• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


    Company

  • Categories

  • Archive

  • OID Quesries/ Scripts FAQ

    Posted by "" in "oid, scripts" on 2008-02-20

    Oracle Internet Directory (OID) is LDAP compliant directory server from Oracle. OID is part of Identity Management stack of Fusion Middleware (Infrastructure tier of Oracle Application Server) 

    Here is list of commonly asked questions/scripts for OID

    Q: How to find orasso (Single Sign-On) schema password.
    A: orasso password is randomly generated and stored in OID. To find password run below query

    $ORACLE_HOME/bin/ldapsearch -h $OIDHOST -p $OIDPORT-D “cn=orcladmin” -w “$OrcladminPASSWORD” -b “cn=IAS Infrastructure Databases,cn=IAS,cn=Products,cn=OracleContext” -s sub “orclResourceName=$DBUSERNAME” orclpasswordattribute

    like

    $ORACLE_HOME/bin/ldapsearch -h focusthread.com -p 389-D “cn=orcladmin” -w “welcome1” -b “cn=IAS Infrastructure Databases,cn=IAS,cn=Products,cn=OracleContext” -s sub “orclResourceName=orasso” orclpasswordattribute

    Q: How to find port on which OID server is listening ?
    A:
    on Infrastructure Tier $ORACLE_HOME/ldap/admin/ldap.ora  look for line
    DIRECTORY_SERVERS= (focusthread.com:389:636)   –> This means OID is listening on port 389 NonSSL & 636 on SSL Port

    or

    In file $ORACLE_HOME/install/portlist.ini look for line
    Oracle Internet Directory port = 389
    Oracle Internet Directory (SSL) port = 636

    Q: To find password policy in OID
    A:
    $ORACLE_HOME/bin/ldapsearch -h $OIDHOST -p $OIDPORT -D cn=orcladmin -w $ORCLADMIN_PASSWD -b “cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext” -s base “objectclass=*”

    like

    $ORACLE_HOME/bin/ldapsearch -h focusthread.com-p 389 -D cn=orcladmin -w welcome1 -b “cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=com”
    -s base “objectclass=*” >> pwdPolicy.ldif

    This will create file pwdPolicy.ldif in currently directory listing password policies

    Q: How to query what all E-Business Suite Instance are registered in OID ? (useful for OID-Apps 11i/R12 Integration)

    $ORACLE_HOME/bin/ldapsearch -h $OIDHOST -p $OIDPORT-D “cn=orcladmin” -w “$OIDPW” -b “cn=EBusiness,cn=Products,cn=OracleContext,dc=default_realm” -s sub “objectclass=*”

    like
    $ORACLE_HOME/bin/ldapsearch -h focusthread -p 389-D “cn=orcladmin” -w “welcome1” -b “cn=EBusiness,cn=Products,cn=OracleContext,dc=co,dc=uk” -v -s sub “objectclass=*”

    Q: Query for subscription list in OID ? (useful for OID-Apps 11i/R12 Integration)
    A. $ORACLE_HOME/ldap/odi/bin/provsubtool.orc operation=LIST \
         ldap_host=host ldap_port=port \
         app_dn=”ApplicationDN” realm_dn=”SubscriberDN” \
         app_pwd=AppDN password

    Q: How to find provisioning profiles (useful for OID-Apps 11i/R12 Integration)
    A.ldapsearch -h host -p port-D cn=orcladmin -w password \
    -b “cn=Provisioning Profiles, cn=Changelog Subscriber, cn=Oracle Internet Directory” \
    -s sub “objectclass=*” “*” 
     
    Q: How to search for various user attributes ?
    A.ldapsearch -v -h “${Host}” -p ${Port} -D “cn=orcladmin” -w “${OIDManagerPasswd}” -b “” -s sub “uid=${AppsUser}*”  uid orclguid orclactivestartdate orclactiveenddate orclisenabled

    Q: How to find default OID realm
    A.
    $ORACLE_HOME/bin/ldapsearch -h $OIDHOST -p $OIDPORT-D “cn=orcladmin” -w $ORCLADMIN_password-b “cn=common, cn=products, cn=oracleContext” -s base “objectclass=*” orcldefaultSubscriber

    $ORACLE_HOME/bin/ldapsearch -h focusthread.com -p 389 -D “cn=orcladmin” -w welcome1 -b “cn=common, cn=products, cn=oracleContext” -s base “objectclass=*” orcldefaultSubscriber

    If you have any Query regarding OID , update it in comment section for answers

    Related Posts for OID


    1. Oracle Internet Directory OID
    2. Oracle Internet Directory – Basics II
    3. OID to OID/Active Directory/iPlanet other LDAP Server Integration
    4. Multi Master OID Replication
    5. OID Architecture
    6. Oracle Internet Directory , OID Troubleshooting
    7. Server Chaining in OID
    8. OID Quesries/ Scripts FAQ
    9. OIDADMIN Client
    10. Oracle Identity Management (OID) 11g installation Issues on Linux
    11. OID 11g – Oracle Directory Services Manager (ODSM)
    12. DIP : Synchronization, Provisioing, Connectors, DSS in Oracle Directory Services (ODS) 11g
    13. OID Replication – Suppliers, Consumers, DRG, ASR/LDAP based replication
    14. ASR setup has failed – Error occurred while dropping database link : ORA-02084 : database name is missing a component while Configuring Multi Master OID replication using “remtool -asrsetup”
    15. OID 11g Down : Unable to Start OID 11g using OPMN (ODS schema locked ORA-28002)
    16. OID/Directory Services 11g – Schema, Object Class, Attributes
    17. OID 11g Distributed Install : DIP/ODSM (Java Component) & OID (LDAP/REPLD) on different machine
    18. OID Server Mode R, RW, RM: LDAP: error code 53 – Server currently in read only mode
    19. How to change OID 11g database schema (ODS) password
    20. How to add custom attribute, Object Classe in OID from command line or GUI
    21. Oracle Internet Directory (OID) and Real Application Cluster (RAC) database : Things you must know
    22. How to Update User Password in OID (single account or bulk) – command line or GUI
    23. Error starting OID 11g during configuration stage of OID installation on Windows Server “ProvisionException: Failed to start the component”
    24. How to delete Entries in OID 11g in Bulk – Delete Failed : Ldap Error Code 66 Not allowed on Non-Leaf
    25. How to find latest changelog number (or changes) in OID ?
    26. Context Initialization Error on running ldapsearch commands on OID Server
    27. How to find OID version and patches applied on OID Home ?
    28. How to change OID 11g LDAP/LDAPS listen port
    29. How to find/audit Failed Login Attempts in OID 11g
    30. Step by Step configuration of OID Multi Master Replication – LDAP based in OID 11g
    31. OID 11g LDAP based Multi Master replication : Configuration Entries you must know
    32. Configure SSL for Oracle Internet Directory (OID)
    33. How to backup Oracle Internet Directory (OID) 11g – Data : Full / Partial
    34. SSL / Wallets in OID/OHS : How to manage certificates in Wallet using command line ?? ORAPKI
    35. How to debug OID : LDAP Error code 50 – Insufficient Access Rights
    36. What Hashing Algorithm OID uses to store user Password : SSHA or MD5

    43 Responses to “OID Quesries/ Scripts FAQ”

    1. Prashanth says:

      Hi Atul,

      If OID is integrated with Oracle 11i E-biss, how fnd_user table integrated with OID?

      Regards
      Prashanth

    2. Atul says:

      Prasanth,
      User ID in FND_USER and GUID in users tree in OID should be same

      If FND_USER table Password is set to External or BOTH and if there is corresponding user with same GUID then these two users are mapped

    3. mac says:

      Hi Atul,

      I have an OID_ServerA in replicated with OID_ServerB using two way LDAP replication and I notice that when the orclApplicationCommonName=ORASSO password(Entry Management/oraclecontext/cn=products
      /cn=SSO/applicationCommonName=orasso) was changed/updated in OID_ServerA it was also replicated with OID_ServerB.

      In effect this will cause a problem in OID_ServerB OIDDAS (SSO_Log IN) since the ORASSO password was already changed for OID_ServerB. SSO will not be able to communicate with the OID. My question will be, how can I synchronize the ORASSO passwords between the two OID servers.

    4. Atul says:

      Mac,
      If you are changing ORASSO password or during initialm setup you have to synchronize two orasso passwords using ssoreplsetup.jar

      Steps are mentioned here
      http://download.oracle.com/docs/cd/B28196_01
      /idmanage.1014/b15988/advconfg.htm#i1015229

      ORACLE_HOME/jdk/bin/java -jar ssoreplsetup.jar
      [-prompt]
      mds_oid_host
      mds_oid_port
      mds_oid_admin
      mds_oid_password
      mds_ssl_enabled
      rms_oid_host
      rms_oid_port
      rms_oid_admin
      rms_oid_password
      rms_ssl_enabled
      rms_db_sys_password
      [-help]

      Its good to know that you are managing/configuring SSO & OID in replication and my readers would like to hear your experiences. Drop me a mail at atul @ onlineappsdba.com (If you wish to share your experience)

    5. Binoy says:

      I have installed OID on a virtual hostname, but the issue is the services get configured with actual hostname. Is there a way I can change the hostname with virtual hostname on the configuration files and start the services using the virtual hostname. I tried using the parameter ORACLE_HOSTNAME and OUI_HOSTNAME while running the install. It helps in configuring the environment with virtual hostname, but whenever the services are started thru opmn, it picks up the actual hostname. This process would help to failover the application.

    6. Atul says:

      Binoy,

      Two things you have to do.

      first in /etc/hosts file make virtual host as first entry i.e. like

      and second use “high availability” option during installation and select Virtual Host and then specify Virtual Hostname during installation.

      How you are checking that OID is running on with actual machine name & not virtual name ?

    7. Binoy says:

      Thanks for the instructions and really it worked. Though I had made the entry on /etc/hosts for the virtual hostname, I was not selecting the “High availability” while installing OID on the sponsor node and hence “oidldapd” services were configured with actual hostname.

    8. mac says:

      Hi Atul,
      I have an OID server running on a production and I want my OID server secured from any LDAP Browsers. I am not using the default port no (389/636) but this does not prevent LDAP Browsers to exposed my information especially our developers who actually know the port no we use.
      How can i secure my OID from any LDAP Browser and yet have my clients/user bind to my OID server? What are my options?

      Thanks..

    9. Atul says:

      Mac,

      Option1 : Users should use username/password to access data from ldap browser (then Disable anonymous binds, but be careful that you are not breaking any functionality)

      Option2 : Users should not be able to access at all (even authnticated users) via ldap browser ? (Use server hardening , disable at firewall level)

      Any other scenario then update here

    10. mac says:

      Hi Atul,

      Thanks for your reply.
      I can’t do Option 1 since I don’t want to loose some functionality by doing that.

      I found a document on metalink “Configuring Non-Anonymous LDAP Access with OID” Note:455031.1 but it was intended for Oracle 11.1.0.6.0 and what I’m using Oracle 10g. I’ll try that option though and will give you an update as soon as there’s a progress.

      It basically uses the SSL/Certificate and Access control management of OID.

      Your Option 2 is also a good candidate and i think it will be effective.
      Thanks

    11. mann says:

      hi Atul,
      How can i able to show the product detail,through OEM.

    12. kunal says:

      Dear Team,
      I am planning to use Webcenter 10g. Just like Portal 10g release gives me the facility to add/update/ delete users from OID using its prebuilt portlet, can I have something like this in webcenter? or do I have to use APIs and code it by myself?

    13. Atul says:

      Kunal,
      Check following options for user management in ContentDB for WebCentee Suite

      http://download.oracle.com/docs/cd/B32110_01/content.1013/b32191/users.htm

    14. Eijaz says:

      Hi,
      Atul. Hope ur fine & Doing Good.

      Well Atul i Facing Problem about Discoverer.

      Our Envirnoment
      ——————–
      1) R12 12.0.4
      2) Sparch Solaris 10 64 bit
      3) Using iAS10g Idtity mangemnt 10.1.4.2
      4) Using As10g 10.1.2.2 for Disocverer,Forms and Report

      Well i Implemented Single Sign on (SSO) on R12
      its working fine.
      I attach the report to R12 User Responisbilty Page.
      Here i have to Create Connections private/public by using Discover Admintrator,for each report in R12.
      So when R12 user is click report it directing to Discoverer and displaying all Report Which we Earler Made Connection to reports.

      What i Need,when user click Report its Should Directly Open ReportPage With Date Parameter.

      Thx for doing good.

    15. Atul says:

      Eijaz,
      I am not sure of your requirement, Do you want SSO with discoverer
      or
      you wish to pass date parameter to disco report ?

    16. Binoy says:

      Hi Atul
      Is there a way to customize the network configuration with oracle apps 11i so that running adcfgclone does not overwrite the sqlnet.ora which is required to resolve the service name using ldap services. I want to use OID only to resolve the service name.

      Thx

    17. vahid says:

      Hi Atul
      I am using oid 10.1.2.0.2 and create a profile to provisioning, data changed in oid are sent to db but changing data in db do not see in oid,

      these are required setting and interface :
      oidprovtool operation=modify ldap_host=localhost ldap_port=389 ldap_user_dn=cn=orcladmin ldap_user_password=oracle10g profile_mode=BOTH default_provisioning_policy=PROVISIONING_REQUIRED interface_version=2.0 profile_status=ENABLED organization_dn=”dc=vldap,dc=local” application_dn=”orclApplicationCommonName=GroceryStoreApp,
      cn=GroceryStore,cn=Products,cn=OracleContext,
      dc=vldap,dc=local” interface_name=LDAP_NTFY interface_type=PLSQL interface_connect_info=”192.168.1.2:1521:nlidb:grocerystore:grocerystore” schedule=20 event_subscription=”USER:dc=vldap,dc=local:ADD(uname)” event_subscription=”USER:dc=vldap,dc=local:DELETE” event_subscription=”GROUP:dc=vldap,dc=local:MODIFY(cn,uniquemember)” event_mapping_rUles=”USER::dc=vldap,dc=local” event_permitted_operations=”USER:dc=vldap,dc=local:ADD(uname)” event_permitted_operations=”USER:dc=vldap,dc=local:DELETE” event_permitted_operations=”USER:dc=vldap,dc=local:MODIFY(*)” profile_status=ENABLED profile_debug=63

      also I have implement these interface in db package :
      function hasObjectClass( objclass IN VARCHAR2, attrlist IN LDAP_ATTR_LIST);
      function getAttr( attr_name IN VARCHAR2, attrlist IN LDAP_ATTR_LIST);
      procedure putOIDEvent( event IN LDAP_EVENT, event_status OUT LDAP_EVENT_STATUS);
      function GetAppEvent( event OUT LDAP_EVENT);
      procedure PutAppEventStatus( event_status IN LDAP_EVENT_STATUS);

      let me know your idea about this problem,
      thanks a lot

    18. Atul Kumar says:

      Check this guide

      http://download.oracle.com/docs/cd/B28196_01/
      idmanage.1014/b15995/odip_db.htm#i1042820

      I can see debug level is 63 so whats in debug ?

    19. vahid says:

      there are nothing in debug.

      the problem is that interfaces GetAppEvents and PutAppEventStatus (for INBOUND events) are implemented but does not execute. I think these were not registered correctly.

    20. vahid says:

      hi atul :
      I changed provision profile and procedures in db .
      so this is exception in .trc file :

      ———————–Processing Event ID:1919119————————–
      Checking Whether Event Type Allowed : IDENTITY_ADD
      Checking Domain : dc=padl,dc=local
      Subscription For Domain : dc=padl,dc=local And Event Type : IDENTITY_ADD
      Event Type Allowed : IDENTITY_ADD
      Doing Operation :IDENTITY_ADD
      Searching For Identity:1F6061EA59EE4654A8F4C559BE0F29AF
      Identity Does not Exist. Creating
      create Base From Context Class : cn=Users,dc=padl,dc=local
      Allowed Attributes : uname,orclguid,objectclass,
      Creating Property Set For Identity Create
      Processing Attribute : objectclass
      Attribute Values : employee,inetOrgPerson,orclUserV2,top,organizationalPerson,person,
      Added Attribute To Property : objectclass
      Processing Attribute : objectclass
      Ignoring Already Added Attribute : objectclass
      Processing Attribute : objectclass
      Ignoring Already Added Attribute : objectclass
      Processing Attribute : objectclass
      Ignoring Already Added Attribute : objectclass
      Processing Attribute : objectclass
      Ignoring Already Added Attribute : objectclass
      Processing Attribute : objectclass
      Ignoring Already Added Attribute : objectclass
      Processing Attribute : uname
      Attribute Values : jasem,
      Added Attribute To Property : uname
      Added NickName Attribute : 1F6061EA59EE4654A8F4C559BE0F29AF
      Off to the API’s
      Exception Creating Identity (1F6061EA59EE4654A8F4C559BE0F29AF) :java.lang.NullPointerException
      java.lang.NullPointerException
      at oracle.ldap.util.Subscriber.createUser(Subscriber.java:1640)
      at oracle.ldap.util.Subscriber.createUser(Subscriber.java:1497)
      at oracle.ldap.odip.prov.ProvAppEvent_2_0.doIdentityAdd(ProvAppEvent_2_0.java:526)
      at oracle.ldap.odip.prov.ProvAppEvent_2_0.process(ProvAppEvent_2_0.java:185)
      at oracle.ldap.odip.prov.ProvAppToOIDSync_2_0.processEvent(ProvAppToOIDSync_2_0.java:250)
      at oracle.ldap.odip.prov.ProvAppToOIDSync_2_0.sync(ProvAppToOIDSync_2_0.java:328)
      at oracle.ldap.odip.engine.ProvThread.runOldVersion(ProvThread.java:538)
      at oracle.ldap.odip.engine.ProvThread.run(ProvThread.java:173)
      Exception processing Event:ODIException: Exception Creating Identity (1F6061EA59EE4654A8F4C559BE0F29AF) :java.lang.NullPointerException
      ODIException: Exception Creating Identity (1F6061EA59EE4654A8F4C559BE0F29AF) :java.lang.NullPointerException
      at oracle.ldap.odip.prov.ProvAppEvent_2_0.doIdentityAdd(ProvAppEvent_2_0.java:585)
      at oracle.ldap.odip.prov.ProvAppEvent_2_0.process(ProvAppEvent_2_0.java:185)
      at oracle.ldap.odip.prov.ProvAppToOIDSync_2_0.processEvent(ProvAppToOIDSync_2_0.java:250)
      at oracle.ldap.odip.prov.ProvAppToOIDSync_2_0.sync(ProvAppToOIDSync_2_0.java:328)
      at oracle.ldap.odip.engine.ProvThread.runOldVersion(ProvThread.java:538)
      at oracle.ldap.odip.engine.ProvThread.run(ProvThread.java:173)
      ODI Exception Processing Event – ODIException: Exception processing Event:ODIException: Exception Creating Identity (1F6061EA59EE4654A8F4C559BE0F29AF) :java.lang.NullPointerException
      Sending status For Event ID : 1919119
      –Event Status–

      ———-NEW EVENT STATUS ——————–
      Event ID : 1919119
      Object GUID :
      Error Code : -1
      Error String : ODI Exception Processing Event – ODIException: Exception processing Event:ODIException: Exception Creating Identity (1F6061EA59EE4654A8F4C559BE0F29AF) :java.lang.NullPointerException
      Error Disp : EVENT_RESEND
      Propagated Event status..
      Sent status Successfully For Event ID : 1919119
      Event ID:1919119, Status : FAILED
      Last change Key Set to:1919118
      Profile status Update – SUCCESS

      Thanks …

    21. Aashish says:

      Hi Atul,

      We are facing an issue after integration of OID/SUN one LDAP/ SSO.
      If we change password from OIDDAS it says password changed successfully but does not actually change the password and we again have to login with old password.

      Why is it so ?

      Rgds
      Aashish

    22. Atul Kumar says:

      Where is password stored now after integration ?

      Is it in OID or Sun’s ldap server ?

    23. Aashish says:

      Hi Thanks for the reply.

      It’s Apps 11i SSO OID Sunone Iplanet Integration and source of truth is OID. so paasswords are in OID

    24. Atul Kumar says:

      If passwords are in OID then oiddas should work.

      Try changing password from oidadmin screen and check if this works

    25. Aashish says:

      Hey Thanks again,

      Yes If I change the password for user1 from orcladmin account in OIDDAS that works and i am able to login into OIDDAS/EBS using SSO with changed password but when i change the password using

      1) Forgot password in OIDDAS with user1 it says password changed suucessfully but does not chnage the password actually and i need to login using old password again.

      2.If i login as user1 and then change password in OIDDAS My Profile — Change my password it says password changed suucessfully but does not chnage the password actually and i need to login using old password again.

      Also if i login to ODM and search for users in Entry management — java.Arrayindex out of bound exception is coming if i edit the user it does not show user details but yes in OIDDAS all details are there.

      I hope this info will help :)

      Rgds
      Aashish

    26. Aashish says:

      Again a doubt

      Is it so that end users can’t change the passwords in OIDDAS using 1) My profile — Change my password

      2) using forgot my password link on home page ( if all reset validation are set )

      DO I need to create a custom page to have this functionality ?
      How To Create a Custom On Demand Change Password Application for OID users
      Doc ID: 344560.1

      Thanks for your time and advice
      Aashish

    27. Aashish says:

      Hi Atul,

      Can you please suggest on above scenario

      Rgds
      Aashish

    28. Atul Kumar says:

      It seems users are not allowed to change their own password .

      Reset password by user is not allowed

      Login as orcladmin -> Configuration -> User Entry -> Click on next and on second screen under “Configure User Attributes” userpassword self editable enabled or not.

      If you still hit any issues raise SR with Oracle Support with OIDDAS team

    29. Anuja says:

      Hi Atul ,
      In our scenario we have integartion as follows : MS-AD with OID , OID with R12 . Password is stoed in MS-AD . Password is not OID and R12. MS-AD – OID part is working fine. Now while integarting OID and R12 we followed the steps as below:
      1. Registre Instance
      2. Register OID
      3. Created ldif file to migrate data from OID to R12 . using ldfwrite command .
      4. Imported users into R12 using LDAPimport.
      5. Import was succesfull and we could see users in FND_USERs table also. But provisioning is not happening .ie. when we are creating user in OID thoe user are not migrating to R12 fnd_user table automatically

      6. We are using OID to APP template . Its enabled.

      Are we missing any steps ? We have set two profile option on R12 Application SSO LDAp Syncronization:ENABLED
      Applicatios SSO enabled OID Identity ADD :Enabled

      Why its not reflected and User which we have migrated to R12 are also not able to login from R12 E-Biz login page .

      Regards
      Anuja

    30. Atul Kumar says:

      Anuja,
      Do an ldapbind for user AppsDN password in OID and see if this is successful or not ?

      Check http://onlineappsdba.com/index.php/2008/06/14/user-created-in-apps-11ir1212i-not-sync-to-oid/

    31. Aashish says:

      Hi Atul,

      Did raised SR with Oracle.It’s lack of functionality in Application and one Enhancement is already raised to Oracle for the same by Support Team.We did it using one SQL Script/Creating custom Procedures.

      One more question for you is.

      My

      APPS– OID– LDAP ( User Creation is working fine) All in Sync.

      Appp–OID–LDAP ( Modifications are not working fine in OID– LDAP step above)

      The things i change in Apps are visible in OID but the changes are NOT getting reflected in LDAP SERVER.

      Any ideas why ? I guess it has nothing to do with replication ?

      Rgds
      Aashish

    32. Rob says:

      Hi Atul,
      I have 10 R2 database and want to install OID. Since OID is now part of Oracle AS 10 R1. Can you please tell me if I have to create new ORACLE_HOME for OID or I can use one I have already.Since I want to install OID on 10 R2 db which I already have.

      Please help me

      Thanks,
      Rob

    33. Atul Kumar says:

      There are various ways of doing OID install –

      New OID, 10.1.4 and higher are part of Oracle Identity Management Stack
      Old OID, 10.1.2 and lower are part of Oracle Application Server

      – You can install OID with its new Database (select IM & MR option) or into existing database 10G R1 or R2 then select (IM only option) and then when prompted from MR then give details of existing database.

      If you are palnning to use existing database for OID then you must first configure & load repository into existing database for OID database which can be done using repca (Repository Configuration assistant tool) or MRCA (Metadata Repository configuration tool)

      If you are new to application server or OID my recommendation is to select MI+MR (OID with its own new database)

      To use existing database go through REPCA or MRCA documentation .

    34. Rob says:

      Thanks Atul for this information and for quick reply..

      onlineappsdba.com ROCKS!!!!!!!!!!

    35. hasani says:

      Hi everybody,

      I am using oid provisioning for data synchronization.
      I do this for users in both side(I am using USER_ADD,IDENTITY_ADD… events).
      but groups work only for outbound events(GROUP_ADD,GROUP_MODIFY,…) .
      when application send GROUP_ADD or GROUP_MODIFY to OID the log is unknown event : GROUP_MODIFY(or GROUP_MODIFY).

      could anyone help me?

    36. Raj says:

      Hi all,
      When we click on the private connection key in the discoverer page,the values(DBUser,DBPassword,SSOUser) in the orasso schema are fetched and will be validated with the database values for authentication.

      In this scenario,
      Can we fetch the password(only) from the Active Directory of that particular user and substitute in the DBPassword field of orasso schema for authentication(this is only for validation at database level,not for viewing the password) ?
      Is this possible?

      could anyone help me?

    37. Charles Bryant says:

      We have eBS 12.0.6 integrated with OID 10.1.4. We run into an issue where the provisioning profiles are periodically being lost. The container is there, but the OIDTOAPPLICATION and APPLICATIONTOOID profiles have vanished (like someone did a deregistration).

      Are there processes outside of deregistration that would remove these profiles from the container?

    38. Atul Kumar says:

      @ Charles,
      No there is no process outside deregistration that should remove these profiles .
      Only thing I can think of is that you are using replication or ldap refresh which recreates this tree.

      If this is happening regularly , you can enable trace on ldapwrite or ldapdelete to see which process is deleting tree.

      Use oidadmin to enable trace

    39. Allen D says:

      Atul,

      Thanks for the informative website. I wanted to programmatically authenticate the SSO id and get back the FND_user. The flow of steps is:

      1. Given an instance, find programmatically (Java/PL-SQL) whether SSO or normal EBS login holds.

      2. If SSO applies, detect whether the user is currently logged in or not; not sure if I can read the SSO cookie.

      3. Given the SSO login credentials, use Java/Pl_SQL techniques to map the SSO id to a FND_USER. Is there an OID table that can give me the GUID for a given SSO id?

      Your help is greatly appreciated.

    40. Harika says:

      Hi Atul,

      I am a beginner in OSB11g security concepts.My task is to authenticate username/password of a user and I need to use LDAP.Can u please let me know how to get LDAP password to pass at the time of realm configuration.
      I will be very thankful if you can provide me with some useful link for user authentication using LDAP.

      thanks,
      Harika

    41. Atul Kumar says:

      @ Harika,
      Define LDAP provider in weblogic (as authentication provider) on which OSB is deployed and then set authentication as basic

      http://download.oracle.com/docs/cd/E21764_01/doc.1111/e15867/business_services.htm

    42. kkaushick says:

      hi Atul,
      Need your help again, I want to redirect users based on their functional role after confirming their login (done ). actually the problem is that I am not able to find the roles or the attribute deciding the roles of the user,can you please help me out with the attribute on which to base the filter in ldapsearch to get the role, thanks,
      Himanshu.

    Leave a Reply



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP
    TOP