10 Replies Latest reply: Mar 5, 2013 10:42 AM by Gaurav Kumar RSS

    OAM/OIM integration issue

    Presto
      I am not able to get the integration working. I tried running through the proper steps, and when I try -configOAM I get see this error in the Admin Server logs..

      <May 14, 2012 5:46:09 PM CDT> <Error> <oracle.oam.user.identity.provider> <OAMSSA-20047> <No entries were found under the User Search Base : cn with attribute : cn=Users,dc=we,dc=dirsrv,dc=com.>

      And these messages in Automation.log
      May 14, 2012 5:42:34 PM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOAM11gIdStore
      SEVERE: Error while configuring User ID Store {1}

      May 14, 2012 5:42:40 PM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOAM11gFAProperties
      SEVERE: Error while configuring OAM properties



      Any ideas? What a pain.
        • 1. Re: OAM/OIM integration issue
          ColinPurdon-Oracle
          Hello Presto,

          At this point OAM is trying to create/configure an Identity Store, OIMIDStore, with the IDSTORE* parameters that you supplied in the input file for the -configOAM step. Ostensibly, the message means that it cannot find any entries with cn attribute under the searchbase shown (maybe they don't exist, or the bind dn doesn't have read privilieges over that branch, etc). Suggest reviewing these parameters, if they look alright could you post the file here (perhaps with host names scrubbed), and say what your stroe is (eg OID, or OVD frontending an ldap).

          Regards,
          Colin
          • 2. Re: OAM/OIM integration issue
            Presto
            The Bind DN is cn=orcladmin, so I assume it has all the permissions it needs. I used the same props files on a previous environment. I'm running OAM and OIM BP02.

            I did notice that OIMIDStore exists in OAM already, perhaps from a previous attempt? Should I remove it or is it smart enough to deal with that??

            WLSHOST: WLHOST
            WLSPORT: 7001
            WLSADMIN: weblogic
            IDSTORE_HOST: OID HOST
            IDSTORE_PORT: 3060
            IDSTORE_BINDDN: cn=orcladmin
            IDSTORE_USERNAMEATTRIBUTE: cn
            IDSTORE_LOGINATTRIBUTE: uid
            IDSTORE_USERSEARCHBASE: cn=Users...dc=com
            IDSTORE_SEARCHBASE: ...dc=com
            IDSTORE_GROUPSEARCHBASE: cn=Groups...dc=com
            #IDSTORE_OAMSOFTWAREUSER: oamLDAP
            IDSTORE_OAMSOFTWAREUSER: orcladmin
            IDSTORE_OAMADMINUSER: oamadmin
            PRIMARY_OAM_SERVERS: OAM-SERVER-HOST:5575
            WEBGATE_TYPE: ohsWebgate10g
            ACCESS_GATE_ID: Webgate_IDM
            OAM11G_IDM_DOMAIN_OHS_HOST: OHS HOST
            OAM11G_IDM_DOMAIN_OHS_PORT: 80
            OAM11G_IDM_DOMAIN_OHS_PROTOCOL: http
            OAM11G_WG_DENY_ON_NOT_PROTECTED: false
            OAM_TRANSFER_MODE: OPEN
            OAM11G_OAM_SERVER_TRANSFER_MODE: OPEN
            OAM11G_IDM_DOMAIN_LOGOUT_URLS: /console/jsp/common/logout.jsp,/em/targetauth/emaslogout.jsp
            OAM11G_SERVER_LOGIN_ATTRIBUTE: uid
            COOKIE_DOMAIN: COOKIE-DOMAIN
            OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators
            OAM11G_SSO_ONLY_FLAG: false
            OAM11G_OIM_INTEGRATION_REQ: true
            COOKIE_EXPIRY_INTERVAL: 120
            OAM11G_OIM_OHS_URL: OHS URL
            • 3. Re: OAM/OIM integration issue
              ColinPurdon-Oracle
              I would be tempted to remove OIMIDStore and try again, yes. Given that it's created it, it strongly implies that the settings in it work, otherwise it woulldn't have passed the Test Connection (or internal equivalent) test.
              • 4. Re: OAM/OIM integration issue
                Presto
                Removing OIMIDStore did not work.

                Still experiencing issues. This seems to be a pretty buggy process (the integration steps).

                Is editing oam-config.xml directly an option?
                • 5. Re: OAM/OIM integration issue
                  ColinPurdon-Oracle
                  Editing the oam-config.xml would be an option of last resort, but not having seen that particular error during the integration (I have seen a few others) I can't say what the answer is. Can you create OIMIDStore in the /oamconsole with the same parameters that you supply in the input file?

                  Also, do the AdminServer.log or AdminServer-diagnostic.log show anyhting at the time of the failure.

                  Regards,
                  Colin

                  Edited by: ColinPurdon on May 16, 2012 5:55 PM
                  • 6. Re: OAM/OIM integration issue
                    Presto
                    Yes, I can create OIMIDStore with the same params.

                    Here's the only thing I See in the adminserver.out file:


                    <May 14, 2012 5:46:09 PM CDT> <Error> <oracle.oam.user.identity.provider> <OAMSSA-20047> <No entries were found under the User Search Base : cn with attribute : cn=Users,dc=we,dc=dirsrv,dc=com.>

                    Which doesn't make sense, because search base and attribute are flipped in this case. Might just be a coding issue with how they are displaying the log message (switched variables).

                    Either way, there ARE entries under that base with cn attribute. So it doesn't make sense.
                    • 7. Re: OAM/OIM integration issue
                      ColinPurdon-Oracle
                      The error message is garbled, but it is just the way it's displayed (it looks like it's being addressed in a later version). I'm running out of ideas here (perhaps this could be raised as an SR), a last idea is to check that the oamadmin user exists under your user searchbase.

                      Regards,
                      Colin
                      • 8. Re: OAM/OIM integration issue
                        Presto
                        Thanks. I have an open SR on this issue, but haven't made much progress.
                        • 9. Re: OAM/OIM integration issue
                          User761297-Oracle
                          Hi,

                          The below parameter values are case sensitive, change these values to lowercase and try.

                          OAM_TRANSFER_MODE: OPEN
                          OAM11G_OAM_SERVER_TRANSFER_MODE: OPEN

                          Regards
                          Balaji Ketti.
                          • 10. Re: OAM/OIM integration issue
                            Gaurav Kumar
                            Got any replies yet? I am also facing the exact same issue.

                            Regards,
                            Gaurav