7 Replies Latest reply on Jan 29, 2016 9:49 AM by Abhishek Singh 'J_IDM'

    Can not remove UDF

    quanns

      Hi all,

      After create sanbox and create an UDF as an attribute of user entity in OIM, I deleted the sandbox without publishing or exporting and now I got some problems with OIM.
      When I tried to create new user, OIM return error like:

       

      <Warning> <oracle.ods.virtualization.exception> <LIBOVD-40077> <Could not add entry.

      javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find sobhxh in mandatory or optional attribute list.]; remaining name 'cn=xuyen xuyenpn,cn=Users,dc=testing'

        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3118)

        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)

        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)

        at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:811)

      ....

      <Error> <oracle.iam.platform.entitymgr.provider.ldap> <BEA-000000> <An error occurred while creating the entity in LDAP, and the corresponding error is - {0}

      javax.naming.directory.SchemaViolationException: Error: OBJECTCLASS_VIOLATION

      LDAP Error 65 : [LDAP: error code 65 - Failed to find sobhxh in mandatory or optional attribute list.] [Root exception is oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 65 : [LDAP: error code 65 - Failed to find sobhxh in mandatory or optional attribute list.]]

        at oracle.ods.virtualization.jndi.OVDUtil.mapErrorCode(OVDUtil.java:182)

       

      <Error> <oracle.iam> <BEA-000000> < Return Value is of Type 'String'. Please Check CatalogAM.xml.xml in MDS Dump Which May Be Missing Refferences.>

      <Warning> <oracle.adf.controller.faces.lifecycle.Utils> <BEA-000000> <ADF: Adding the following JSF error message: IAM-3010004 : An error occurred while deleting LDAP user in the compensate stage.

      oracle.iam.ui.platform.exception.OIMRuntimeException: IAM-3010004 : An error occurred while deleting LDAP user in the compensate stage.

        at oracle.iam.ui.platform.exception.OIMErrorHandler.reportServiceException(OIMErrorHandler.java:178)

        at oracle.iam.ui.platform.exception.OIMErrorHandler.reportException(OIMErrorHandler.java:66)

        at oracle.adf.model.binding.DCDataControl.reportException(DCDataControl.java:413)

       

      I think that if I didn't publish my sandbox, there are no changes in my OIM system. But now the new attribute 'sobhxh' is still be appeared in OIM. I tried to create new sandbox and find this attribute in user entity of OIM, but I couldn't find it.

      So how can I remove this attribute in my system?

      My OIM version is 11.1.2.3.0.

      Thanks and sorry for my bad English,

        • 1. Re: Can not remove UDF
          Abhishek Singh 'J_IDM'

          Once the UDF is created, you can not remove as per my understanding.

           

          Regarding your error, the error is due to target LDAP instance.

           

          sobhxh : LDAP: error code 65 - Failed to find sobhxh in mandatory or optional attribute list


          Have you added 'sobhxh' in your target LDAP instance?


          You can add custom object classes and custom attributes while creating a new user by adding the custom attributes as user-defined fields (UDFs) in Oracle Identity Manager as well as to the LDAPUser.xml in MDS. As a prerequisite, the custom object class with one or more attributes must be created and loaded into OID.

          To add custom attributes as UDFs in Oracle Identity Manager and LDAPUser.xml in MDS:

          1. Add the custom attributes to the user attributes in Oracle Identity Manager, as described in "Creating a Custom Attribute" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager.
          2. Export the /metadata/iam-features-ldap-sync/LDAPUser.xml metadata file from the repository, as described in "Migrating User Modifiable Metadata Files" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.
          3. Update the LDAPUser.xml file to add the custom attribute1 custom attribute and customObjectClass custom object class.
          4. To add additional object classes on 'create', edit LDAPUser.xml and add additional <value> entries to the <parameter name="objectclass"> node. For example:
            <parameter name="objectclass"> <value>orclIDXPerson</value> <value>customObjectClass</value> </parameter>

          http://docs.oracle.com/cd/E37115_01/integration.1112/e27123/oid_oim.htm#IDMIG31450

          • 2. Re: Can not remove UDF
            quanns

            Hi Abhishek,

            Thank for your reply, but I'm still doubting that why my UDF is created while I didn't published any sandboxes?
            And in OIM, there are no attribute named sobhxh in User Entity's attributes list.

            • 3. Re: Can not remove UDF
              Abhishek Singh 'J_IDM'

              Since R2, the UDF creation involves two steps internally: 1st it makes it visible in UDF GUI page via Sandbox changes + it creates a column in USR table with the same name as UDF.

              If you just create and wont publish the UDF, then from GUI, you can not see it, but in USR table the entry will be created even without publishing the sandbox. So its always recommended to take a DB backup before start working on UDF. So that you can rollback the DB instance in case of any issue.

               

              In your case also, you should be able to see the UDF entry in USR table.

               

              Regarding your error, do you have LDAP Sync  enabled or using OID connector? I

              Just login to OID/OVD odsm console, search for sobhxh attribute. This attribute must be created in OID as a mandatory attribute, thats why your provisioning is getting failed.

               

               

              ~J

              • 4. Re: Can not remove UDF
                2899365

                Hi,

                 

                If you have not published the sandbox, you can export the sandbox and check if the UDF(attribute) is present in the UserVO.xml.

                 

                If it is present you can remove the entry (UDF) and re-import the sandbox.

                 

                Please take a DB backup before publishing the sandbox.

                 

                Cheers!

                • 5. Re: Can not remove UDF
                  quanns

                  Thanks Abhishek,

                   

                  I didn't take a backup my DB before start working on UDF. I've found that new column named 'USR_UDF_SOBHXH' is created in table USR.

                  I'm using LDAP Sync between my OID server and OIM server. And there are no attribute named 'sobhxh' in any OID's object class. So if I create new attribute named 'sobhxh' in OID for object class which is granted to users, will the error be solved? Can I remove the column 'USR_UDF_SOBHXH' directly in my DB?

                  • 6. Re: Can not remove UDF
                    quanns

                    I haven't published the sandbox but I have deleted it so I cant export it now. And I haven't taken a backup for my DB also.

                    • 7. Re: Can not remove UDF
                      Abhishek Singh 'J_IDM'

                      Removing USR_UDF_SOBHXH directly in DB is not recommended as there are many places where this column reference must be used.You may end up with corrupting your whole system.

                       

                      Try it: You can open/export /metadata/iam-features-ldap-sync/LDAPUser.xml metadata file and try to search 'USR_UDF_SOBHXH ' in the file. If you see any entry, then you can delete the reference of USR_UDF_SOBHXH  and re-import the modified XML back to MDS. This should solve your issue.

                       

                      Always take the filesystem/DB backup before working on any customization.

                       

                      ~J