Leave a Comment:
23 comments
Hi Atul,
Recently i have integrated the OID 11.1.1.6 with the AD 2008. Can you let me know what is the user/purpose of OIM(oracle identity manager) which is part of OAM(oracle access manager)
Reply@ Chandra,
OID can be integrated directly with AD using DIP (More on DIP at http://onlineappsdba.com/index.php/2011/01/04/how-to-configure-oid-ad-integration-usergroup-synchronization-using-dip/) or use OIM in between. Users are synchronized between AD & OIM and also between OIM & OID (hence OIM acting as provisioning and reconciliation engine for OID & AD).
OAM and OIM integration provides self service password maangement (forgot password, change password) and user management feature for applications protected by OAM. You can protect OIM application for SSO using OAM.
ReplyHi Atual,
Thanks for your reply. I have used DIP as it comes by default once you install OID. can you provide me with the steps to integrate identity manager and OID.
Reply@ Chandra , There are two ways to integrate OID with OIM .
using LDAP sync http://onlineappsdba.com/index.php/2010/12/29/part-viii-optional-configure-ldap-sync-with-oim-11g-oim-11g-integration-with-ovdoid/
or
using connector http://onlineappsdba.com/index.php/2010/08/26/oracle-identity-manager-oim-connector-for-oracle-internet-directory-oid-architecture-and-overview/
Also check http://onlineappsdba.com/index.php/2012/06/13/users-not-synced-from-oid-to-oim-debug-scheduled-job/
Request you to search on this website before posting your query .
ReplyHello,
I wonder whether you have had the success on the incramental job ”LDAP User Create and Update Reconciliation”. it does not work on the my both oim 11.1.1.5.0 and 11.1.1.5.4 instances. There is the note: Recon Job “LDAP User Create And Update Reconciliation” Not Working (Doc ID 1455989.1) and the patch 12974293 for. But after having the patch applied on the both, job still does not work.
The full version job works fine on the both.
Hi Atul,
I am not able to find the schedule job “LDAP User Create and Update Full Reconciliation” in OIM 11g R2. I am enabling LDAP sync post installation
I facing errors while executing
For reconciliation jobs, seed the LDAP Reconciliation jobs or Load LDAP Recon jobs into Quartz tables, which are part of Oracle Identity Manager schema. To do so:
Seed the LDAP Recon jobs by using the patch_weblogic.sh MDS utility available in OIM_HOME/bin/.
Note:
In a text editor, open the $OIM_ORACLE_HOME/server/bin/weblogic.profile file, and enter values for the properties before executing the patch_weblogic.sh script.
Set ANT_HOME and JAVA_HOME accordingly.
Create a backup of a $OIM_ORACLE_HOME/server/setup/deploy-files/setup.xml.
In a text editor, open the $OIM_ORACLE_HOME/server/setup/deploy-files/setup.xml file.
If the target for seeding Recon jobs is commented by default, then uncomment the following and have only that target in that file to seed the reconciliation jobs:
== Uncomment this line.
Regards
A Abhinay
@abhinay,
Did you select LDAP sync during OIM configuration ?
@ abhinay_a,
These LDAP sync jobs will come only when you configure LDAPSync
@Atul
I have seeded the recon jobs into OIM. Provisioning is working fine.
When i execute the schedule job for recon i get
[2013-02-10T21:54:54.583+11:00] [oim_server1] [ERROR] [] [oracle.iam.platform.entitymgr.provider.ldap] [tid: OIMQuartzScheduler_Worker-4] [userId: oiminternal] [ecid: 0000Jl74JO7F^6r_GHFg6f1Gxt46000002,1:27814] [APP: oim#11.1.2.0.0] An error occurred while searching the entity in LDAP, and the corresponding error is – {0}[[
javax.naming.NameNotFoundException: [LDAP: error code 32 – LDAP Error 32 : No Such Object]; remaining name ‘cn=users,dc=External,dc=randl,dc=com’
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3092)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.search(LDAPUtil.java:1091)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.list(LDAPDataProvider.java:2736)
at oracle.iam.ldapsync.scheduletasks.user.LDAPUserFullReconTask.execute(LDAPUserFullReconTask.java:87)
at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:135)
at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:116)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:266)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:75)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
@abhinay_a,
Did you run full recon or incremental recon ?
Did you run full recon before doing incremental recon ?
Reply@SK are you using Connector or LDAPSYnc?
Did you check in logs?
Atul
Reply@atul
i am running full recon
LDAP User Create and Update Full Reconciliation
Hi Atul,
We see that the password does successfully get changed in LDAP when the administrator changes their password.
When the user tries to log in to OIM, we see that the LDAP BIND is successful, although OIM shows an error “Invalid Credentials”
The user can successfully log in to other applications that use the same LDAP for authentication using the password set by the administrator, confirming the password change in LDAP is successful.
however after 15-20 mins user can able to login to OIM. why this 20 min delay is happening?
ReplyHi Atul,
I am getting the below mentioned error while trying to start OIM Managed server in version 11.1.1.5.0.
<Login Exception encountered when trying to login as admin {0}
javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User
oiminternal javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User oiminternal denied
at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:199)
The impact of this error is as below :
After LDAP Sync the scheduler services had run successfully.
Please help me on this.
ReplyHi Atul,
I am new to IDAM environment and client which i support has integrated environment. We have EBS as master source of truth. User is created in EBS then it will flow to OID and then to OIM. I would like to know how can i track the user creation and flow from backend ? Which logs will indicate such successful operation ?
Many thanks in advance!!!
Regards,
AjayDBA
Hi Atul,
I am new to IDAM environment and client which i support has integrated environment. We have EBS as master source of truth. User is created in EBS then it will flow to OID and then to OIM. I would like to know how can i track the user creation and flow from backend ? Which logs will indicate such successful operation ?
Many thanks in advance!!!
Regards,
AjayDBA
Hi Atul,
LDAP User Create and Update Full Reconciliation is failing intermittently with error
“oracle.iam.ldapsync.exception.ProcessLDAPReconDataException: An error occurred as there is no result or null returned from LDAP. Check the log files.”
OID users are not synced to OIM.
Thanks in advance…
ReplyHi Atul,
I recently started using IDM, and I want to check scheduled job success count, for ex: LDAP user create and update full reconciliation total success full run count from back-end. I can get that from front end. Kindly help
Reply