Leave a Comment:
41 comments
Do properties(like search context in OID) need to be changed before running “OID Role Lookup Reconciliation” & “OID Group Lookup Reconciliation”?
ReplyWe are receiving the following error:
<java.io.FileNotFoundException: /opt/oracle/product/ fmw/user_projects/domains/IDMDomain/ servers/AdminServer/ data/ldap/ replicadata/ wls_ods1.status (Too many open files)
Above you mention increasing the number of open file by updating /etc/security/limits.conf… to how many? Which requirement is increased? ulimit -n returns 1024…
Reply@ tcarlson,
It depends on operating system you are using .
Set value to atleast 4096
Check this
http://download.oracle.com/docs/cd/E17904_01/integration.1111/e10226/appx_trouble.htm#BABCCJJE
ReplyThe page that selects the connector says that:
No configuration files exist for this connector.
Ensure that valid configuration XML files exist in the configuration directory.
ReplyNow, when I try to provision the user the above OID resource, it throws me an exception as
DOBJ.ORC_NO_ORDER
An error occurred while retrieving process information null : null
I did not get this error while I was installing the connector.
ReplyHi,
I am trying to do OIM 11g trusted source reconciliation using GTC + DBAT.
I finished all the steps. I got a message that “connector created successfully” in the design console and i successfully run that job but the user not created in OIM .
I don’t know what is the problem please help me…
Thanks & Regards,
Gupta Katakam.
@ Gupta,
As per trusted source reconciliation ->
http://download.oracle.com/docs/cd/E17904_01/doc.1111/e14309/about.htm#OMDEV405
– If the reconciliation engine detects new target system accounts, it creates corresponding Oracle Identity Manager users.
Enable debugging in connector , use logging feature as described in
http://download.oracle.com/docs/cd/E17904_01/doc.1111/e14308/log.htm#CEGEAGIB for logger Xellerate.GC.*
ReplyThanks for your reply,
I can’t understand why I am getting the error that
“Misfire Handler Error in QRTZ: Problem with creating a user in OIM by using GTC connector”
please send me solution to fix this problem….
Thanks & Regards,
Gupta Katakam.
Reply@ Gupta,
See if your issue is related to
1288334.1 MisfireHandler: Error handling misfires: Unexpected runtime exception: null
Above note is from Oracle My Support (earlier metalink)
ReplyHi Atul,
Could you please provide one section related to database application table – reconciliation and provisioning.
—-> reconcile to OIM —-> OIM provisioning this data to another database
Then, a developed application will verify the user credentials with .
Thanks,
Vamsi.
Hi Atul,
Could you please provide one section related to database application table – reconciliation and provisioning.
hr_database data —-> reconcile to OIM —-> OIM provisioning this data to another database app_database
Then, a developed application will verify the user credentials with app_database.
Thanks,
Vamsi.
Hello – has anyone succeeded in getting the OID User Trusted or Target Recon jobs to run using the “periodic” scheduler in OIM 11g? While these jobs run fine when I kick them off manually with “Run Now”, they don’t seem to get started properly by the periodic scheduler. I see one line logged in my log files (com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliation LDAP RECONCILIATION CLASS Instance Created) but nothing after that.
ReplyHi Atul,
I am able to create organisation unit, groups and users in OIM and it is getting to OID using the OID connector without an issue. But I am not able to add the user to a group during provisioning.When I am creating a user and provisioning it, I am not to search the role or groups.What needs to be done here?
Hi again Atul,
Do you have an article or any comments on installing and configuring the HR (R12) -> OID (11g) connector?
According to the Administrator’s Guide to DIP 11.1.1, this needs both integration profile (e.g. prepackaged profile) and HR Agent.
But after installing Weblogic 10.3.5 and OID 11.1.1.5 (with DIP and OID, but not OIF), I see nothing in the Enterprise Manager console for Synchronization or Provisioning profiles, though $MW_HOME/Oracle_IDM1/ldap/odi/confg/hragent.properties, oraclehragent.cfg.master and oraclehragent.map.master all exist.
I will install the 2 EBiz connectors from OTN, but do I need any other Fusion Middleware s/w e.g. SOA, to get the HR connector going?
Do I need to install other components of Fusion Middleware e.g. SOA to get the HR connector going?
Your comments much appreciated. Thanks,
Reply@ oamadminuser,
Q: I will install the 2 EBiz connectors from OTN, but do I need any other Fusion Middleware s/w e.g. SOA, to get the HR connector going?
A: which EBiz conector are you talking ?
Is this EBS user management and EBS employee reconciliation ?, is yes then you would need OIM/SOA 11g
Hi Atul, I in my idenitity management envt, I have installed OVD also along with OID. So, does it mean that I do not need to install OIM connector for OID ? Can you please confirm this one. Otherwise, I will have to install and configure connector now.
Also, when I created 2 users in OIM console, I see them in OID. Does it mean the reconciliation has already taken place ?
thank you for your time and greatly apprecite.
Jyothi
Reply@ Jyoti,
During OIM configuration did you select LDAPSynch ? If yes, then that almost similar to configuring OID connector.
If you can see users from OIM to OID, it looks like LDAPSynch is configured and working fine for you.
ReplyThank you Atul. I can see the users crated in OIM are visible in OID and also I can login into OIM using these users. Earlier I had issues with new users but the issue is resolved.
thanks
Jyothi
Hey Atul,
I’m getting a very similar error message during OID install, wondering if you have ever seen this:
DOBJ.EVT_INTERNAL_ERROR
The event handler null on data object $classname$ encountered an internal error. : null
java.lang.NullPointerException
I looked in design console and all the adapters are there but cannot be compiled, throwing the same error.
Any ideas?
ReplyHi, Mahendra
Thanks for your post.
Do you have any ideas on how you to integrate or configure the OIM using connector Microsoft Active Directory User Management?
Thanks you,
Reply@ Odesa,
To configure/deploy OIM connector for microsoft active directory user management check this guide
http://docs.oracle.com/cd/E22999_01/doc.111/e20347/deploy.htm
Regards
Atul Kumar
Hi Atul,
Thank you for your previous replies about DBAT Connector.
Now I am trying to perform OID User Trusted Recon. My OIM version is 11.1.1.5 and I am using OID 904140.
The problem is When I run the OID User Trusted Recon newly created records in OID as well as modified records in OID are only get recoiled. Existed user records in OID not get reconciled to OIM. I changed Last Trusted Recon TimeStamp in Manage IT Resource to 0 and tried but still the issue is not solved.
Could you please tell me which parameters I need to change.
Thanks,
Gupta
Hi Atul,
Do you have any example of using OID connector 11.1.1.5 with OIM11g?
Reply@ sunnyajmera,
Are you not using LDAPSync to integrate OIM11g with OID ? Why do you want to install and configure connector ?
Atul
ReplyHi Atul,
In the step given above when i click on continue the oim_server1 server get closed with the error in the diagnostic log is
Caused by: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique
constraint (DEV_OIM.OIMHOME_JARS_UNIQUE) violated
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:457)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:889)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:476)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:204)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:540)
at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.
java:217)
at oracle.jdbc.driver.T4CPreparedStatement.executeForRows(T4CPreparedSta
tement.java:1079)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStateme
nt.java:1466)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePrep
aredStatement.java:3752)
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePrepar
edStatement.java:3887)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeUpdate(Oracl
ePreparedStatementWrapper.java:1508)
at weblogic.jdbc.wrapper.PreparedStatement.executeUpdate(PreparedStateme
nt.java:172)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.exec
uteDirectNoSelect(DatabaseAccessor.java:831)
… 103 more
#
# A fatal error has been detected by the Java Runtime Environment:
#
# java.lang.OutOfMemoryError: requested 278408 bytes for Chunk::new. Out of swap
space?
#
# Internal Error (allocation.cpp:272), pid=8824, tid=9188
# Error: Chunk::new
#
# JRE version: 6.0_24-b07
# Java VM: Java HotSpot(TM) Server VM (19.1-b02 mixed mode windows-x86 )
# An error report file with more information is saved as:
# D:\Oracle\Middleware\user_projects\domains\base_domain\hs_err_pid8824.log
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
#
D:\Oracle\Middleware\user_projects\domains\base_domain\bin>
ReplyHi,
These are some other log details
[ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: d75f319c62a949fd:-397c155:13c7f5c03b9:-8000-00000000000000eb,0] [APP: oim#11.1.1.3.0] Can’t insert page ‘/tiles/common/tjspHeader.jsp’ : Software caused connection abort: socket write error[[
java.net.SocketException: Software caused connection abort: socket write error
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at weblogic.servlet.internal.ChunkOutput.writeChunkTransfer(ChunkOutput.java:568)
at weblogic.servlet.internal.ChunkOutput.writeChunks(ChunkOutput.java:539)
at weblogic.servlet.internal.ChunkOutput.flush(ChunkOutput.java:427)
at weblogic.servlet.internal.CharsetChunkOutput.flush(CharsetChunkOutput.java:298)
at weblogic.servlet.internal.ChunkOutputWrapper.flush(ChunkOutputWrapper.java:188)
at weblogic.servlet.jsp.JspWriterImpl.flush(JspWriterImpl.java:99)
at org.apache.struts.tiles.taglib.InsertTag$InsertHandler.doEndTag(InsertTag.java:893)
at org.apache.struts.tiles.taglib.InsertTag.doEndTag(InsertTag.java:465)
at jsp_servlet._layouts.__tjspclassiclayout._jsp__tag1(__tjspclassiclayout.java:302)
at jsp_servlet._layouts.__tjspclassiclayout._jspService(__tjspclassiclayout.java:236)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:526)
at weblogic.servlet.internal.RequestDispatcherImpl.include(RequestDispatcherImpl.java:447)
at weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:163)
at weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:184)
at sun.reflect.GeneratedMethodAccessor808.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.tiles.TilesUtilImpl.doInclude(TilesUtilImpl.java:129)
at org.apache.struts.tiles.TilesUtil.doInclude(TilesUtil.java:152)
at org.apache.struts.tiles.taglib.InsertTag.doInclude(InsertTag.java:764)
at org.apache.struts.tiles.taglib.InsertTag$InsertHandler.doEndTag(InsertTag.java:896)
at org.apache.struts.tiles.taglib.InsertTag.doEndTag(InsertTag.java:465)
at jsp_servlet._pages.__ciwinstallpages._jsp__tag1(__ciwinstallpages.java:151)
at jsp_servlet._pages.__ciwinstallpages._jspService(__ciwinstallpages.java:82)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:416)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:327)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
please let me know how to solve these issue.Thanks in advance.It is connected with above message.
Reply@ Sunil Sharma,
Your issue is
____
Caused by: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (DEV_OIM.OIMHOME_JARS_UNIQUE) violate
# java.lang.OutOfMemoryError: requested 278408 bytes for Chunk::new. Out of swap space?
____
Bounce OIM and then try again, raise an SR for ORA-00001: unique constraint (DEV_OIM.OIMHOME_JARS_UNIQUE) violate
ReplyHi Atul,
Thanks for your reply.We dont have oracle support,so it is not possible for us to raise sr. Please suggest any other solution.If possible please give solution to my question on modification of user also.There i have provide the necessary log details,please check that also.
Hi Atul,
I would like to setup a different user for the connector other than orcladmin. Can you tell me what rights need to be assigned out of OID for this?
Got a ??? Related to OIM 11gr2 request catalog. I got an application that needs the user db connector and the entitlement for AD groups. (2request) Since those are separate request an it confuses people how can I create a rule that triggers a request than when a user is provision to an account it adds entitlement to AD right away.
Reply@ Diana,
When you define policy to provision AD resource form you select Assigned Groups option and select all the groups that you need in AD .
ReplyHope you are doing well.
while running the OID Connector Group Lookup Reconciliation task
I am getting this error
org.identityconnectors.framework.common.exceptions.ConfigurationException: Bundle oimjar://local:0ldapbp.jar is missing required attribute ‘ConnectorBundle-FrameworkVersion’.
I ‘ve done the Pre & Post installation task of the connector software (OID-11.1.1.6.0.zip) without any Issue.
Here is the IT resource Details and Parameters that i configured.
Parameter Value
Configuration Lookup Lookup.OID.Configuration
Connector Server Name
baseContexts “dc=oracle,dc=com”
credentials ********
failover
host oracle.com
port 3060
principal cn=orcladmin
ssl false
also Extracted ldap.jar and ldapbp.jar
from the lib directory of ldap-1_2_4.zip. and copied these two jar files to
the $OIM_ORACLE_HOME/server/ThirdParty directory AND run the PurgeCache.sh all without any issue.
Could you tell what am missing here.
ReplyHi Atul:
If we have OAM 10 g installation where we used the Identity Server capabilities in Identity Server portion of OAM. Now ehen we want to move all of this to OAM 11g, should we use OIM with a connector to OID to do same provisioning and manage those users through OIM?
The reason I am asking is now in 11g OAM/OIM are separate and I believe OAM 11g doesn’t have any user/group/org management features in OAM 11g.
So to keep the business process same as before (using workflows in OAM 10g) to create users, we should use OIM 11g+connector+SOA workflow to achieve similar result?
Thanks in advance.
Cheers,
rajus
@ Rajus,
From OIM 11g onwards there is concept called LDAPSycn in OIM by which you can sync users in OIM to OID automatically (without OID connector) . More information at http://onlineappsdba.com/index.php/2011/10/31/oim-ldap-sync-overview-and-key-points/ and http://onlineappsdba.com/index.php/2010/12/29/part-viii-optional-configure-ldap-sync-with-oim-11g-oim-11g-integration-with-ovdoid/
So in 11g OIM/OAM –
a) Install OIM/OAM
b) Install OID
c) Point OAM to OID for user store
d) Configure OIM with LDAPSync pointing to OID
New users to be provisioned via OIM (using SOA workflow)
ReplyFollowing are the details.
1: OIM version: OIM 11.1.1.5.0
2: OID Connector version: 9.0.4.12
3:LDAP version(OID version): 11.1.1.5.0
4: followed the steps below using the Doc link http://docs.oracle.com/cd/E22999_01/doc.111/e28603/deploy.htm#BGBHFEHF
4.1: downloaded and Installed the OID connector on default directory of the OIM home. On to the Admin console loaded the OID connector and Installed it.
4.2: IT resource Configuration.
4.3: Run the scheduled task
Perform lookup field synchronization (Run following tasks – Organization Lookup Reconciliation, Role Lookup Reconciliation, Group Lookup Reconciliation) and OID User Target Recon Task“, click on “Run Now”
Just to inform that the users are provisioned from OIM to OID.
Not sure y recon is not happening.
@maninder,
Is there issue with Recon ?
Do you see recon event generated in OIM console ?
Replyyeah recon is not working ,
there is no recon event generated in OIM consol
there is no error in log .
except the following line every time I run the job
[userId: oiminternal] [ecid: 44565d18e5e0a0a9:13eb4a56:14443bb7d98:-8000-0000000000000002,0] [APP: oim#11.1.1.3.0] Generic Information: db query:select RECON_EVENTS.RE_KEY, RECON_BATCHES.RB_PROFILE_NAME, RECON_EVENTS.RE_MODIFY from RECON_EVENTS, RECON_BATCHES where RECON_EVENTS.RB_KEY = RECON_BATCHES.RB_KEY and RECON_EVENTS.RE_CURR_RETRY_CNT > 0 and RECON_EVENTS.RE_CHANGE_TYPE != ‘DELETE’ and (RECON_EVENTS.RE_STATUS IN (‘Creation Failed’, ‘Update Failed’) or (RECON_EVENTS.RE_ENTITY_TYPE = ‘Account’ and RECON_EVENTS.RE_STATUS IN (‘No User Match Found’, ‘No Org Match Found’)) or (RECON_EVENTS.RE_ENTITY_TYPE = ‘User’ and RECON_EVENTS.RE_STATUS IN ‘Data Validation Failed’) or (RECON_EVENTS.RE_ENTITY_TYPE = ‘Role’ and RECON_EVENTS.RE_STATUS = ‘Data Validation Failed’ and RECON_EVENTS.RE_NOTE like ‘Invalid Role Category%’) or (RECON_EVENTS.RE_ENTITY_TYPE = ‘RoleRole’ and RECON_EVENTS.RE_STATUS IN (‘No Role Parent Found’, ‘No Role Match Found’)) or (recon_events.RE_ENTITY_TYPE = ‘RoleUser’ and recon_events.RE_STATUS IN (‘No Role Member Found’, ‘No Role Match Found’))) order by re_key
Reply