Configuring OID 11.1.1.6 Connector in OIM 11.1.2

Jul 12, 2013 / By Subhajit Chaudhuri

Tags: ,

Configuring OID 11.1.1.6 connector in OIM 11.1.2 for direct provisioning:

There is a big change in the way direct provisioning is done from OIM (Oracle Identity manager) to OID (Oracle Internet Directory) using OIM 11.1.2 connectors.

The connector documentation available for OIM 11.1.1 is http://docs.oracle.com/cd/E22999_01/index.htm

The same documentation can be used for configuring provisioning/reconciliation using OIM 11.1.2 connectors. But, there is a difference in the way resource is added in 11.1.2 OIM screens and this blog post will help you do it.

I did not come across OIM 11.1.2 specific connector documentation yet.

Pre-install Tasks

Create a Target System User Account for Connector Operations.

http://docs.oracle.com/cd/E22999_01/doc.111/e28603/deploy.htm#BGBDBGIE

Download the connector software from:

http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html

Link: http://download.oracle.com/otn/nt/ias/connectors/111/OID-11.1.1.6.0.zip

Perform pre-installation task (unzip the zip file in ConnectorDefault directory)

[oracle@oim-server ConnectorDefaultDirectory]$ pwd

/u01/Middleware1/Oracle_IDM1/server/ConnectorDefaultDirectory

[oracle@oim-server ConnectorDefaultDirectory]$ unzip OID-11.1.1.5.0.zip

Archive:  OID-11.1.1.5.0.zip

creating: OID-11.1.1.5.0/

creating: OID-11.1.1.5.0/bundle/

inflating: OID-11.1.1.5.0/bundle/org.identityconnectors.ldap-1.0.6380.jar

creating: OID-11.1.1.5.0/configuration/

inflating: OID-11.1.1.5.0/configuration/eDirectory-CI.xml

.

.

inflating: OID-11.1.1.5.0/xml/OID-ConnectorConfig.xml

inflating: OID-11.1.1.5.0/xml/OID-Datasets.xml

[oracle@oim-server ConnectorDefaultDirectory]$

[oracle@oim-server ConnectorDefaultDirectory]$ cd OID-11.1.1.5.0

[oracle@oim-server OID-11.1.1.5.0]$ ls

bundle  configuration  documentation  lib  readme.html  resources  xml

Configuring OIM – OID Connector in Provisioning mode.

Install the connector by login to http://<oim-hostname>.<domain>:14000/sysadmin/

Login:

Please click on the images below to enlarge them.

1

xelsysadm/<pwd>

Click on manage connectors.

2

Refresh this page.

3

Connector installation.

4 5

Click Load and wait till page loads 3 times.

6

Installation Successful.

Run Oracle Identity Manager PurgeCache utility to load the server cache with content from the connector resource bundle.

[oracle@oim-server bin]$ pwd

/u01/Middleware1/Oracle_IDM1/server/bin

[oracle@oim-server bin]$ export APP_SERVER=weblogic

[oracle@oim-server bin]$ export OIM_ORACLE_HOME=/u01/Middleware1/Oracle_IDM1

[oracle@oim-server bin]$ export JAVA_HOME=/u01/jdk1.6.0_37

[oracle@oim-server bin]$ export WL_HOME=/u01/Middleware1/wlserver_10.3

[oracle@oim-server bin]$ ./PurgeCache.sh all

For running the Utilities the following environment variables need to be set

APP_SERVER is weblogic

OIM_ORACLE_HOME is /u01/Middleware1/Oracle_IDM1

JAVA_HOME is /u01/jdk1.6.0_37

MW_HOME is /u01/Middleware1

WL_HOME is /u01/Middleware1/wlserver_10.3

DOMAIN_HOME is /u01/Middleware1/user_projects/domains/IDAM_domain

[Enter the admin username:]xelsysadm

[Enter the admin password:]

[Enter the service url : (i.e.: t3://oimhostname:oimportno for weblogic or corbaloc:iiop:oimhostname:oimportno for websphere)]t3://<oimhostname>.<domain>:14000

weblogic.jndi.WLInitialContextFactory

UsernamePasswordLoginModule.initialize(), debug enabled

UsernamePasswordLoginModule.login(), username xelsysadm

UsernamePasswordLoginModule.login(), URL t3://<oimhostname>.<domain>:14000

PurgeCache Login Success…

Purging the cache categories:[all] is successful

Configure IT resource for the Target System.

IT resource name: OID Server

IT Resource type: OID Server

Configuration Lookup: Lookup.OID.Configuration

Connect Server Name : <leave blank=”>

baseContext : “dc=<client domain>,dc=com” (Note: Make sure you put the base context in quotes)

credentials : ****

failover : <blank>

host : <oid host=”>

port : <oid port>

principal : cn=orcladmin

ssl : false

 

Login to http://<oimhostname>.<domain>:14000/sysadmin.

7

Click Search.

8

If you see an Error Page -> refresh the page by pressing F5 button.

9

Click edit.

10

* Did not install and configure the connector server for OID

* Did not configure SSL for the connector

* Did not Enabling Logging for the Connector

Post-installation steps:

Clear Content Related to Connector Resource Bundles from the Server Cache by running purgecache.sh script.

Set up the Lookup Definition for Connection Pooling (optional, did not do it for now).

Perform the following inside the OIM design console

Login to design console and make sure auto save feature is enabled in the OID user form (resource object).

Login to design console by running $ORACLE_HOME/designconsole/xlclient.sh

In the design console check Lookup.OID.Organization

You will see only 281/LookupOIDOrg

Add the following entry to Lookup.OID.Organization lookup:

Code Key: 281~cn=Users,dc=<client domain>,dc=com (where 281 is the IT resource key)

Decode: OID Server~cn=Users,dc==<client domain>,dc=com (where LDAP_server is the IT resource name)


Run the 2 lookup field reconciliation jobs using the OIM scheduler:

OID Connector Group Lookup Reconciliation

Parameters (stuck with ones populated by default)

key code attribute : dn

decore attribute : cn

IT resource name : OID Server

Lookup Name : Lookup.OID.Group

Object Type : Group

OID Connector OU Lookup Reconciliation

key code attribute : dn

decore attribute : ou

IT resource name : OID Server

Lookup Name : Lookup.OID.Organization

Object Type : OU

Performing Provisioning Operations (Direct Provisioning)

In 11.1.2 OIM, resource object cannot be directly assigned to a user.

We need to create an application instance.

 

So the procedure is as per the following:

 

a. Create a sandbox. Do not publish it now.

b. Create an application instance.

Populate the following:

Name: AppInstance1

Display Name: AppInstance1

Resource Object: OID User

IT resource instance: OID Server

Form: Create

Resource Type: OID user

Form Name: Form 1. Make sure bulkload options are enabled for all fields in the form.

In the organization for the application instance populate “Xellerate Users”

Click on checkbox for entitlement below.

Run Catalog Synchronization job from scheduler in OIM.

Publish the Catalog.

Run Catalog Synchronization job from scheduler in OIM (does not cost to run multiple times).

c. Create a user in OIM:

Firstname: Subhajit

Lastname: Chaudhuri

Organization: Xellerate Users (depends)

Organization Type: Consultant (depends)

Userlogin: chaudhuri

Password: ****

Confirm password ****

 

Once the user is created, go to Accounts tab.

Click on request Account.

Search for Catalog with string OID.

Add AppInstance1 Application instance to the cart.

 

d. Push the following information in the form:

Userid

Password

First Name

Last Name

Container DN = OID Server~cn=Users,dc=<client domain>, dc=com

ssouid

Email ID abc@pythian.com

Preferred Language

Click on Ready to Submit

Click on Submit

e. User will now get provisioned.

Check on resource summary for the user.

System Validation Completed

Create User done.

f. Log into ODSM in OID.

Check that the user got provisioned in OID as well.

7 Responses to “Configuring OID 11.1.1.6 Connector in OIM 11.1.2”

  • Paul says:

    How do you have the form pre-populated with the field values when I create the OIM user. I would like to auto-provision to OID.

    Thanks,
    Paul

  • Subhajit says:

    Hi Paul,

    You can configure access policies to auto provision users created in OIM to OID.

    http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/accesspolicies.htm

    Thanks
    Subhajit

  • Priya says:

    Hi,
    You did a great job for compiling such a useful info.
    For Integrating OIM with OID i ‘ve followed the above steps
    while running the OID Connector Group Lookup Reconciliation task
    I am getting this error
    org.identityconnectors.framework.common.exceptions.ConfigurationException: Bundle oimjar://local:0ldapbp.jar is missing required attribute ‘ConnectorBundle-FrameworkVersion’.

    could you please suggest… I ‘ve followed the exact sequence mentioned above, faced no in Installing the Connector software beside doing the Pre & Post installation task of the connector software successfully.

    Really Appreciate the response.

    Thanks
    Priya

  • Subhajit says:

    Hi Priya,

    Thanks for the feedback.
    Have you deployed the connector locally in Oracle Identity Manager or remotely in the Connector Server? Are you using OIM 11.1.2?
    I have not come across this error during the installation. If it persists, let me know and we can have a screen sharing session to troubleshoot.

    Thanks
    Subhajit

    • Priya says:

      Thanks for the kind response.
      It would be wonderful if u could share the screen.
      My gtalk id: priyawithgrace At gmail.com

      The OIM version is : DEV1_OIM
      Oracle Identity Manager
      11.1.1.5.0

      also please see the output of opatch lsinventory as i ‘ve the apply or upgrade OIM during oim config phase.

      Installed Top-level Products (1):

      Oracle IDM Suite 11.1.1.5.0
      There are 1 products installed in this Oracle Home.

      Interim patches (2) :

      Patch 13399365 : applied on Wed Aug 28 15:32:33 IST 2013
      Unique Patch ID: 14530777
      Created on 23 Jan 2012, 07:05:58 hrs PST8PDT
      Bugs fixed:
      12540787, 12368148, 12405292, 13086296, 12682244, 13044552, 13037620
      12588915, 12404850, 12773799, 12954070, 12575525, 11825112, 12424740
      12677786, 13039515, 12821149, 12431891, 13382320, 12410553, 13604466
      12423222, 11892650, 11829837, 12598252, 12588703, 12772785, 12598611
      12326412, 12417890, 12386228, 13597192, 12949542, 13100650, 12732936
      13036545, 13389739, 12950805, 12751739, 13081723, 13527762, 12764550
      12565559, 13329133, 11654973, 11819930, 13592472, 12768049, 13427329
      13431061, 13434761, 13068455, 13535712, 13020180, 11707846, 12696457
      13336792, 12411222, 12423459, 12741980, 13028465, 13543597, 13588816
      12383768, 13403595, 12666800, 11872636, 12341954, 12981413, 13002909
      12379527, 12541466, 12391139, 13051431, 12575907, 12434745, 12999244
      11739399, 12382537, 12598342, 12596811, 12975430, 12575769, 12398549
      10334833, 12544011, 12633678, 11743926, 12933623, 12827416, 10243868
      13585124, 12674329, 12631428, 12859753, 12631284, 13091365, 13147425
      12971157, 12725160, 13111388, 13081748, 13033805, 12831804, 12593775
      12618370, 12812576, 13103878, 12772309, 12747232, 11854508, 13565319
      12763347, 12417344, 12969174, 13524234, 12359653, 12889631, 11900767
      12400823, 13003941, 13557376, 10384392, 12554155, 12812650, 11799942
      12406131, 12912088, 12836681, 13097769, 12701216, 12985214, 12340456
      12825610, 12406067, 12314652, 12642658, 12639144, 12879878, 13068916
      13114952, 13371220, 12401127, 12592623, 13413384, 13069860, 12625311
      13508784, 12530568, 13524244, 12738645, 12767355, 12559682, 12726059
      12847832, 12873494, 12414168, 12997747, 13062532, 12742671, 12412498
      13064353, 12628376, 12404692, 12967733, 13336323, 11769948, 12934099
      12802475, 13051254, 13500229, 13055399, 12530214, 12625614, 12912249
      12885224, 13087153, 12554175, 12701887, 12539512, 12855863, 12672613
      12672257, 12414179, 12729119, 12959505, 13361981, 12537557, 11872604
      13455644, 13553478, 12606602, 12824041, 13064725, 12682458, 12766139
      12697880, 12625336, 12701963, 12543188, 13030860, 12933881

      Patch 12733108 : applied on Mon Aug 05 19:46:04 IST 2013
      Unique Patch ID: 14137824
      Created on 28 Aug 2011, 08:34:40 hrs PST8PDT
      Bugs fixed:
      12390907, 12576767, 10094601, 12631787, 12641759, 12545547, 12424280
      12538294, 12424541, 12690463, 12433283, 12433268, 12646546, 12423833
      12733108, 12413677, 12529649, 12631721, 12396357, 12433297, 12690914
      12416670, 12401705, 12588136, 12427438, 12434387, 12591938, 12688879
      12551922, 12601409, 12573315

      ——————————————–

      Thanks!
      Priya

    • Priya says:

      I ‘ve deployed the connector locally in the IDM server.

      Thanks
      Priya

  • Priya says:

    Hi,

    I ‘ve been waiting to hear from you on this issue. as am unable to get past the error.

    I ‘ve tried variuos configuratins options for it to work but to no avail.

    Also if Configuration Lookup parameter value set to: Lookup.LDAP.OID.Configuration or Lookup.LDAP.OID.Configuration.trusted
    than getting this error

    oracle.iam.connectors.icfcommon.exceptions.OIMException: Thor.API.Exceptions.tcInvalidLookupException

    OR From this Value Configuration Lookup: Lookup.OID.Configuration

    I am getting the Earlier Error that i ‘ve posted.

    Also there is no errors in the Admin & oim and oid log files

    Any suggestions from u would be more than welcome.

    Waiting to hear from you.

    Thanks
    Priya

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>