12 Replies Latest reply on Jun 6, 2016 12:47 AM by user8744020

    OIM created user  provision to AD

    3166596

      Hello ,

       

      we are trying to provision user from OIM to AD getting error like :

      I AM-4070002 : Application Instance already created for Resource AD User and Resource Active Directory  .

       

      user provision to AD issue.JPG

      please help us or provide solution for this .

       

      Thanks ,

        • 1. Re: OIM created user  provision to AD
          Anurag Roy

          Hi,

           

          As the name suggests Application Instance is basically a instance of your Resource ,combination of Resource Object(virtual Application) and IT Resource( Target instance details).

          Thus only one application Instance could be created with this combination.

          From the error it is clear that you already have an instance with this combination thus it is not allowing you to create a new instance with same details.

          If you are trying to create another instance you may want to have another target system (IT resource) tied to the Resource.

          Hope this information helps.

           

          Regards,

          Anurag

          • 2. Re: OIM created user  provision to AD
            3166596

            Thanks Anurag ,

             

            I have created user and trying to provision to AD , user form submitted successfully and when i checked in open task , its rejected state . and verified in resource history it shows state : PROVISIONING .....

             

            Tried with multiple user but no luck , Capture.JPG

            • 3. Re: OIM created user  provision to AD
              Anurag Roy

              what is the error message in log?

              • 4. Re: OIM created user  provision to AD
                3166596

                HI ,

                 

                we are observing below errors in logs :

                2016-06-01T03:14:37.063-05:00] [oim_server1] [ERROR] [] [ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 97cdf75ad522a73f:-179be8db:1550af97d83:-8000-00000000000016ae,0] [APP: oim#11.1.2.0.0] oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user[[

                org.identityconnectors.framework.common.exceptions.ConnectorException: java.net.SocketTimeoutException: connect timed out

                at org.identityconnectors.framework.common.exceptions.ConnectorException.wrap(ConnectorException.java:101)

                at org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.<init>(RemoteFrameworkConnection.java:54)

                at org.identityconnectors.framework.impl.api.remote.RemoteConnectorInfoManagerImpl.<init>(RemoteConnectorInfoManagerImpl.java:50)

                at org.identityconnectors.framework.impl.api.ConnectorInfoManagerFactoryImpl.getRemoteManager(ConnectorInfoManagerFactoryImpl.java:94)

                at oracle.iam.connectors.icfcommon.ConnectorFactory.getRemoteConnectorInfoManager(ConnectorFactory.java:243)

                at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:153)

                at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:114)

                at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:123)

                at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.createObject(ICProvisioningManager.java:267)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                016-06-01T03:14:37.063-05:00] [oim_server1] [ERROR] [] [ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 97cdf75ad522a73f:-179be8db:1550af97d83:-8000-00000000000016ae,0] [APP: oim#11.1.2.0.0] oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user[[

                org.identityconnectors.framework.common.exceptions.ConnectorException: java.net.SocketTimeoutException: connect timed out

                at org.identityconnectors.framework.common.exceptions.ConnectorException.wrap(ConnectorException.java:101)

                at org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.<init>(RemoteFrameworkConnection.java:54)

                at org.identityconnectors.framework.impl.api.remote.RemoteConnectorInfoManagerImpl.<init>(RemoteConnectorInfoManagerImpl.java:50)

                at org.identityconnectors.framework.impl.api.ConnectorInfoManagerFactoryImpl.getRemoteManager(ConnectorInfoManagerFactoryImpl.java:94)

                at oracle.iam.connectors.icfcommon.ConnectorFactory.getRemoteConnectorInfoManager(ConnectorFactory.java:243)

                at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:153)

                at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:114)

                at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.init(ICProvisioningManager.java:123)

                at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.createObject(ICProvisioningManager.java:267)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                • 5. Re: OIM created user  provision to AD
                  Animesh Anand

                  Can you please check the connection details in IT resource ?

                  It seems that OIM is not able to connect to the AD.

                  • 6. Re: OIM created user  provision to AD
                    ashwarnIDM

                    Can you check Active Directory IT resource, whether it has got correct AD server details and also check for connector server IT Resource configuration. Make sure connector server is running.

                    If everything is correct then you may need to check firewalls also. Looks like there is connectivity issue.

                     

                     

                    org.identityconnectors.framework.common.exceptions.ConnectorException: java.net.SocketTimeoutException: connect timed out

                     

                    Thanks,

                    Ashwarn

                    • 7. Re: OIM created user  provision to AD
                      Anurag Roy

                      You need to check AD connectivity.

                      Some generic steps to verify connectivity:

                       

                      Step 1: Ping the AD server (This is to verify network connectivity)

                      Step 2: Telnet the AD server (This is to verify Firewall configuration)

                      Step 3: Try ldapbind to the AD server with credential entered in AD IT resource (This is to verify AD credential).

                                    You can use any ldap browser for this step.

                      If above steps works as expected check your connector server if it is running and perform above steps for the connector server machine as well.

                       

                      Regards,

                      Anurag

                      • 8. Re: OIM created user  provision to AD
                        Nitin Natekar

                        Check following things. From an error description  it most likely active directory is not accessible from you OIM server.

                         

                        1.  Check AD host is accessible from your OIM host. You can check it using ping command.

                        2. Check Connector server configuration if it is configured.

                         

                        Regards,

                        Nitin

                        • 9. Re: OIM created user  provision to AD
                          3166596

                          Thanks for your quick response !

                           

                          I have performed all the steps  to verify AD IT resource and connector server config .

                           

                          All schedule jobs are working successfully .

                           

                           

                          But  when created user and trying to provision it went to state : provisioning

                          when i checked in resource history in OIM sysconsole : system validation  failed , then rejected ............below are the logs :

                          <Jun 3, 2016 2:48:04 AM CDT> <Error> <oracle.iam.provisioning.plugins> <BEA-000000> <An error occurred in oracle.iam.provisioning.plugins.AppInstanceDatasetPlugin as application instance name is null.>

                           

                           

                          Running CONCATFIRSTANDLAST

                          Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations

                          Running CONCATFIRSTANDLAST

                          Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations

                          Running CONCATDOMAIN

                          Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations

                          Running CONCATUSERLOGINWITHDOMAIN

                          Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations

                          Running CREATEOBJECT

                          Target Class = oracle.iam.connectors.icfcommon.prov.ICProvisioningManage

                          -----------------

                          <Jun 3, 2016 2:48:07 AM CDT> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER> <BEA-000000> <oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user

                          org.identityconnectors.framework.common.exceptions.ConnectorException: The name operational attribute cannot be null

                                  at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$13.createException(CommonObjectHandlers.java:265)

                                  at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$13.createException(CommonObjectHandlers.java:264)

                                  at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$ThrowableHandler.deserialize(CommonObjectHandlers.java:115)

                                  at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)

                                  at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313)

                                  at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObjectField(BinaryObjectDecoder.java:417)

                                  at org.identityconnectors.framework.impl.serializer.MessageHandlers$5.deserialize(MessageHandlers.java:155)

                                  at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)

                          • 10. Re: OIM created user  provision to AD
                            Nitin Natekar

                            Check following things.

                             

                            1. Check whether user is already exists in AD with unique attribute i.e. samaccountname already exits or not.

                            2. If it is auto provisioning then try to provision user manually by providing all required attributes like OU etc.

                            3. Create user directly in AD with user which you have used to connect to AD in OIM IT Resource. Sometime AD service account doesn't have specific rights (Check per-requistes in AD connector doc )

                            3. At OIM side execute PurgeCache - All or restart OIM manage server.

                             

                            Regards,

                            Nitin Natekar

                            • 11. Re: OIM created user  provision to AD
                              ashwarnIDM

                              Hi,

                               

                              Check if common name and organisation fields are correctly populated. They should not be blank, otherwise provisioning would fail.

                               

                              Thanks,

                              Ashwarn

                              • 12. Re: OIM created user  provision to AD
                                user8744020

                                Hi,


                                org.identityconnectors.framework.common.exceptions.ConnectorException: The name operational attribute cannot be null

                                 

                                Check for the mandatory attributes in the form and make sure you enter some values for those attributes.

                                 

                                If i remember it correctly, Lastname attribute cannot be blank along with some other required attributes for the Active Directory create user to work from OIM.

                                 



                                Thanks