Phone and DefenseCoding.com : 2012

Monday, December 31, 2012

How to import and export metadata from OIM MDS

Today I’ll show how to import and export MDS files to remove e-mail notifications on OIM 11G:

1)Go to /u01/oim/oim_home/server/bin

2)Update the WEBLOGIC.properties file as shown below:
=================================================================================
OIM_HOME_ORACLE/WEBLOGIC.properties:

Set the OIM_ORACLE_HOME environment variable to the C:\Oracle\Middleware\Oracle_IDM1\ directory.

# Weblogic Server Name on which OIM application is running

wls_servername=oim_server1

# If you are importing or exporting any out of box event handlers, value is oim.
# For rest of the out of box metadata, value is OIMMetadata.
# If you are importing or exporting any custom data, always use application name as OIMMetadata.

application_name=OIMMetadata

# Directory location from which XML file should be imported.
# Lets say I want to import User.xml and it is in the location /scratc/asmaram/temp/oim/file/User.xml,
# I should give from location value as /scratc/asmaram/temp/oim. Make sure no other files exist
# in this folder or in its sub folders. Import utility tries to recursively import all the files under the
# from location folder. This property is only used by weblogicImportMetadata.sh

metadata_from_loc=/tmp/thiago/from

# Directory location to which XML file should be exported to

metadata_to_loc=/tmp/thiago/to

# For example /file/User.xml to export user entity definition. You can specify multiple xml files as comma separated values.
# This property is only used by weblogicExportMetadata.sh and weblogicDeleteMetadata.sh scripts

metadata_files=/metadata/iam-features-selfservice/event-definition/EventHandlers.xml

=======
3)EXPORT PROCESS
=======

[oracle@ThiagoLeoncio-Server bin]$ ./weblogicExportMetadata.sh

CLASSPATH=/u01/oim/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/oim/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/oim/jrockit-jdk1.6.0_29-R28.2.0-4.0.1/lib/tools.jar:/u01/oim/wlserver_10.3/server/lib/weblogic_sp.jar:/u01/oim/wlserver_10.3/server/lib/weblogic.jar:/u01/oim/modules/features/weblogic.server.modules_10.3.6.0.jar:/u01/oim/wlserver_10.3/server/lib/webservices.jar:/u01/oim/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/u01/oim/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/u01/oim/oim_home/modules/oracle.jps_11.1.1/opss-patch-wlst.jar::/u01/oim/oim_home/oam/server/lib/wlst/foundationconfigapi.jar:/u01/oim/oim_home/oam/server/lib/wlst/oam-wlst.jar:/u01/oim/oim_home/oam/server/lib/wlst/pat.jar:/u01/oim/oim_home/oam/server/lib/wlst/sts-wlst.jar:/u01/oim/oim_home/oam/server/lib/wlst/stsmgmt.jar:/u01/oim/oim_home/oam/server/lib/wlst/sts-common.jar:/u01/oim/oim_home/oam/server/lib/wlst/audit.jar:/u01/oim/oim_home/oam/server/lib/wlst/policy.jar:/u01/oim/oim_home/oam/server/lib/wlst/commons-beanutils-1.8.0.jar:/u01/oim/oim_home/oam/server/lib/jmx/adapter.jar:/u01/oim/oim_home/oam/server/lib/jmx/distributor.jar:/u01/oim/oim_home/oam/server/lib/jmx/oam-rtmbean.jar:/u01/oim/oim_home/oam/server/lib/jmx/axiom-api-1.2.jar:/u01/oim/oim_home/oam/server/lib/jmx/jcl-over-slf4j-1.5.6.jar:/u01/oim/oim_home/oam/server/lib/jmx/:/u01/oim/oim_home/oam/server/lib/jmx/responses.jar:/u01/oim/oim_home/oam/server/lib/jmx/axiom-impl-1.2.jar:/u01/oim/oim_home/oam/server/lib/jmx/journal.jar:/u01/oim/oim_home/oam/server/lib/jmx/slf4j-api-1.5.6.jar:/u01/oim/oim_home/oam/server/lib/jmx/coherence.jar:/u01/oim/oim_home/oam/server/lib/jmx/journal-mapstore.jar:/u01/oim/oim_home/oam/server/lib/jmx/slf4j-jdk14-1.5.6.jar:/u01/oim/oim_home/oam/server/lib/jmx/config.jar:/u01/oim/oim_home/oam/server/lib/jmx/lifecycle.jar:/u01/oim/oim_home/oam/server/lib/jmx/sme.jar:/u01/oim/oim_home/oam/server/lib/jmx/configmgmt.jar:/u01/oim/oim_home/oam/server/lib/jmx/mapstore-coherence.jar:/u01/oim/oim_home/oam/server/lib/jmx/sso.jar:/u01/oim/oim_home/oam/server/lib/jmx/diagnostic.jar:/u01/oim/oim_home/oam/server/lib/jmx/mapstore.jar:/u01/oim/oim_home/oam/server/lib/jmx/tangosol.jar:/u01/oim/oim_home/oam/server/lib/jmx/distributor-coherence.jar:/u01/oim/oim_home/oam/server/lib/jmx/oam-dummy-config.xml:/u01/oim/oim_home/oam/server/lib/jmx/utilities.jar:/u01/oim/oim_home/oam/server/lib/wlst/oam-mgmt.jar:/u01/oim/oim_home/oam/server/lib/wlst/identity-provider.jar:/u01/oim/oim_home/oam/server/lib/wlst/RequestResponse.jar:/u01/oim/oim_home/oam/server/lib/wlst/rreg-server.jar:/u01/oim/oim_home/common/wlst/resources/jps-wlst.jar:/u01/oim/oracle_common/modules/oracle.jrf_11.1.1/jrf-wlstman.jar:/u01/oim/oracle_common/common/wlst/lib/adfscripting.jar:/u01/oim/oracle_common/common/wlst/lib/adf-share-mbeans-wlst.jar:/u01/oim/oracle_common/common/wlst/lib/mdswlst.jar:/u01/oim/oracle_common/common/wlst/resources/auditwlst.jar:/u01/oim/oracle_common/common/wlst/resources/igfwlsthelp.jar:/u01/oim/oracle_common/common/wlst/resources/jps-wlst.jar:/u01/oim/oracle_common/common/wlst/resources/jrf-wlst.jar:/u01/oim/oracle_common/common/wlst/resources/oamap_help.jar:/u01/oim/oracle_common/common/wlst/resources/oamAuthnProvider.jar:/u01/oim/oracle_common/common/wlst/resources/ossoiap_help.jar:/u01/oim/oracle_common/common/wlst/resources/ossoiap.jar:/u01/oim/oracle_common/common/wlst/resources/ovdwlsthelp.jar:/u01/oim/oracle_common/common/wlst/resources/sslconfigwlst.jar:/u01/oim/oracle_common/common/wlst/resources/wsm-wlst.jar:/u01/oim/utils/config/10.3/config-launch.jar::/u01/oim/wlserver_10.3/common/derby/lib/derbynet.jar:/u01/oim/wlserver_10.3/common/derby/lib/derbyclient.jar:/u01/oim/wlserver_10.3/common/derby/lib/derbytools.jar::

Initializing WebLogic Scripting Tool (WLST) …

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Starting export metadata script ….
Connecting to t3://OIM:14000 with userid oim_admin …
Successfully connected to managed Server ‘oim_server1′ that belongs to domain ‘oim_domain’.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

Location changed to custom tree. This is a writable tree with No root.
For more help, use help(custom)

Disconnected from weblogic server: oim_server1
End of export metadata script …

Exiting WebLogic Scripting Tool.

=================================================================================
4)Now, you should have some files exported:

Eg:
/tmp/thiago/to/metadata/iam-features-selfservice/event-definition/EventHandlers.xml

remove this line to disable notifications:

postprocess-handler
class=”oracle.iam.selfservice.uself.uselfmgmt.impl.handlers.create.SelfServiceNotificationHandler”
entity-type=”User”
operation=”CREATE”
name=”SelfServiceNotificationHandler”
order=”1160″
stage=”postprocess”
sync=”TRUE”

Eg2:
/tmp/thiago/to/metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml
remove this line to disable notifications:

postprocess-handler
class=”oracle.iam.passwordmgmt.eventhandlers.PasswordNotificationHandler”
entity-type=”User” operation=”CREATE” name=”PasswordNotificationHandler”
order=”1180″ stage=”postprocess” sync=”TRUE”

then Import these files again as this example below:

========
5)IMPORT PROCESS
========

[oracle@ThiagoLeoncio-Server bin]$ ./weblogicImportMetadata.sh

Initializing WebLogic Scripting Tool (WLST) …

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Starting import metadata script ….
Connecting to t3://OIM:14000 with userid oim_admin …
Successfully connected to managed Server ‘oim_server1′ that belongs to domain ‘oim_domain’.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

Location changed to custom tree. This is a writable tree with No root.
For more help, use help(custom)

Disconnected from weblogic server: oim_server1
End of importing metadata script …

Exiting WebLogic Scripting Tool.

=================================

test you e-mail notifications. If did not work, try to bounce OIM server.

Reference:

http://docs.oracle.com/cd/E14571_01/doc.1111/e14309/utils.htm

Listed below list of customizable OIM MetaData, have fun:
/adf/META-INF/connections.xml
/db/DBUM Lookup reconciliation.xml
/db/DBUM Oracle Target Delete Reconciliation.xml
/db/DBUM Oracle Target Resource User Reconciliation.xml
/db/GTC/ProviderDefinitions/CSVReconFormat.xml
/db/GTC/ProviderDefinitions/Concatenation.xml
/db/GTC/ProviderDefinitions/IsBlankOrNullValidatorProvider.xml
/db/GTC/ProviderDefinitions/IsByteValidatorProvider.xml
/db/GTC/ProviderDefinitions/IsDoubleValidatorProvider.xml
/db/GTC/ProviderDefinitions/IsFloatValidatorProvider.xml
/db/GTC/ProviderDefinitions/IsInRangeValidatorProvider.xml
/db/GTC/ProviderDefinitions/IsIntValidatorProvider.xml
/db/GTC/ProviderDefinitions/IsLongValidatorProvider.xml
/db/GTC/ProviderDefinitions/IsShortValidatorProvider.xml
/db/GTC/ProviderDefinitions/IsValidDateValidatorProvider.xml
/db/GTC/ProviderDefinitions/MatchRegexpValidatorProvider.xml
/db/GTC/ProviderDefinitions/MaxLengthValidatorProvider.xml
/db/GTC/ProviderDefinitions/MinLengthValidatorProvider.xml
/db/GTC/ProviderDefinitions/OnetoOne.xml
/db/GTC/ProviderDefinitions/SPMLProvisioningFormat.xml
/db/GTC/ProviderDefinitions/SharedDriveReconTransport.xml
/db/GTC/ProviderDefinitions/Translation.xml
/db/GTC/ProviderDefinitions/ValidateDateFormat.xml
/db/GTC/ProviderDefinitions/WSProvisioningTransport.xml
/db/GTC/Schema/Providers-def.xsd
/db/GTC/Schema/pstc_spmlv2_core.xsd
/db/LDAPContainerRules.xml
/db/LDAPRole
/db/LDAPRoleHierarchy
/db/LDAPRoleMembership
/db/LDAPUser
/db/Oracle DB User
/db/Oracle DB User_backup
/db/RA_LDAPROLE.xml
/db/RA_LDAPROLEHIERARCHY.xml
/db/RA_LDAPROLEMEMBERSHIP.xml
/db/RA_LDAPUSER.xml
/db/RA_MLS_LDAPROLE.xml
/db/RA_MLS_LDAPUSER.xml
/db/RA_ORACLEDBUSER21.xml
/db/RA_UD_DB_ORA_P.xml
/db/RA_UD_DB_ORA_R.xml
/db/form-metadata/FormMetaData.xml
/db/identity/entity-definition/OIMOrgDataProvider.xml
/db/identity/entity-definition/OIMRoleCategoryDataProvider.xml
/db/identity/entity-definition/OIMRoleDataProvider.xml
/db/identity/entity-definition/OIMRoleGrantRelationProvider.xml
/db/identity/entity-definition/OIMRoleRelationshipRelationProvider.xml
/db/identity/entity-definition/Organization.xml
/db/identity/entity-definition/Role.xml
/db/identity/entity-definition/RoleCategory.xml
/db/identity/entity-definition/RoleRoleRelationship.xml
/db/identity/entity-definition/RoleUserMembership.xml
/db/identity/entity-definition/UserDataProvider.xml
/db/ldapMetadata/EventHandlers.xml
/db/oim-config.xml
/db/task.xml
/file/RECON_USER_OLDSTATE.xml
/file/User.xml
/file/async-messaging.xml
/metadata/iam-features-OIMMigration/EventHandlers.xml
/metadata/iam-features-Scheduler/EventHandlers.xml
/metadata/iam-features-accesspolicy/event-definition/EventHandlers.xml
/metadata/iam-features-asyncwsclient/EventHandlers.xml
/metadata/iam-features-asyncwsclient/plugin.xml
/metadata/iam-features-authzpolicydefn/plugin.xml
/metadata/iam-features-autoroles/event-definition/EventHandlers.xml
/metadata/iam-features-callbacks/CallbackConfiguration.xsd
/metadata/iam-features-callbacks/event_configuration/EventHandlers.xml
/metadata/iam-features-configservice/event-definition/EventHandlers.xml
/metadata/iam-features-configservice/plugin.xml
/metadata/iam-features-identity/IdentityNotificationEvent.xml
/metadata/iam-features-identity/event-definition/EventHandlers.xml
/metadata/iam-features-identity/plugin.xml
/metadata/iam-features-ldap-sync/LDAPContainer.xml
/metadata/iam-features-ldap-sync/LDAPDataProvider.xml
/metadata/iam-features-ldap-sync/LDAPRelationshipProvider.xml
/metadata/iam-features-ldap-sync/LDAPRepository.xml
/metadata/iam-features-ldap-sync/LDAPRole.xml
/metadata/iam-features-ldap-sync/LDAPRoleMembership.xml
/metadata/iam-features-ldap-sync/LDAPUser.xml
/metadata/iam-features-ldap-sync/LDAPUserMembership.xml
/metadata/iam-features-ldap-sync/OVDInstance.xml
/metadata/iam-features-ldap-sync/ReconScheduleTasks.xml
/metadata/iam-features-ldap-sync/plugin.xml
/metadata/iam-features-notification/EventHandlers.xml
/metadata/iam-features-notification/NotificationEvent.xsd
/metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml
/metadata/iam-features-passwordmgmt/notification/ResetPasswordEvent.xml
/metadata/iam-features-reconciliation/ProfileConfig.xsd
/metadata/iam-features-reconciliation/entity-definition/OperationalDB.xml
/metadata/iam-features-reconciliation/entity-definition/RDBMSChildDataProvider.xml
/metadata/iam-features-reconciliation/entity-definition/RDBMSDataProvider.xml
/metadata/iam-features-reconciliation/entity-definition/RDBMSRepository.xml
/metadata/iam-features-reconciliation/entity-definition/RECON_TABLES.xml
/metadata/iam-features-reconciliation/event-definition/EventHandlers.xml
/metadata/iam-features-reconciliation/plugin.xml
/metadata/iam-features-reconciliation/reconconfig.xsd
/metadata/iam-features-request-actions/model-data/CreateUserDataSet.xml
/metadata/iam-features-request/ApprovalCategory.xml
/metadata/iam-features-request/ApprovalProcess.xsd
/metadata/iam-features-request/ReqHistory.xjb
/metadata/iam-features-request/ReqHistory.xsd
/metadata/iam-features-request/RequestDataSet.xjb
/metadata/iam-features-request/RequestDataSet.xsd
/metadata/iam-features-request/RequestDetails.xsd
/metadata/iam-features-request/RequestModel.xjb
/metadata/iam-features-request/RequestModel.xsd
/metadata/iam-features-request/RequestTemplateData.xjb
/metadata/iam-features-request/RequestTemplateData.xsd
/metadata/iam-features-request/event-definition/EventHandlers.xml
/metadata/iam-features-request/notification/BulkRequestCreationEvent.xml
/metadata/iam-features-request/notification/CreateUserEvent.xml
/metadata/iam-features-request/notification/RequestCreationEvent.xml
/metadata/iam-features-request/notification/RequestStatusChangeEvent.xml
/metadata/iam-features-request/plugin.xml
/metadata/iam-features-requestactions/event-definition/EventHandlers.xml
/metadata/iam-features-requestactions/model-data/AssignRolesDataset.xml
/metadata/iam-features-requestactions/model-data/AssignRolesRequest.xml
/metadata/iam-features-requestactions/model-data/CreateRoleDataSet.xml
/metadata/iam-features-requestactions/model-data/CreateRoleRequestModel.xml
/metadata/iam-features-requestactions/model-data/CreateUserDataSet.xml
/metadata/iam-features-requestactions/model-data/CreateUserRequestModel.xml
/metadata/iam-features-requestactions/model-data/DeleteRoleDataSet.xml
/metadata/iam-features-requestactions/model-data/DeleteRoleRequestModel.xml
/metadata/iam-features-requestactions/model-data/DeleteUserDataset.xml
/metadata/iam-features-requestactions/model-data/DeleteUserRequest.xml
/metadata/iam-features-requestactions/model-data/DeprovisionResourceRequest.xml
/metadata/iam-features-requestactions/model-data/DisableProvisionedResourceRequest.xml
/metadata/iam-features-requestactions/model-data/DisableUserDataset.xml
/metadata/iam-features-requestactions/model-data/DisableUserRequest.xml
/metadata/iam-features-requestactions/model-data/EnableProvisionedResourceRequest.xml
/metadata/iam-features-requestactions/model-data/EnableUserDataset.xml
/metadata/iam-features-requestactions/model-data/EnableUserRequest.xml
/metadata/iam-features-requestactions/model-data/ModifyResourceRequest.xml
/metadata/iam-features-requestactions/model-data/ModifyRoleDataSet.xml
/metadata/iam-features-requestactions/model-data/ModifyRoleRequestModel.xml
/metadata/iam-features-requestactions/model-data/ModifyUserDataset.xml
/metadata/iam-features-requestactions/model-data/ModifyUserRequestModel.xml
/metadata/iam-features-requestactions/model-data/ProvisionResourceRequest.xml
/metadata/iam-features-requestactions/model-data/RemoveRolesDataset.xml
/metadata/iam-features-requestactions/model-data/RemoveRolesRequest.xml
/metadata/iam-features-requestactions/model-data/ResourceCommonDataset.xml
/metadata/iam-features-requestactions/model-data/SelfAssignRolesRequest.xml
/metadata/iam-features-requestactions/model-data/SelfCreateUserDataset.xml
/metadata/iam-features-requestactions/model-data/SelfCreateUserRequest.xml
/metadata/iam-features-requestactions/model-data/SelfDeProvisionResourceRequest.xml
/metadata/iam-features-requestactions/model-data/SelfModifyProvisionedResourceRequest.xml
/metadata/iam-features-requestactions/model-data/SelfModifyUserRequest.xml
/metadata/iam-features-requestactions/model-data/SelfProvisionResourceRequest.xml
/metadata/iam-features-requestactions/model-data/SelfRemoveRolesRequest.xml
/metadata/iam-features-requestactions/plugin.xml
/metadata/iam-features-selfservice/event-definition/EventHandlers.xml
/metadata/iam-features-selfservice/notification/AddProxyUser.xml
/metadata/iam-features-selfservice/notification/CreateNewSelfUser.xml
/metadata/iam-features-sil/db/Registration.xml
/metadata/iam-features-sil/db/Registration.xsd
/metadata/iam-features-sil/db/SILConfig.xml
/metadata/iam-features-sod/EventHandlers.xml
/metadata/iam-features-system-configuration/EventHandlers.xml
/metadata/iam-features-system-configuration/plugin.xml
/metadata/iam-features-tasklist/EventHandlers.xml
/metadata/iam-features-tasklist/plugin.xml
/metadata/iam-features-templatefeature/EventHandlers.xml
/metadata/iam-features-transUI/EventHandlers.xml
/metadata/iam-features-transUI/plugin.xml

I hope this helps,
Thiago Leoncio.

Friday, December 7, 2012

JRockit Flight Recorder: Analysis into OAM 11G environment

First Jrockit article I did analysis into OIM environment and we could see java class: com.thortech.xl.scheduler.core.quartz.QuartzSchedulerImpl.scheduleJob was not working properly.

Today I doing some troubleshooting in OAM environment using JROckit Mission COntrol tool. So, let’s follow step-by-step.

First step: I saw one issue into OAM environment and this was throwing stuck threads into WLS AdminServer and OAM Logs during the day.

Second step: Run jrcmd command to collect all information required to do Java analysis into OAM process. Follow one command example:
./jrcmd 17294 start_flightrecording name=OAM-17294 settings=default duration=7200s filename=/tmp/OAM-17294.jfr.gz compress=true
Details:

2.1-17294=> OAM process number.
2.2-start_flightrecording=> command that Mission control will run.
2.3-name.
2.4-settings=> option to use templates during the record process.
2.4.1-Options:

code=>Additional settings for enabling more verbose compiler logging.
default=>Default settings tuned for a very low performance overhead and recommended for always-on production use.
freemem=>Additional settings for debugging out-of-memory and fragmentation problems.
full=>Enables collection of all available events for all subsystems. Warning: This has a very high performance overhead.
io=>Additional settings for enabling more verbose Java I/O logging.
leak=>Additional settings for debugging memory leaks.
locks=>Additional settings for enabling more verbose synchronization logging.
memory=>Additional settings for enabling more verbose GC/memory management logging.
off=>Disables all events for all subsystems.
profile=>Recommended settings for creating a profiling recording. They provide a good balance between the amount of information available and the performance overhead introduced.
sample=>Additional settings for enabling hotspot sampling of code.
semirefs=>Additional settings for debugging problems with java.lang.ref.Reference objects and its subclasses.
2.5-compress=true ==>to compress or not the record file.

3-Third Step: Analysis based on your knowledge related of java and application:

3.1- During the collection time I could see the main problem of OAM was the garbage collection. It was not working properly. Actually
Garbage was working more but heap memory was high. So, I could see problems related of ‘fremem’ so, in my case the command was:
3.1.1- ps -ef |grep oamserver_1 <== get process number of OAM.
3.1.2- ./jrcmd processnumber start_flightrecording name=OAM settings=freemem.jfs duration=7200s filename=/tmp/OAM.jfr.gz compress=true <==start to record JRC file.
other helpful command is:
3.1.3-jrcmd processnumber check_flightrecording <== Check status of Flight recording

Opening this file into Mission COntrol client I could see these 3 important pictures below:

Fig1: As you can see, during the day we had some objects growing and getting the max heap memory allocated. If this was only a memory problem and we just need to add more, ok sounds good. But this was not the case here. As you can see GC is not working properly. You cannot see the blue line working (increasing and decreasing per object clean-up). So, moving forward… Check Fig2 and Fig3.

Fig2: Then another collection day, I could garbage getting stuck because of some objects and then trying to keep working. This behavior means that JVM garbage process was trying to do its work, but some java code was not developed properly.

Fig3:This main picture we could get exactly what are java codes in OAM application were not been clean by GC as well as putting all the server in a bad situation. So, using this analysis we could work and fix the code related and apply a new patch into this environment.

So, basically the problem was related of some SQLs using PreparedStatement. And tangosol(responsible for high performance transactions) IOs. Using this tool I could go directly to the root cause.

Donwnload JRMC: http://www.oracle.com/technetwork/middleware/jrockit/downloads/index.html
Docs and Reference: 1.0- http://docs.oracle.com/cd/E15289_01/index.htm
2.0- http://docs.oracle.com/cd/E15289_01/doc.40/e15070/usingjfr.htm

I hope this helps,
Thiago Leoncio.

Sunday, November 18, 2012

OID 11G: orclMemberof Attribute and how it can improve wls performance

From OID11G and WLS perspective, I want to share with you guys this: Someone asked me thru Oracle Forum last week, I helped him and now I am doing this post to help you:

It’s particular difficult to calculate all of user’s membership in OID(or any LDAP).

1) I did (below) one example into my ldap, search with results for a specific user where I request and receive the value(s) of orclMemberOf.

Note: U will also notice that nested memberships are returned multiple times, once for each group that the user belongs to that is a member of another given group.

So, just be aware of that.

LDAP command line:
[oracle@thiagoleoncioserver bin]$ ./ldapsearch -h thiagoserver.example.com -p 3060 -D cn=orcladmin -w thiagopwd -b “cn=Users,dc=thiagoleoncioserver,dc=oracle,dc=com” -L -s sub -v “uid=thiago.leoncio” memberOf

And expected results:
ldap_open( thiagoserver.example.com , 3060 )

filter pattern: uid=thiago.leoncio

returning: memberOf

filter is: (uid=thiago.leoncio)

dn: uid=thiago.leoncio,cn=users,dc=thiagoleoncioserver,dc=oracle,dc=com

memberof: cn=administrators,cn=groups,dc=example,dc=com
memberof: cn=oaamenvadmingroup,cn=groups,dc=example,dc=com
memberof: cn=groupofgroups,cn=groups,dc=example,dc=com

2)And from performance perspective:
orclMemberOf attribute can speed up authentication into WebLogic and SOA when you have WebLogic’s security framework, by adding it into ‘User Dynamic Group DN attribute’ on authenticator configurations.

I hope this helps,
Thiago Leoncio.

Saturday, November 3, 2012

[Oracle Forms] How to run/Install IE8 on Windows 7

Hello everyone,

Doing the Oracle Forms development and getting stuck with the issues that IE9, 10 and 11 bring on Active-X requirements for Oracle Forms, I decided to write this article only for helping others to no waste time trying to install directly IE8 on Windows 7.

The easiest and the way that really works is this:

Whatever IE version that you have above IE8 is not default in Windows 7. That means if you downgrade the current IE you are going to get the default one - IE8.

So thinking about that to go to the places that most of the sites ask you to go:

Control Panel --> Program and Features --> Turn Windows features on or off --> Uncheck the IE version that you have. This procedure simply don't work because you will not find the IE8 files to install on Windows 7.

The way that works is:

Go to Control Panel --> Program and Features
Select View Installed Updates and this will show you this screen below with a lot of patches and upgrades applied.
Then once you find the current version of IE you have installed - select it and then click Uninstall.
This will ask you to restart your computer.
Once you are back to your Windows 7, click in IE and finally you should see the IE8!!!!

I hope it helps you during your forms(PL-SQL) development. Happy Coding.
Thiago Leoncio.

Friday, November 2, 2012

OIM 11G: Helpful API methods

Today I’ll talk about some new methods available using OIM 11g API.

First java method: How to get any user attribute in OIM.

Fig1: UserAttribute method. With this method you’ll be able to collect any attribute from OIM User.
Source:

public String getUserAttribute(String userName,String getAttribute) throws AccessDeniedException,UserSearchException,NoSuchUserException,UserLookupException, SearchKeyNotUniqueException

{

        UserManager usrService= oimClient.getService(UserManager.class);

        User user = usrService.getDetails("User Login", userName, null); 

        HashMap mapAttrs = user.getAttributes();  

        String temp=(String) mapAttrs.get(getAttribute);

        System.out.println("Output is :" + temp);

  return temp;

}

Example:
If I call ..getUserAttribute(Username, Status);
Expected result:

Second java method: Assign a group to another group.

Fig2: goi.addMemberGroup(groupKey, groupKeytoADD);
Source:

public static void addGroupToGroup(tcGroupOperationsIntf goi, String groupNametoADD, String groupName) throws tcInvalidMemberGroupException,                                                            tcMemberGroupNotFoundException {

         long groupKeytoADD = getGroupKey(goi, groupNametoADD);

         long groupKey = getGroupKey(goi, groupName);

         if (groupKeytoADD == -1L || groupKey == -1L) {

                 System.out.println("Error adding user to group");

                 return;

         }

         try {

                 goi.addMemberGroup(groupKey, groupKeytoADD);

                 System.out.println("Added Group " + groupName + " to group "+ groupKeytoADD);

         } catch (tcAPIException e) {

                 logger.info(""+e.toString());

         } catch (tcGroupNotFoundException e) {

                 logger.info(""+e.toString());

         }         

 }

You can use these methods into an adapter or any client Java class. Just be aware of the different ways to call tcDataProvider or oimClient.login(OIMUserName,OIMPassword.toCharArray());

In a Java client:
1-You should create a ‘void static main method’.
2-Include this class into your manifest file and deploy as jar.
3-To Run you’ll need these helpful steps(3.0-based on first method above and sending arguments as args[0] and args[1] on ‘static void main method’):
3.1- java -jar yourjarfile.jar username attribute
3.2-If you need to import one lib: java –classpath oimclient.jar jar yourjarfile.jar username attribute
3.2-If you need to import more than one lib: java -cp $CLASSPATH:yourjarfile.jar username attribute
Using: $CLASSPATH=.:./lib/oimclient.jar:./lib/iam-platform-auth-client.jar:./lib/iam-platform-utils.jar:./lib/iam-platform-context.jar

Using tcDataProvider:
1-Add as part of ‘IN’ variables on your OIM adapter.
2-Using DataSet or request from constructor method(tcDataProvider _tcDataPro)

I hope this helps,
Thiago Leoncio.

Phone and DefenseCoding.com

Monday, December 31, 2012

How to import and export metadata from OIM MDS

Friday, December 7, 2012

JRockit Flight Recorder: Analysis into OAM 11G environment

Sunday, November 18, 2012

OID 11G: orclMemberof Attribute and how it can improve wls performance

Saturday, November 3, 2012

[Oracle Forms] How to run/Install IE8 on Windows 7

Friday, November 2, 2012

OIM 11G: Helpful API methods

About Me

Popular Posts