• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


    Company

  • Categories

  • Archive

  • libOVD adapters in OIM LDAP Integration : LDAPsync – view and modify Adapter settings (bindDN and bindPassword)

    Posted by "" in "identity_manager, idm, im" on 2011-11-30

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    This post covers steps to view and edit libOVD configuration like change binddn and password in adapter configuration.

    In OIM 11.1.1.5+ libOVD is alternative to OVD for LDAPSync (integrating OIM with LDAP server like AD or OID)

    In OIM 11.1.1.3, If you wish to configure LDAPSync then OVD is mandatory. From 11.1.1.5 OIM onwards, OVD is not mandatory (libOVD is used to sync data between OIM and OID).

    • libOVD configuration is created during OIM configuration stage ($ORACLE_HOME/bin/config.sh) when you select LDAPsync and LDAP server is OID, AD, or ODSEE (earlier Sun directory server).
    • LibOVD configuration is stored in directory $DOMAIN_HOME/ config/ fmwconfig/ ovd/ oim and contains information like LDAP server host, port, binddn (user to connect from OIM to OID for synchronisation).
    • By default configuration tool creates two OVD adapters (oid1 and CHANGELOG_oid1) of type LDAP. To view and change you can use WebLogic Scripting Tool (WLST) or through MBeans in FMW enterprise manager control (/em).

     

    During configuration binddn used is cn=orcladmin and modifierDNFilter is set to cn=orcladmin (i.e. If DN of modifier in LDAP server is orcladmin then don’t synchronise user) because of which users updated/created in OID by cn=orcladmin are not being synchronised to OIM (If LDAPSync is configured then users created/updated/deleted in OID/AD should automatically be synchronised to OIM using scheduled Jobs “LDAP User Create and Update Reconciliation and LDAP User Delete Reconciliation” in OIM. More on issues around recon jobs in OIM in future post)

     

    Managing libOVD Adapter via WLST

    1. Start WLST

    cd $MW_HOME/oracle_common/common/bin
    ./wlst.sh

    2. Connect to Admin Server

    connect(‘weblogic’,’welcome1′,’t3://innowave12.com:7001′)  — Here weblogic is admin user name of weblogic domain, innowave12.com is server name on which Admin Server is running and 7001 is admin server port is running

    3. To list adapters for OIM

    listAdapters(contextName=’oim’)

    You should see output like

    _______
    Adapter Name : oid1
    Adapter Type : LDAP 

    Adapter Name : CHANGELOG_oid1
    Adapter Type : LDAP

    _______

     

    4.  To get adapter details for adapter oid1

     getAdapterDetails(adapterName=’oid1′, contextName=’oim’)

    ______
    wls:/ohsdomain/domainRuntime> getAdapterDetails(adapterName=’oid1′, contextName=’oim’)

    DETAILS OF ADAPTER :  oid1
    Adapter Type                : LDAP
    Name                        : oid1

    Virtual NameSpace           : dc=com
    Remote NameSpace            : dc=com

    LDAP Host                   : [innowave12.com : 3060]
    Secure                      : false
    Bind DN                     : cn=orcladmin
    Pass Credentials            : Always
    Max size of Connection Pool : 10

    ________

    5. To modify BindDN to oimLDAP user created during OIM-OAM integration

    Update username and password in adapter oid1

    modifyLDAPAdapter(adapterName=’oid1′,attribute=’BindDN’, value=’cn=oimLDAP,cn=SystemUsers,dc=com’, contextName=’oim’)

    modifyLDAPAdapter(adapterName=’oid1′,attribute=’BindPassword’, value=’welcome1′, contextName=’oim’)

    Update username and password in adapter CHANGELOG_oid1

    modifyLDAPAdapter(adapterName=’CHANGELOG_oid1′,attribute=’BindDN’, value=’cn=oimLDAP,cn=SystemUsers,dc=com’, contextName=’oim’)

    modifyLDAPAdapter(adapterName=’CHANGELOG_oid1′,attribute=’BindPassword’, value=’welcome1′, contextName=’oim’)

     Note: Realm (Domain Name) in OID in above command is “dc=com” , change this value as per your setting.

    6. To modify modifierDNFilter in libOVD, open file $DOMAIN_HOME/ config/ fmwconfig/ ovd/ oim/ adapter.os_.xml and search for modifierDNFilter

    Change from
    !(modifiersname=cn=orcladmin)

    to
    !(modifiersname=cn=oimLDAP,cn=SystemUsers,dc=com)

    Note: OID domain or Realm in this case is dc=com

     

    Reference

    Related Posts for Identity Manager


    1. Oracle Identity Manager (User Provisioning – Thor)
    2. Installing Oracle Identity Manager (Thor Xellerate)
    3. Oracle Identity Manager 9.1 released
    4. Oracle Identity Manager (Thor Xellerate) Architecture
    5. Resource, Reconciliation, Provisioning and Connector in Oracle Identity Manager #OIM
    6. Oracle Identity Manager (OIM) Connector for Oracle Internet Directory (OID) : Architecture and Overview
    7. Step by Step Installation of OIM Design Console 9.1.0
    8. Error while running PurgeCache in OIM 11g : LoginException unable to find LoginModule class : WebLogic Full Clinet
    9. Integrate OIM 11g with OID using connector for Provisioning / Reconcilliation – Installation
    10. PurgeCache in OIM 11g : CategoryName
    11. OIM LDAP Sync : Overview and Key Points
    12. OIM 11g : How to export/import/delete Files from MDS
    13. Where are OAM details stored in OIM (account unlock, password reset)
    14. libOVD adapters in OIM LDAP Integration : LDAPsync – view and modify Adapter settings (bindDN and bindPassword)
    15. Error Starting OIM Design Console (xlclient.sh) on Linux java.lang. NoClassDefFoundError
    16. OIM 11g Challenge Questions (PCQ) for forgot password
    17. Oracle EBS Integration with OIM (Identity Manager) : Things you should know
    18. Users not synced from OID to OIM : Debug Scheduled Job
    19. OIM Connector for Microsoft : AD, Exchange, Windows, Password Management
    20. Connector Server for OIM connectors : .NET or JAVA
    21. OIM 11g Challenge Questions – Everything you must know
    22. OIM 11g How to add Challenge Questions
    23. OIM : Assign AD resource : An error occurred because the Adapters are not compiled : How to compile adapters in OIM
    24. OIM User Creation : An Error occurred while performing create user operation. Unable to get LDAP connection
    25. OIM – AD integration : Active Directory Group Lookup Recon failed with error Remote Framework Key is invalid
    26. Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) Password Synchronization: Things you must know : Part I
    27. Provision resource “Microsoft Exchange” to user in OIM : Status remains in Provisioning : Part I
    28. Target Resource (or Managed Resource) vs Trusted Source (or Authoritative Source) Mode : OIM integration with applications (AD, OID, OVD, EBS, SAP, HR, LDAP)
    29. 500 Internal server accessing OIM application : com.bea. security.MicroSM. getInstance oracle.iam. platform. authz.impl
    30. Your account is locked. You can unlock your account by going to Forgot Password
    31. OIM 11g : How to find User and Manager details : USR table
    32. OIM 11g : User Detail/Attribute (Description) not visible in OIM User screen : EBS / OID / OIM integration
    33. OIM 11g: The add proxy operation for user XXXXX failed with following error oracle. bpel. services. workflow. client. workflowservieclientException javax.xml.ws.WebServiceException could not determine wsdl ports
    34. Oracle Identity Manager BP07 for 11gR1 PS1 11.1.1.5.7 (16097399) is now available – (Part of Identity Management SUite BP03 16209876)
    35. OIM 11g : SQL to List User’s Manager
    36. OIM integrated with OAM (SSO) showing OIM login screen : User Soft Locked
    37. OIM 11g: Beware if you are applying WebLogic patch !
    38. Help Me : Microsoft Active Directory Password Sync version and latest patch for Oracle Identity Manager 9.1.1.5
    39. Upgrade OIM connector for Microsoft Exchange to 11.1.1.6 Part I
    40. OIM Administrators : Is your OIM database Growing ? Do you purge enough ?
    41. EBS Integration with OIM : Employee Reconciliation : NumberFormatException: “BUSINESS_GROUP_ID”
    42. OIM EBS User Management : eBusiness UM Lookup Definition Reconciliation failed with Invalid Schedule Task Parameter

    17 Responses to “libOVD adapters in OIM LDAP Integration : LDAPsync – view and modify Adapter settings (bindDN and bindPassword)”

    1. manin21 says:

      Hi Atul,

      I’m traying to setup LDAPSync in my OIM 11.1.1.5, as you mentioned, now IS NOT REQUIRED an OVD. I have deployed OIM without LDAPSync and now I want to enable LDAPSync (postinstallation enablement of LDAPSync) I have performed all steps from Oracle docs: http://docs.oracle.com/cd/E21764_01/doc.1111/e14308/ldapsync.htm#CHDHHJFG

      but I have not succeed. When I try to create a new user in OIM I have the following error:

      An error occurred while performing create user operation. Unable to get LDAP connection, and the root cause is – Failed to get connection due to initialization error with the pool: Failed to intialize and start UCP Connection pool

      Looking at OIM servser output log I found the following:

      Caused By: com.oracle.oim.gcp.exceptions.ResourceConnectionCreateException: javax.naming.NamingException: Config location must be a directory [Root exception is oracle.ods.virtualization.config.ConfigException: Config location must be a directory]

      Help me please.

      By the way, “Oracle Identity and Access Manager for Administrators” is a great work, a second edition featuring OIM 11.1.1.5 should be released

      Regards
      Juan

    2. Atul Kumar says:

      @ Juan,

      I don’t think steps mentioned here are complete (it looks like libOVD related steps are missing)

      Do you see ovd/oim directory under $DOMAIN_HOME/config/fmwconfig ?

      can you see IT resource of type Directory Server in OIM ?

    3. manin21 says:

      Atul,

      Thanks for your quick response, point me please where to find the libOVD steps.

      under $DOMAIN_HOME/config/fmwconfig/ovd I have the following:

      [oracle@oim115 ovd]$ pwd
      /u01/app/oracle/product/fmw/user_projects/domains/IDMDomain/config/fmwconfig/ovd
      [oracle@oim115 ovd]$ ll
      total 4
      drwxr-x— 2 oracle oinstall 4096 Nov 15 20:20 default

      in the “default” directory there is:

      oracle@oim115 ovd]$ cd default/
      [oracle@oim115 default]$ ll
      total 24
      -rw-r—– 1 oracle oinstall 220 Mar 26 2011 adapters.os_xml
      -rw-r—– 1 oracle oinstall 3104 Mar 26 2011 component_events.xml
      -rw-r—– 1 oracle oinstall 5060 Mar 26 2011 provider.os_xml
      -rw-r—– 1 oracle oinstall 117 Mar 26 2011 schema.user.xml
      -rw-r—– 1 oracle oinstall 2841 Mar 26 2011 server.os_xml

      Thanks again for the help.

      Regards
      Juan

    4. manin21 says:

      I can see “Directory Server” IT Resource in OIM, also I have customized this IT Resource to my OID environment as described in step 5 of 10.1 Enabling Postinstallation LDAP Synchronization (http://docs.oracle.com/cd/E21764_01/doc.1111/e14308/ldapsync.htm#CHDGEGHJ)

      Regards
      Juan

    5. Atul Kumar says:

      @ manin21,
      Check my above posts again, you are missing oim folder inside ovd in $DOMAIN_HOME/config/fmwconfig

      In my view steps mentioned in guide to configure LDAPSync after installation are not complete.

      creation of linOVD step is missing from doc. Please contact Oracle Support to update doc with libOVD step for ldapSync after installation.

    6. manin21 says:

      Atul,

      Thanks for your valuable help. I will open a SR in order to achieve our goal.

      Best Regards
      Juan

    7. Karthick says:

      HI,

      Can you tell me how to change background colour and text font in OIM Administration and user console.

      Tell suggest me the answer soon…please…

    8. Atul Kumar says:

      Check OIM developer guide
      http://docs.oracle.com/cd/E17904_01/doc.1111/e14309/uicust.htm#OMDEV2742 – Customizing Oracle Identity Manager Interface

    9. Karthick says:

      I read that guide.from that i found that wanna change in Xellerate.css…

      I tried to change in Xellerate.css but it doesnt reflect in login page.I think in Xellerate.css modified wrongly.May i know where i need to need change the modifications.

      Can you suggest me please.

    10. Mike says:

      Atul,
      I think what you did the modifications such as changing BindDn to cn=oimLDAP from cn=orladmin , which we could do the same via the Directory Server in the IT Resource from the OIM admin concole, correct for oim11.1.1.5.x?
      Thanks,
      Mike

    11. Atul Kumar says:

      @ Mike,
      Yes, you are right we should change this via IT Resource from OIM Admin console (I’ve not tested this).

      Atul

    12. […] OAAM. Users between OIM & OID are synced using libOVD or OVD . More on libOVD in OIM here and here d) OIM is used for password reset and account unlock More on How account lock/unlock should […]

    13. […] OIM User Creation : An Error occurred while performing create user operation. Unable to get LDAP connection Posted in October 25th, 2012 byAtul Kumar in identity_manager This post covers an issue that I encountered on Oracle Identity Manager (OIM) while creating new user in OIM. Error I received on screen was “Error occurred while performing create user operation. Unable to get LDAP connection, and the root cause is – null“.  OIM during installation or later can be integrated with LDAP server using LDAPSync . More on LDAP Sync here, here, and here […]

    14. […] using LDAPSync (OIM should be configured with LDAPSync enabled. More on LDAPSync here, here, and here). This process will also clear two attributes obLockoutTime, and obLoginTryCount (OAM will then […]

    15. […] byAtul Kumar in oam, oid, OIM When you enable LDAPSync (More on LDAPSYnc here, here, and here ) in OIM 11g (LDAPSync is mandatory to integrate OIM with OAM for SSO), users updated in LDAP (OID) […]

    16. Saurabh Gairola says:

      Hi Atul,

      When i am going for Ldap Sync i am getting below error.

      oracle@orgxdevidam01:/oracle/app/product/fmw_iam/11.1.2.0/iam/server/ldap_config_util$ ./LDAPConfigPostSetup.sh /oracle/app/product/fmw_iam/11.1.2.0/iam/server/ldap_config_util
      For running the Utilities the following environment variables need to be set
      APP_SERVER is weblogic
      OIM_ORACLE_HOME is /oracle/app/product/fmw_iam/11.1.2.0/iam
      JAVA_HOME is /oracle/app/jrockit-jdk1.6.0_37
      MW_HOME is /oracle/app/product/fmw_iam/11.1.2.0
      WL_HOME is /oracle/app/product/fmw_iam/11.1.2.0/wlserver_10.3
      DOMAIN_HOME is /oracle/app/environments/dev/security/user_projects/domains/iam_domain
      [Enter OIM admin password:]
      java.lang.ClassNotFoundException: oracle.as.jmx.framework.standardmbeans.spi.JMXFrameworkProviderImpl
      at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
      at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
      at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
      at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
      at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
      at java.lang.Class.forName0(Native Method)
      at java.lang.Class.forName(Class.java:247)

      ….

      at oracle.ods.virtualization.service.VirtualizationServiceManager.createService(VirtualizationServiceManager.java:64)
      at oracle.ods.virtualization.service.VirtualizationServiceManager.getService(VirtualizationServiceManager.java:48)
      at oracle.ods.virtualization.jndi.OVDContext.(OVDContext.java:193)
      at oracle.ods.virtualization.jndi.OVDContextFactory.getInitialContext(OVDContextFactory.java:47)
      at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
      at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
      at javax.naming.InitialContext.init(InitialContext.java:223)
      at javax.naming.InitialContext.(InitialContext.java:198)
      at javax.naming.directory.InitialDirContext.(InitialDirContext.java:83)
      at oracle.iam.platformservice.utils.LDAPConfigPostSetup.(LDAPConfigPostSetup.java:221)
      at oracle.iam.platformservice.utils.LDAPConfigPostSetup.main(LDAPConfigPostSetup.java:139)
      Obtained LDAP Connection…..
      UsernamePasswordLoginModule.initialize(), debug enabled
      UsernamePasswordLoginModule.login(), username xelsysadm
      UsernamePasswordLoginModule.login(), URL t3://orgxdevidam01:7003
      Authenticated with OIM Admin…..
      Obtained Scheduler Service…..
      Successfully Enabled Changelog based Reconciliation schedule jobs.
      Successfully Updated Changelog based Reconciliation schedule jobs with last change number : 0

      i am using libOVD. I ran this script after i restarted my OIM server.

    17. Saurabh Gairola says:

      Earlier it was prompting for OID Ldap admin password. And now after i did a reinstallation..it is not prompting

    Leave a Reply



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP