheduled job is required to run once that will bring all existing users from OID in to OIM). As part of this Job (Full Reconciliation), all users in Identity Store (OID or other LDAP Server) should be be synchronized to OIM.



In my case even after full user reconciliation (LDAP User Create and Update Full Reconciliation), some users like weblogic_idm, oamADMIN, or oamLDAP created as part of OIM/OAM integration were missing in OIM. (more on OIM/OAM integration here and here)

There were no errors in OIM managed servers logs and scheduled job LDAP User Create and Update Full Reconciliation completed with success.


How to troubleshoot User/Role synchronization issue in OIM ?

If you hit this or similar problem then configure logging in OIM. There are two type of logging in OIM, ODL (Oracle Diagnostic Logging) and log4j

Configure ODL for logger xellerate.scheduler and xellerate.scheduler.task in logging.xml

1. Open file $DOMAIN_HOME/ config/ fmwconfig/ servers/<OIM SERVER>/logging.xml

and add entry like

<logger name=’XELLERATE.SCHEDULER’ level=’TRACE:32′ useParentHandlers=’false’>
<handler name=’odl-handler’/>
<handler name=’console-handler’/>
</logger><logger name=’XELLERATE.SCHEDULER.TASK’ level=’TRACE:32′ useParentHandlers=’false’>
<handler name=’odl-handler’/>
<handler name=’console-handler’/>



2. Restart OIM Managed Server

3. Run scheduled job LDAP User Create and Update Full Reconciliation

4. Check log file $DOMAIN_HOME/ servers/ <oim_server1>/ logs/ oim-server1-diagnostic.log

In my case error message looks like


[2012-06-08T13:03:18.370+00:00] [oim_server1] [NOTIFICATION] [IAM-5010000] [oracle.iam.reconciliation.impl] [tid: OIMQuartzScheduler_Worker-7] [userId: oiminternal] [ecid: 34eea5fc76281eb7:-4d17507:137cc2d7dca:-8000-0000000000000002,0] [APP: oim#] Generic Information: createEvent Input Data : {uid=weblogic_idm, mail=weblogic_idm, sn=weblogic_idm, cn=weblogic_idm, orclguid=C1CCB6F162029494E0408E51846D40A9, Organization Name=Xellerate Users, OIM User Type=End-User, givenname=weblogic_idm, dn=cn=weblogic_idm, cn=Users,dc=focusthread, dc=com, employeetype=Full-Time}[[
eventAttribs : serialVersionUID:1357809523267688155 dateFormat:yyyy/MM/dd HH:mm:ss z changeType:REGULAR eventFinished:true actionDate:null


[2012-06-12T16:14:27.312+00:00] [oim_server1] [NOTIFICATION] [IAM-0080006] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: oiminternal] [ecid: 34eea5fc76281eb7:-7b86137: 137cce34de8:-8000-0000000 000000002,0] [APP: oim#] Orchestration process moved to failed stage, and the corresponding error is – {0}[[oracle.iam.platform. kernel.EventFailedException: IAM-3051103: The create operation on user entity failed in action stage.:
at oracle.iam.identity.usermgmt. utils.UserManagerUtils. createEventFailedException(
at oracle.iam.identity. usermgmt.utils.UserManager Utils.createEventFailedException (
at oracle.iam. identity.usermgmt. impl.handlers.create. CreateUserActionHandler.execute (
at oracle.iam.identity. usermgmt.impl.handlers. create.CreateUserActionHandler. execute(

[2012-06-12T16:14:27.553+00:00] [oim_server1] [NOTIFICATION] [IAM-5010006] [oracle.iam.reconciliation.impl] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: oiminternal] [ecid: 34eea5fc76281eb7:-7b86137:137cce34de8:-8000-0000000000000002,0] [APP: oim#] The following exception occurred: {0}[[oracle.iam.reconciliation. exception.CreateUserException: oracle.iam.platform. kernel.EventFailedException: IAM-3051103:The create operation on user entity failed in action stage.:at oracle.iam.reconciliation. impl.UserHandler.create( at oracle.iam. reconciliation.impl.UserHandler.applyRule(
at oracle.iam. reconciliation.impl. UserHandler.process ( at oracle.iam. reconciliation. impl.ActionEngine. processEvent(


Root Cause : This issue could be for number of reasons, In my case difference between users synchronized to OIM and to those not synchronized with OIM is that some users had attribute email in OID as without . and

Fix: Update Attribute email in OID to a valid email address or remove value from attribute email and run Full Reconciliation Job again.



After updating email address