Configuring OID Connector in OIM 11.1.2

Posted in: Technical Track

Configuring OID connector in OIM 11.1.2 for direct provisioning:

There is a big change in the way direct provisioning is done from OIM (Oracle Identity manager) to OID (Oracle Internet Directory) using OIM 11.1.2 connectors.

The connector documentation available for OIM 11.1.1 is

The same documentation can be used for configuring provisioning/reconciliation using OIM 11.1.2 connectors. But, there is a difference in the way resource is added in 11.1.2 OIM screens and this blog post will help you do it.

I did not come across OIM 11.1.2 specific connector documentation yet.

Pre-install Tasks

Create a Target System User Account for Connector Operations.

Download the connector software from:


Perform pre-installation task (unzip the zip file in ConnectorDefault directory)

[[email protected] ConnectorDefaultDirectory]$ pwd


[[email protected] ConnectorDefaultDirectory]$ unzip


creating: OID-

creating: OID-

inflating: OID-

creating: OID-

inflating: OID-



inflating: OID-

inflating: OID-

[[email protected] ConnectorDefaultDirectory]$

[[email protected] ConnectorDefaultDirectory]$ cd OID-

[[email protected] OID-]$ ls

bundle  configuration  documentation  lib  readme.html  resources  xml

Configuring OIM – OID Connector in Provisioning mode.

Install the connector by login to https://<oim-hostname>.<domain>:14000/sysadmin/


Please click on the images below to enlarge them.



Click on manage connectors.


Refresh this page.


Connector installation.



Click Load and wait till page loads 3 times.


Installation Successful.

Run Oracle Identity Manager PurgeCache utility to load the server cache with content from the connector resource bundle.

[[email protected] bin]$ pwd


[[email protected] bin]$ export APP_SERVER=weblogic

[[email protected] bin]$ export OIM_ORACLE_HOME=/u01/Middleware1/Oracle_IDM1

[[email protected] bin]$ export JAVA_HOME=/u01/jdk1.6.0_37

[[email protected] bin]$ export WL_HOME=/u01/Middleware1/wlserver_10.3

[[email protected] bin]$ ./ all

For running the Utilities the following environment variables need to be set

APP_SERVER is weblogic

OIM_ORACLE_HOME is /u01/Middleware1/Oracle_IDM1

JAVA_HOME is /u01/jdk1.6.0_37

MW_HOME is /u01/Middleware1

WL_HOME is /u01/Middleware1/wlserver_10.3

DOMAIN_HOME is /u01/Middleware1/user_projects/domains/IDAM_domain

[Enter the admin username:]xelsysadm

[Enter the admin password:] [Enter the service url : (i.e.: t3://oimhostname:oimportno for weblogic or corbaloc:iiop:oimhostname:oimportno for websphere)]t3://<oimhostname>.<domain>:14000


UsernamePasswordLoginModule.initialize(), debug enabled

UsernamePasswordLoginModule.login(), username xelsysadm

UsernamePasswordLoginModule.login(), URL t3://<oimhostname>.<domain>:14000

PurgeCache Login Success…

Purging the cache categories:[all] is successful

Configure IT resource for the Target System.

IT resource name: OID Server

IT Resource type: OID Server

Configuration Lookup: Lookup.OID.Configuration

Connect Server Name : <leave blank=”>

baseContext : “dc=<client domain>,dc=com” (Note: Make sure you put the base context in quotes)

credentials : ****

failover : <blank>

host : <oid host=”>

port : <oid port>

principal : cn=orcladmin

ssl : false


Login to https://<oimhostname>.<domain>:14000/sysadmin.


Click Search.


If you see an Error Page -> refresh the page by pressing F5 button.


Click edit.


* Did not install and configure the connector server for OID

* Did not configure SSL for the connector

* Did not Enabling Logging for the Connector

Post-installation steps:

Clear Content Related to Connector Resource Bundles from the Server Cache by running script.

Set up the Lookup Definition for Connection Pooling (optional, did not do it for now).

Perform the following inside the OIM design console

Login to design console and make sure auto save feature is enabled in the OID user form (resource object).

Login to design console by running $ORACLE_HOME/designconsole/

In the design console check Lookup.OID.Organization

You will see only 281/LookupOIDOrg

Add the following entry to Lookup.OID.Organization lookup:

Code Key: 281~cn=Users,dc=<client domain>,dc=com (where 281 is the IT resource key)

Decode: OID Server~cn=Users,dc==<client domain>,dc=com (where LDAP_server is the IT resource name)

Run the 2 lookup field reconciliation jobs using the OIM scheduler:

OID Connector Group Lookup Reconciliation

Parameters (stuck with ones populated by default)

key code attribute : dn

decore attribute : cn

IT resource name : OID Server

Lookup Name : Lookup.OID.Group

Object Type : Group

OID Connector OU Lookup Reconciliation

key code attribute : dn

decore attribute : ou

IT resource name : OID Server

Lookup Name : Lookup.OID.Organization

Object Type : OU

Performing Provisioning Operations (Direct Provisioning)

In 11.1.2 OIM, resource object cannot be directly assigned to a user.

We need to create an application instance.


So the procedure is as per the following:


a. Create a sandbox. Do not publish it now.

b. Create an application instance.

Populate the following:

Name: AppInstance1

Display Name: AppInstance1

Resource Object: OID User

IT resource instance: OID Server

Form: Create

Resource Type: OID user

Form Name: Form 1. Make sure bulkload options are enabled for all fields in the form.

In the organization for the application instance populate “Xellerate Users”

Click on checkbox for entitlement below.

Run Catalog Synchronization job from scheduler in OIM.

Publish the Catalog.

Run Catalog Synchronization job from scheduler in OIM (does not cost to run multiple times).

c. Create a user in OIM:

Firstname: Subhajit

Lastname: Chaudhuri

Organization: Xellerate Users (depends)

Organization Type: Consultant (depends)

Userlogin: chaudhuri

Password: ****

Confirm password ****


Once the user is created, go to Accounts tab.

Click on request Account.

Search for Catalog with string OID.

Add AppInstance1 Application instance to the cart.


d. Push the following information in the form:



First Name

Last Name

Container DN = OID Server~cn=Users,dc=<client domain>, dc=com


Email ID [email protected]

Preferred Language

Click on Ready to Submit

Click on Submit

e. User will now get provisioned.

Check on resource summary for the user.

System Validation Completed

Create User done.

f. Log into ODSM in OID.

Check that the user got provisioned in OID as well.

Want to talk with an expert? Schedule a call with our team to get the conversation started.

About the Author

A top-notch troubleshooter, Subhajit manages an expert team across three continents that works 24/7 to keep clients' systems up and running at peak performance. With more than 9 years under his belt as an Oracle Applications DBA, Subhajit has extensive knowledge of Oracle Applications E-Business Suite Technology stack (11i and R12), 10gAS - SSO, OID and Portal, Fusion Middleware - OAM, OID 11g, Access gate, Webgates, reverse proxies, application performance tuning, backup recovery and more. Constantly looking to learn and grow his repertoire of professional skills, Subhajit was drawn to Pythian by the chance to lead a highly professional team and be surrounded by what he calls "Masters of Oracle Technology". Subhajit holds a bachelor of Technology in Electronics and Telecommunication Engineering as well as four Oracle certifications : Oracle Database 10g Certified Professional Oracle Application Server 10g Certified Associate Oracle 11i Certified Professional Oracle 10g RAC Administrator Certified Expert

11 Comments. Leave new

How do you have the form pre-populated with the field values when I create the OIM user. I would like to auto-provision to OID.



Hi Paul,

You can configure access policies to auto provision users created in OIM to OID.



You did a great job for compiling such a useful info.
For Integrating OIM with OID i ‘ve followed the above steps
while running the OID Connector Group Lookup Reconciliation task
I am getting this error
org.identityconnectors.framework.common.exceptions.ConfigurationException: Bundle oimjar://local:0ldapbp.jar is missing required attribute ‘ConnectorBundle-FrameworkVersion’.

could you please suggest… I ‘ve followed the exact sequence mentioned above, faced no in Installing the Connector software beside doing the Pre & Post installation task of the connector software successfully.

Really Appreciate the response.



Hi Priya,

Thanks for the feedback.
Have you deployed the connector locally in Oracle Identity Manager or remotely in the Connector Server? Are you using OIM 11.1.2?
I have not come across this error during the installation. If it persists, let me know and we can have a screen sharing session to troubleshoot.



Thanks for the kind response.
It would be wonderful if u could share the screen.
My gtalk id: priyawithgrace At

The OIM version is : DEV1_OIM
Oracle Identity Manager

also please see the output of opatch lsinventory as i ‘ve the apply or upgrade OIM during oim config phase.

Installed Top-level Products (1):

Oracle IDM Suite
There are 1 products installed in this Oracle Home.

Interim patches (2) :

Patch 13399365 : applied on Wed Aug 28 15:32:33 IST 2013
Unique Patch ID: 14530777
Created on 23 Jan 2012, 07:05:58 hrs PST8PDT
Bugs fixed:
12540787, 12368148, 12405292, 13086296, 12682244, 13044552, 13037620
12588915, 12404850, 12773799, 12954070, 12575525, 11825112, 12424740
12677786, 13039515, 12821149, 12431891, 13382320, 12410553, 13604466
12423222, 11892650, 11829837, 12598252, 12588703, 12772785, 12598611
12326412, 12417890, 12386228, 13597192, 12949542, 13100650, 12732936
13036545, 13389739, 12950805, 12751739, 13081723, 13527762, 12764550
12565559, 13329133, 11654973, 11819930, 13592472, 12768049, 13427329
13431061, 13434761, 13068455, 13535712, 13020180, 11707846, 12696457
13336792, 12411222, 12423459, 12741980, 13028465, 13543597, 13588816
12383768, 13403595, 12666800, 11872636, 12341954, 12981413, 13002909
12379527, 12541466, 12391139, 13051431, 12575907, 12434745, 12999244
11739399, 12382537, 12598342, 12596811, 12975430, 12575769, 12398549
10334833, 12544011, 12633678, 11743926, 12933623, 12827416, 10243868
13585124, 12674329, 12631428, 12859753, 12631284, 13091365, 13147425
12971157, 12725160, 13111388, 13081748, 13033805, 12831804, 12593775
12618370, 12812576, 13103878, 12772309, 12747232, 11854508, 13565319
12763347, 12417344, 12969174, 13524234, 12359653, 12889631, 11900767
12400823, 13003941, 13557376, 10384392, 12554155, 12812650, 11799942
12406131, 12912088, 12836681, 13097769, 12701216, 12985214, 12340456
12825610, 12406067, 12314652, 12642658, 12639144, 12879878, 13068916
13114952, 13371220, 12401127, 12592623, 13413384, 13069860, 12625311
13508784, 12530568, 13524244, 12738645, 12767355, 12559682, 12726059
12847832, 12873494, 12414168, 12997747, 13062532, 12742671, 12412498
13064353, 12628376, 12404692, 12967733, 13336323, 11769948, 12934099
12802475, 13051254, 13500229, 13055399, 12530214, 12625614, 12912249
12885224, 13087153, 12554175, 12701887, 12539512, 12855863, 12672613
12672257, 12414179, 12729119, 12959505, 13361981, 12537557, 11872604
13455644, 13553478, 12606602, 12824041, 13064725, 12682458, 12766139
12697880, 12625336, 12701963, 12543188, 13030860, 12933881

Patch 12733108 : applied on Mon Aug 05 19:46:04 IST 2013
Unique Patch ID: 14137824
Created on 28 Aug 2011, 08:34:40 hrs PST8PDT
Bugs fixed:
12390907, 12576767, 10094601, 12631787, 12641759, 12545547, 12424280
12538294, 12424541, 12690463, 12433283, 12433268, 12646546, 12423833
12733108, 12413677, 12529649, 12631721, 12396357, 12433297, 12690914
12416670, 12401705, 12588136, 12427438, 12434387, 12591938, 12688879
12551922, 12601409, 12573315




I ‘ve deployed the connector locally in the IDM server.




I ‘ve been waiting to hear from you on this issue. as am unable to get past the error.

I ‘ve tried variuos configuratins options for it to work but to no avail.

Also if Configuration Lookup parameter value set to: Lookup.LDAP.OID.Configuration or Lookup.LDAP.OID.Configuration.trusted
than getting this error

oracle.iam.connectors.icfcommon.exceptions.OIMException: Thor.API.Exceptions.tcInvalidLookupException

OR From this Value Configuration Lookup: Lookup.OID.Configuration

I am getting the Earlier Error that i ‘ve posted.

Also there is no errors in the Admin & oim and oid log files

Any suggestions from u would be more than welcome.

Waiting to hear from you.



How to configure OIM such that user created in OIM will be automatically created in OID.


Basically how to auto provision user.



I have auto-provisioning from OIM to OID going. I also have requesting an entitlement (OID group membership) working in OIM (with SOA composites for approval workflow). I will have an OIM role with OIM users as members. I want to auto-provision (no approval necessary)OIM users to entitlements (multiple entitlements) once an OIM user is assigned to an OIM role. How do I go about it? I know I need to create an Access Policy with the specified role. I think I may need a child table for OID. If I do need a child table for OID, that is what I am not too sure about..


How to configure OIM such that user created in OIM will be automatically created in LDAPv3 based DB (Open DJ)? Basically how to do provisioning and reconciliation?


Leave a Reply

Your email address will not be published. Required fields are marked *