1 2 Previous Next 24 Replies Latest reply: Dec 14, 2009 2:46 PM by JadeD Go to original post RSS
      • 15. Re: PrePop Adapter for  "Change Password at next logon" in OIM
        Sunny.Saxena
        See this is a bit different from the pre-populate part. If you want a process task to get invoked if the "Change Password At Next Logon" attribute is updated. Then first of all you need to add this attribute to the lookup- "Lookup.USR_PROCESS_TRIGGERS". Create an entry for the following :


        Code Key - Decode Key

        USR_CHANGE_PWD_AT_NEXT_LOGON - Change password at next Login

        Create a process task in the 'AD User provisioning ' process with the name -"Change password at next Login" as specified above. Map this process task to the adapter with the peice of code above to return the value as '0' or '1'. Simply return the variable from this task to the target field in AD User form.

        You should be done. Also to let you know that the code you have pasted was also appearing as correct. Just put in some loggers to see where it was breaking.

        Thanks

        Sunny

        Edited by: rajsunny on Nov 24, 2009 5:39 PM
        • 16. Re: PrePop Adapter for  "Change Password at next logon" in OIM
          JadeD
          Thanks Sunny !
          Yes, I have the set up exactly the way you described.

          For the code I wrote, it breaks at the moUserUtility.findUsers(userData) call.
          Exception occured while executing returnChangePwdNextLogon.java.lang.NullPointerException

          There is no issue with the input data. User does exist in OIM. As I said earlier, the same code works if I test using a scheduled task !
          I suspect some integration friction while using the code in a process task adapter.

          Any pointer on this error message?

          Note on version details - OIM version: 9.1.0.1862.24, Application Server: Oracle Application Server 10.1.3.3

          Edited by: o.r.c.l on Nov 24, 2009 2:35 PM
          • 17. Re: PrePop Adapter for  "Change Password at next logon" in OIM
            Rajiv Dewan
            Silly but try with findAllUsers API instead of findUsers API.

            Let me know the results.
            • 18. Re: PrePop Adapter for  "Change Password at next logon" in OIM
              JadeD
              Thanks for the suggestion Rajiv! I did try with findAllUsers method - same result (java.lang.NullPointerException)

              This particular field is missing from table 2.5.1.7 User Definition
              http://download.oracle.com/docs/cd/E14049_01/doc.9101/e14066/designconsole.htm#CHDJCCAA

              Is it feasible to fetch the user column through OIM API ?
              • 19. Re: PrePop Adapter for  "Change Password at next logon" in OIM
                695047
                How are you generating the moUserUtility?

                In a scheduled task you have an "automatic" channel back to OIM. In an adapter task you need to create the channel explicitly.

                Hope this helps
                /Martin
                • 20. Re: PrePop Adapter for  "Change Password at next logon" in OIM
                  JadeD
                  Thanks Martin for your input! I have posted the code in the previous page @ Nov 24, 2009 12:14 PM
                  Could you please point out what is missing in the code to communicate back to OIM ?
                  • 21. Re: PrePop Adapter for  "Change Password at next logon" in OIM
                    JadeD
                    I've managed to develop a work around to propagate "Change Password at next logon" from OIM to AD.
                    However, yet to figure out how to reset "Change Password at next logon" attribute in OIM once the user changes password in AD and hence "User must change password at next logon" gets cleared in AD -
                    at this point AD Pwd sync connector (9.1.1) updates OIM with the new password but does not provide any explicit field to track the password change.

                    Here is the work around for OIM to AD update:
                    Since USR_CHANGE_PWD_AT_NEXT_LOGON field is not directly available in process task adapter, you may create a UDF and use it in the process task adapter.
                    Please do make an entry for this UDF in USR_PROCESS_TRIGGERS.

                    This UDF has to be updated as follows:
                    Develop a custom event handler to fetch OIM user's "Users.Change Password At Next Logon" field (USR_CHANGE_PWD_AT_NEXT_LOGON);
                    Value would be either 0 or 1. Then, update the UDF with this value.
                    Attach the event handler in Post Update trigger of Users Data Object Manager Form.

                    Any clue on AD to OIM part ?
                    • 22. Re: PrePop Adapter for  "Change Password at next logon" in OIM
                      527708
                      There is a simpler workaround for the OIM -> AD part.

                      1. Create a trigger and process task for the USR_CHANGE_PWD_AT_NEXT_LOGON field as normal. Since you can't select this field in the adapter mappings, pick and old field.

                      2. Now export the AD User process to xml.

                      3. Edit the exported xml of your process task, and replace the field you picked with USR_CHANGE_PWD_AT_NEXT_LOGON. Update the MAV_MAP_QUALIFIER field as well with a description. Re-import the xml.

                      Now when you look at your adapter mappings in the Design Console, you'll see your description in the drop-down list. This works for any OIM attribute that is missing on the Task Adapter UI.

                      To reset the flag in OIM, we simply made a Post-Update Event Handler on the USR table that resets the flag in OIM whenever it is set. Let AD take care of the forced password change.
                      • 23. Re: PrePop Adapter for  "Change Password at next logon" in OIM
                        JadeD
                        Thanks a ton. Let me test this solution.
                        Could you please clarify - To reset the flag in OIM, we simply made a Post-Update Event Handler on the USR table that resets the flag in OIM whenever it is set.
                        Do you mean to check only for 'ChangePwdNextLogon is enabled' in OIM, then reset on post update event ?
                        If so, won't this operation trigger the process task and reset the flag in AD as well (even if user is yet to change pwd in AD)?

                        Edited by: o.r.c.l on Dec 4, 2009 11:48 AM
                        • 24. Re: PrePop Adapter for  "Change Password at next logon" in OIM
                          JadeD
                          I managed to map USR_CHANGE_PWD_AT_NEXT_LOGON field in the process task (by editing configuration as xml).
                          Now, the open issue is the order of execution of process tasks in AD User provisioning form (detailed below).

                          When you change OIM user pwd with USR_CHANGE_PWD_AT_NEXT_LOGON checkbox enabled, (descending) order of execution of AD User Process Tasks:
                          4.Password Updated
                          3.Change User Password
                          2.User must change password at next logon Updated
                          1.Change Pwd At Next Logon

                          Since "Change User Password" task gets executed AFTER "Change With Pwd At Next Logon" task,
                          the corresponding user pwd gets updated BUT the user must change pwd at next logon field is not enabled in AD.

                          Need to ensure "Change User Password" task gets executed first and then "Change Pwd At Next Logon" task.
                          Tried with Task Dependency configuration between all the above four tasks but in vain.
                          Any suggestion ?
                          1 2 Previous Next