Configuring OID 11.1.1.6 connector in OIM 11.1.2 for direct provisioning:
There is a big change in the way direct provisioning is done from OIM (Oracle Identity manager) to OID (Oracle Internet Directory) using OIM 11.1.2 connectors.
The connector documentation available for OIM 11.1.1 is https://docs.oracle.com/cd/E22999_01/index.htm
The same documentation can be used for configuring provisioning/reconciliation using OIM 11.1.2 connectors. But, there is a difference in the way resource is added in 11.1.2 OIM screens and this blog post will help you do it.
I did not come across OIM 11.1.2 specific connector documentation yet.
Pre-install Tasks
Create a Target System User Account for Connector Operations.
https://docs.oracle.com/cd/E22999_01/doc.111/e28603/deploy.htm#BGBDBGIE
Download the connector software from:
https://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html
Link: https://download.oracle.com/otn/nt/ias/connectors/111/OID-11.1.1.6.0.zip
Perform pre-installation task (unzip the zip file in ConnectorDefault directory)
[[email protected] ConnectorDefaultDirectory]$ pwd/u01/Middleware1/Oracle_IDM1/server/ConnectorDefaultDirectory
[[email protected] ConnectorDefaultDirectory]$ unzip OID-11.1.1.5.0.zipArchive: OID-11.1.1.5.0.zip
creating: OID-11.1.1.5.0/
creating: OID-11.1.1.5.0/bundle/
inflating: OID-11.1.1.5.0/bundle/org.identityconnectors.ldap-1.0.6380.jar
creating: OID-11.1.1.5.0/configuration/
inflating: OID-11.1.1.5.0/configuration/eDirectory-CI.xml
.
.
inflating: OID-11.1.1.5.0/xml/OID-ConnectorConfig.xml
inflating: OID-11.1.1.5.0/xml/OID-Datasets.xml
[[email protected] ConnectorDefaultDirectory]$ [[email protected] ConnectorDefaultDirectory]$ cd OID-11.1.1.5.0 [[email protected] OID-11.1.1.5.0]$ lsbundle configuration documentation lib readme.html resources xml
Configuring OIM – OID Connector in Provisioning mode.
Install the connector by login to https://<oim-hostname>.<domain>:14000/sysadmin/
Login:
Please click on the images below to enlarge them.
xelsysadm/<pwd>
Click on manage connectors.
Refresh this page.
Connector installation.
Click Load and wait till page loads 3 times.
Installation Successful.
Run Oracle Identity Manager PurgeCache utility to load the server cache with content from the connector resource bundle.
[[email protected] bin]$ pwd/u01/Middleware1/Oracle_IDM1/server/bin
[[email protected] bin]$ export APP_SERVER=weblogic [[email protected] bin]$ export OIM_ORACLE_HOME=/u01/Middleware1/Oracle_IDM1 [[email protected] bin]$ export JAVA_HOME=/u01/jdk1.6.0_37 [[email protected] bin]$ export WL_HOME=/u01/Middleware1/wlserver_10.3 [[email protected] bin]$ ./PurgeCache.sh allFor running the Utilities the following environment variables need to be set
APP_SERVER is weblogic
OIM_ORACLE_HOME is /u01/Middleware1/Oracle_IDM1
JAVA_HOME is /u01/jdk1.6.0_37
MW_HOME is /u01/Middleware1
WL_HOME is /u01/Middleware1/wlserver_10.3
DOMAIN_HOME is /u01/Middleware1/user_projects/domains/IDAM_domain
[Enter the admin username:]xelsysadm [Enter the admin password:] [Enter the service url : (i.e.: t3://oimhostname:oimportno for weblogic or corbaloc:iiop:oimhostname:oimportno for websphere)]t3://<oimhostname>.<domain>:14000weblogic.jndi.WLInitialContextFactory
UsernamePasswordLoginModule.initialize(), debug enabled
UsernamePasswordLoginModule.login(), username xelsysadm
UsernamePasswordLoginModule.login(), URL t3://<oimhostname>.<domain>:14000
PurgeCache Login Success…
Purging the cache categories:[all] is successful
Configure IT resource for the Target System.
IT resource name: OID Server
IT Resource type: OID Server
Configuration Lookup: Lookup.OID.Configuration
Connect Server Name : <leave blank=”>
baseContext : “dc=<client domain>,dc=com” (Note: Make sure you put the base context in quotes)
credentials : ****
failover : <blank>
host : <oid host=”>
port : <oid port>
principal : cn=orcladmin
ssl : false
Login to https://<oimhostname>.<domain>:14000/sysadmin.
Click Search.
If you see an Error Page -> refresh the page by pressing F5 button.
Click edit.
* Did not install and configure the connector server for OID
* Did not configure SSL for the connector
* Did not Enabling Logging for the Connector
Post-installation steps:
Clear Content Related to Connector Resource Bundles from the Server Cache by running purgecache.sh script.
Set up the Lookup Definition for Connection Pooling (optional, did not do it for now).
Perform the following inside the OIM design console
Login to design console and make sure auto save feature is enabled in the OID user form (resource object).
Login to design console by running $ORACLE_HOME/designconsole/xlclient.sh
In the design console check Lookup.OID.Organization
You will see only 281/LookupOIDOrg
Add the following entry to Lookup.OID.Organization lookup:
Code Key: 281~cn=Users,dc=<client domain>,dc=com (where 281 is the IT resource key)
Decode: OID Server~cn=Users,dc==<client domain>,dc=com (where LDAP_server is the IT resource name)
Run the 2 lookup field reconciliation jobs using the OIM scheduler:
OID Connector Group Lookup Reconciliation
Parameters (stuck with ones populated by default)
key code attribute : dn
decore attribute : cn
IT resource name : OID Server
Lookup Name : Lookup.OID.Group
Object Type : Group
OID Connector OU Lookup Reconciliation
key code attribute : dn
decore attribute : ou
IT resource name : OID Server
Lookup Name : Lookup.OID.Organization
Object Type : OU
Performing Provisioning Operations (Direct Provisioning)
In 11.1.2 OIM, resource object cannot be directly assigned to a user.
We need to create an application instance.
So the procedure is as per the following:
a. Create a sandbox. Do not publish it now.
b. Create an application instance.
Populate the following:
Name: AppInstance1
Display Name: AppInstance1
Resource Object: OID User
IT resource instance: OID Server
Form: Create
Resource Type: OID user
Form Name: Form 1. Make sure bulkload options are enabled for all fields in the form.
In the organization for the application instance populate “Xellerate Users”
Click on checkbox for entitlement below.
Run Catalog Synchronization job from scheduler in OIM.
Publish the Catalog.
Run Catalog Synchronization job from scheduler in OIM (does not cost to run multiple times).
c. Create a user in OIM:
Firstname: Subhajit
Lastname: Chaudhuri
Organization: Xellerate Users (depends)
Organization Type: Consultant (depends)
Userlogin: chaudhuri
Password: ****
Confirm password ****
Once the user is created, go to Accounts tab.
Click on request Account.
Search for Catalog with string OID.
Add AppInstance1 Application instance to the cart.
d. Push the following information in the form:
Userid
Password
First Name
Last Name
Container DN = OID Server~cn=Users,dc=<client domain>, dc=com
ssouid
Email ID [email protected]
Preferred Language
Click on Ready to Submit
Click on Submit
e. User will now get provisioned.
Check on resource summary for the user.
System Validation Completed
Create User done.
f. Log into ODSM in OID.
Check that the user got provisioned in OID as well.
11 Comments. Leave new
How do you have the form pre-populated with the field values when I create the OIM user. I would like to auto-provision to OID.
Thanks,
Paul
Hi Paul,
You can configure access policies to auto provision users created in OIM to OID.
https://docs.oracle.com/cd/E27559_01/admin.1112/e27149/accesspolicies.htm
Thanks
Subhajit
Hi,
You did a great job for compiling such a useful info.
For Integrating OIM with OID i ‘ve followed the above steps
while running the OID Connector Group Lookup Reconciliation task
I am getting this error
org.identityconnectors.framework.common.exceptions.ConfigurationException: Bundle oimjar://local:0ldapbp.jar is missing required attribute ‘ConnectorBundle-FrameworkVersion’.
could you please suggest… I ‘ve followed the exact sequence mentioned above, faced no in Installing the Connector software beside doing the Pre & Post installation task of the connector software successfully.
Really Appreciate the response.
Thanks
Priya
Hi Priya,
Thanks for the feedback.
Have you deployed the connector locally in Oracle Identity Manager or remotely in the Connector Server? Are you using OIM 11.1.2?
I have not come across this error during the installation. If it persists, let me know and we can have a screen sharing session to troubleshoot.
Thanks
Subhajit
Thanks for the kind response.
It would be wonderful if u could share the screen.
My gtalk id: priyawithgrace At gmail.com
The OIM version is : DEV1_OIM
Oracle Identity Manager
11.1.1.5.0
also please see the output of opatch lsinventory as i ‘ve the apply or upgrade OIM during oim config phase.
Installed Top-level Products (1):
Oracle IDM Suite 11.1.1.5.0
There are 1 products installed in this Oracle Home.
Interim patches (2) :
Patch 13399365 : applied on Wed Aug 28 15:32:33 IST 2013
Unique Patch ID: 14530777
Created on 23 Jan 2012, 07:05:58 hrs PST8PDT
Bugs fixed:
12540787, 12368148, 12405292, 13086296, 12682244, 13044552, 13037620
12588915, 12404850, 12773799, 12954070, 12575525, 11825112, 12424740
12677786, 13039515, 12821149, 12431891, 13382320, 12410553, 13604466
12423222, 11892650, 11829837, 12598252, 12588703, 12772785, 12598611
12326412, 12417890, 12386228, 13597192, 12949542, 13100650, 12732936
13036545, 13389739, 12950805, 12751739, 13081723, 13527762, 12764550
12565559, 13329133, 11654973, 11819930, 13592472, 12768049, 13427329
13431061, 13434761, 13068455, 13535712, 13020180, 11707846, 12696457
13336792, 12411222, 12423459, 12741980, 13028465, 13543597, 13588816
12383768, 13403595, 12666800, 11872636, 12341954, 12981413, 13002909
12379527, 12541466, 12391139, 13051431, 12575907, 12434745, 12999244
11739399, 12382537, 12598342, 12596811, 12975430, 12575769, 12398549
10334833, 12544011, 12633678, 11743926, 12933623, 12827416, 10243868
13585124, 12674329, 12631428, 12859753, 12631284, 13091365, 13147425
12971157, 12725160, 13111388, 13081748, 13033805, 12831804, 12593775
12618370, 12812576, 13103878, 12772309, 12747232, 11854508, 13565319
12763347, 12417344, 12969174, 13524234, 12359653, 12889631, 11900767
12400823, 13003941, 13557376, 10384392, 12554155, 12812650, 11799942
12406131, 12912088, 12836681, 13097769, 12701216, 12985214, 12340456
12825610, 12406067, 12314652, 12642658, 12639144, 12879878, 13068916
13114952, 13371220, 12401127, 12592623, 13413384, 13069860, 12625311
13508784, 12530568, 13524244, 12738645, 12767355, 12559682, 12726059
12847832, 12873494, 12414168, 12997747, 13062532, 12742671, 12412498
13064353, 12628376, 12404692, 12967733, 13336323, 11769948, 12934099
12802475, 13051254, 13500229, 13055399, 12530214, 12625614, 12912249
12885224, 13087153, 12554175, 12701887, 12539512, 12855863, 12672613
12672257, 12414179, 12729119, 12959505, 13361981, 12537557, 11872604
13455644, 13553478, 12606602, 12824041, 13064725, 12682458, 12766139
12697880, 12625336, 12701963, 12543188, 13030860, 12933881
Patch 12733108 : applied on Mon Aug 05 19:46:04 IST 2013
Unique Patch ID: 14137824
Created on 28 Aug 2011, 08:34:40 hrs PST8PDT
Bugs fixed:
12390907, 12576767, 10094601, 12631787, 12641759, 12545547, 12424280
12538294, 12424541, 12690463, 12433283, 12433268, 12646546, 12423833
12733108, 12413677, 12529649, 12631721, 12396357, 12433297, 12690914
12416670, 12401705, 12588136, 12427438, 12434387, 12591938, 12688879
12551922, 12601409, 12573315
——————————————–
Thanks!
Priya
I ‘ve deployed the connector locally in the IDM server.
Thanks
Priya
Hi,
I ‘ve been waiting to hear from you on this issue. as am unable to get past the error.
I ‘ve tried variuos configuratins options for it to work but to no avail.
Also if Configuration Lookup parameter value set to: Lookup.LDAP.OID.Configuration or Lookup.LDAP.OID.Configuration.trusted
than getting this error
oracle.iam.connectors.icfcommon.exceptions.OIMException: Thor.API.Exceptions.tcInvalidLookupException
OR From this Value Configuration Lookup: Lookup.OID.Configuration
I am getting the Earlier Error that i ‘ve posted.
Also there is no errors in the Admin & oim and oid log files
Any suggestions from u would be more than welcome.
Waiting to hear from you.
Thanks
Priya
How to configure OIM such that user created in OIM will be automatically created in OID.
Basically how to auto provision user.
Priya,
I have auto-provisioning from OIM to OID going. I also have requesting an entitlement (OID group membership) working in OIM (with SOA composites for approval workflow). I will have an OIM role with OIM users as members. I want to auto-provision (no approval necessary)OIM users to entitlements (multiple entitlements) once an OIM user is assigned to an OIM role. How do I go about it? I know I need to create an Access Policy with the specified role. I think I may need a child table for OID. If I do need a child table for OID, that is what I am not too sure about..
How to configure OIM such that user created in OIM will be automatically created in LDAPv3 based DB (Open DJ)? Basically how to do provisioning and reconciliation?