Thursday, August 28, 2008

Oracle 10g SSO Integration with E-Biz - Implementation-3

Next step after we are done importing users is to Enable ActiveChgImp profile. This is how we do in IDM version

Access OID administration tool as “orcladmin” super-user. Navigate to “Integration Server” -> “Configuration Set 1”. Select the import profile “ActiveChgImp” and click edit. This should display the profile attributes. Enable the profile and save the modified profile

But in IDM 1.4.2, here are the steps to follow:
Profiles are now managed with the Oracle Directory Integration and Provisioning Server Administration tool ...e.g.. dipassistant -gui
To incorporate these changes into the upgraded OID please do the following:
1. launch the admin tool (dipassistant -gui) and navigate to Connector Group Management and expand the tree. Notice that there are two entries:
- defaultgroup
- configset1
2. Expand configset1 to see the old synchronization profiles.
3. Since a 'profile group' must now be supplied when starting odisrv it is recommended to rename this 'configset' as it will become confusing when starting the server. To rename the profile group:
- highlight configset1 and right click the mouse, then select rename
Give it a new name, for instance: Group1 and click OK
4. The defaultgroup contains NO profiles after the upgrade so one may wish to (re)associate any profiles previously configured and enabled to become part of the default group. To do so:
- expand the Group1
- highlight the profile to be made part of default group, then click Dissociate Profile (you will be prompted to confirm, note that when confirmed it will disappear from the list)
- highlight the defaultgroup and click Associate Profile
- highlight the profile from the list and click Select (the new profile will now appear in the defaultgroup)
NOTE: One MUST always Dissociate a profile before Associating it with a new group.
5. Start the odisrv using the additional grpID flag: For example:
oidctl connect=orcl server=odisrv instance=2 configset=1 flags="host=jdsmith-us port=13060 grpid=defaultgroup debug=63" start

Check the logs under $ORACLE_HOME/ldap/odi/log directory for synchronization errors in “ActiveChgImp.trc” and “ActiveChgImp.aud”

Happy Troubleshooting !!!


Mariana Angelova said...

Hi Sundeep,

How the new EBS users get created in this implementation?

If I activate the AD --> OID synchronzation using: "oidctl connect=orcl server=odisrv instance=2 .."
I can not create a new EBS user as it complains:
"Unabled to call "fnd_ldap_wrapper.create_user due to the following reason: ORA-20001: A user with the given username (&USER &DN) already exists."

Thanks in advance
Kind regards

Sundeep Dubey said...

What kind of provisioning you have defined in profile. It all depends on that.

Mariana Angelova said...

Hi Sundeep,

Do you mean EBS --> OID provisioning? Nothing different from what you've already described in Oracle 10g SSO Integration with E-Biz - Implementation-5:
$FND_TOP/bin/ -script=SetSSOReg

Only profile “ActiveChgImp" for AD --> OID synchronization is enabled as described in your post


Sundeep Dubey said...

yes, but you need to modify those template as per your requirement. I just gave some basic template. Anyways the concept says if you follow something like bidirectional no user creation. In that case you must not encounter this error.