5 Replies Latest reply: Nov 21, 2012 7:45 AM by Kevin Pinsky RSS

    How to  lock AD Account by Using OIM JAVA API.

    ruzz
      Hi All,

      I am using OIM 11.1.1.5 . I am new in OIM development.
      I am exploring the operation on OIM in java web service by using OIM java API.
      I am able to perform CURD operation in OIM by using OIM java API.

      OIM to AD


      Now, I want to lock and unlock the AD account by using OIM java API.

      Anyone, who had implemented this operation can share the step.

      What are the step i need to follow and which OIM java API i have to call.

      And any setting i need to required in OIM side. Please let me know.


      Thanks
      Ravi
        • 1. Re: How to  lock AD Account by Using OIM JAVA API.
          Kevin Pinsky
          Assuming your workflow is configured to already allow Enable and Disable, you can use this API:

          tcUserOperationsIntf.disableAppForUser(long plUserKey, long plObjectInstanceForUserKey)

          You can also return a response code that triggers disable, or other options. What are your requirements?

          -Kevin
          • 2. Re: How to  lock AD Account by Using OIM JAVA API.
            ruzz
            thanks for the reply kevin,

            My requirement is :

            All AD user are sync in OIM, Now i am able to look all user attributes in OIM that exist in AD.

            Now i am creating provisioning java service to provision user. Through this provisioning java service, i am giving call to OIM.
            What i need to do is that if i am giving call to lock OIM user, it should lock user in OIM as well as in AD .
            So, what are the steps i need to do.

            What configuration i need to do and which OIM API i need to call for lock and unlock user in OIM to AD

            Do you have any sample code or any OIM blog, where each and every step is mention that i can help me.

            Till now what i have done is that i have created connection in OIM and able to do the CURD operation in OIM by using java provisioning service.


            Thanks
            Ravi
            • 3. Re: How to  lock AD Account by Using OIM JAVA API.
              Kevin Pinsky
              So here's what i'll assume. The only thing you have to start with is the user login.

              You can use the following:

              UserManager usermgr = Platform.getService(UserManager.class);
              usermgr.lock(userID, true, true);

              You have two option now. You can use the Lookup.USR_PROCESS_TRIGGERS and add an entry for USR_LOCKED. I don't know off hand if there is a default adapter for Lock/Unlock rather than Enable/Disable but you can check in your instance. If this does exist, on your task that triggers on the Change User Lock (the decode value in the lookup), use this adapter. Otherwise, you willl need to write your own code, or add the attribute to the form and using the ootb expansion of the attributes in the documentation, add this attribute to the modifyable attributes. Just put a check in your code if the User Locked value from the user definition is a 1 or 0 before doing the lock or unlock.

              The other option is you can create an event handler that is on the USER object and for the action of LOCK. In your code, you can lookup the user's AD instance, or connect to AD directly here, however you want. You could insert the task into the users existing instance from the above code. It all depends on how you want to do it, but you just need to propagate it one way or another.

              -Kevin
              • 4. Re: How to  lock AD Account by Using OIM JAVA API.
                ruzz
                Thanks for the reply

                Can you please tell me what UserManager interface operations create, delete,changePassword and modify do?

                It only do all this operation in OIM or it also sync into AD . If OIM is connected to AD by using ADConnector. If yes, how does it happen.


                Thanks
                Ravi
                • 5. Re: How to  lock AD Account by Using OIM JAVA API.
                  Kevin Pinsky
                  I understand that you are new to OIM, and I understand you want assistance. However, i refuse to provide you the full how to.

                  OIM is a product that requires you to trial and error your configurations if you ever want to learn the product. You need to put in the effort to attempt to learn some of the basics of the product. There are oracle by examples, as well as connector documentation for installing them.

                  Best of luck to you.

                  -Kevin