• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


    Company

  • Categories

  • Archive

  • OAM Policy Manager Setup Issue “Error in setting Policy Domain Root” : OAM with AD and Dynamic Auxiliary Class

    Posted by "" in "AD, oam" on 2010-05-08

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    .

    Issue : Oracle Access Manager Installation failed at Policy Manager Configuration Screen “Error in setting Policy Domain Root

    .

    Configuration :
    1.
    Oracle Access Manager Version – 10.1.4.3
    2. Directory Server (LDAP) – Microsoft Active Directory (AD) 2003
    3. Dynamic Auxiliary Class support with AD 2003 was enabled

    .

    .

    Root Cause :
    Active Directory (AD) 2003 domain and forest was NOT promoted to Functional Level 2003 for Dynamic-Linked Auxiliary Object Class Support as mentioned in “Oracle Access Manager installation with ADguide here

    .

    Fix :
    1.Restore Active Directory from backup (pre OAM installation state) as it is NOT possible to delete schema (schema for OAM in AD) . For steps on how to uninstall/remove Oracle Access Manager (OAM) here

    2. Raise functional domain level for Domain and Forest in AD from Mixed Mode (2000 Native + 2003) to Windows Server 2003

     .

    Similarly change Forest Functional Level to 2003

    .

     .

    3. Restart Windows Machine which hosts AD

    4. Install Oracle Access Manager again

    .

    .

    What is Object Class – Structural and Auxiliary Object Class ?

    Object Classes – Directory (LDAP Server) entries are made up of Object Classes. Object Classes are made up of attributes. There are three type of Object Classes in  Oracle Access Manager  (OAM)

    i) Structural Object Class- These type of Object Class defines basic aspects of an Object. Each Identity Application (User, Group , Organization) is associated with a structural Object Class. example of Structural Object Class – inetOrgPerson or person

    ii) Auxiliary Object Class – Auxiliary Object Classes extend the structural Object Class. They describe additional attributes for special items of a structural Object Class.

    iii) Template Object Class – Template Object Class is configured for provisioning data to external applications. Template Class objects are NOTstored in LDAP Directory. Objects from Template Class are stored in Files. Oracle Access Manager provides generic template file in [install_dir]/config/templates

    .

    What is Dynamically Linked Auxiliary Class ?

    A dynamically-linked auxiliary class is a class that is attached to an individual object, rather than to an object class. Dynamic linking enables you to store additional attributes with an individual object without the forest-wide impact of extending the schema definition for an entire class.  More information here

    Related Posts for Access Manager


    1. Integration Steps – 10g AS with OAM (COREid)
    2. OAS – OAM (Access Manager / Oblix COREid) Integration Architecture
    3. Oblix COREid and Oracle Identity Management
    4. Installing Oracle Access Manager (Oblix COREid / Netpoint)
    5. Oracle Access Manager (Oblix COREid) 10.1.4.2 Upgrade
    6. Access Manager: WebGate Request Flow
    7. Introduction to Oracle Access manager : Identity and Access System – WebPass , Webgate, Policy Manager
    8. Certified Directory Server (AD, OID, Tivoli, Novell, Sun or OVD) and their version with Oracle Access Manager
    9. Install Oracle Access Manager (OAM) 10.1.4.3 Identity Server, WebPass, Policy Manager, Access Server, WebGate
    10. Multi-Language or multi-lingual Support/Documentation for Oracle Access Manager (OAM)
    11. OAM Policy Manager Setup Issue “Error in setting Policy Domain Root” : OAM with AD and Dynamic Auxiliary Class
    12. OAM 10.1.4.3 Installation Part II – Indentity Server Installation
    13. OAMCFGTOOL : OAM Configuration Tool for Fusion Middleware 11g (SOA/WebCenter) Integration with OAM
    14. Oracle Access Manager Installation Part III : Install WebPass
    15. OAM : Access Server Service Missing when installing Access Manager with ADSI for AD on Windows
    16. OAM : Create User Identity – You do not have sufficient rights : Create User Workflow
    17. Password Policy in Oracle Access Manager #OAM
    18. Changes in Oracle Access Manager 11g R1 (11.1.1.3)
    19. Agents in OAM 11g (WebGate 10g/11g, OSSO/mod_osso, AccessGate IDM Domain agent) aka PEP (Policy Enforcement Points)
    20. How to install Patches in Oracle Access Manager 10g : Bundle Patch / BPXX
    21. Session Management in #OAM 11g : SME , Idle Timeout, Session Lifetime
    22. Part IX : Install OAM Agent – 11g WebGate with OAM 11g
    23. How to integrate OAM 11g with OID 11g for User/Identity Store
    24. How to install Bundle Patch (BP) on OAM 11.1.1.3 – BP02 (10368022) OAM 11.1.1.3.2
    25. Error starting OAM on IBM AIX : AMInitServlet : failed to preload on startup oam java. lang. Exception InInitializer Error
    26. OAMCFG-60024 The LDAP operation failed. OAMCFG-60014 Oracle Access Manager is not configured with this directory
    27. How to Edit (create, delete, modify) Identity Store of OAM 11g from command line (WLST) – editUserIdentityStoreConfig
    28. OAM WebGate Registration RREG – Resource URL format is not valid
    29. Blank Screen on OAM 10g Identity Server Console : /identity/oblix
    30. Oracle 10g/11g webgate software download location
    31. How to find Webgate 10g/11g Version and Patches Applied
    32. OAM integration with OIF : Authentication Engine or Service Provider
    33. OAM 11g integration with Microsoft Windows Active Directory (WNA, IWA, Kerberos) for Zero Sign-On
    34. OAM 11g : How to change Security Mode (OPEN, SIMPLE, CERT) – WebGate to Access Server Communication
    35. Forgot Password link on OAM Login Page
    36. OIM-OAM-OAAM integration – Account Lockout in OAM obLoginTryCount , oblockouttime, MaxRetryLimit
    37. How to identify which LDAP (OID/AD/OVD) server OAM 11g connects to and as what user ?
    38. OAM 10g WebGate installation failed with Sorry Invalid User or Invalid Group
    39. Beware if you are running OAM in SIMPLE mode with 10g WebGate : Oracle AccessGate API is not initialized
    40. Troubleshooting : 11g WebGate with OHS 11g integrated with OAM 11g : OBWebGate_AuthnAndAuthz: Oracle AccessGate API is not initialized
    41. Deploying OAM in high availability across data centres in Active Active cluster : New Feature in OAM 11gR2 PS2
    42. New OAMConsole in OAM 11gR2 PS2 : Enabling Federation, STS, Mobile & Social in Oracle Access Management Suite 11.1.2.2

    Leave a Reply



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP