Active Directory Provisioning Failed
Issue:
Error
while creating user [[org.identityconnectors.framework.common.exceptions.ConnectorException:
Unable to get the Directory Entry
Description:
For a user active directory went
into provisioning state due to incorrect OU (organization name). As it was
incorrect the entry of "OU" on process form was not found on AD (target)
and hence the connector exception.
Debugging:
Check the connector server log or
oim_server-diagnotsic.log .Below is the exception found in
oim_server-diagnostic.log
2014-11-17T05:50:16.710-05:00]
[oim_server1] [ERROR] []
[ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER] [tid:
[ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)']
[userId: conpshar] [ecid: d6e7d4656c6e9b24:-660f4884:15110ee21ed:-8000-0000000000010d92,0]
[APP: oim#11.1.2.0.0] [DSID: 0000L4L2Y^bFk38Lnit1iZ1MIVTK000025]
oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject :
Error while creating user[[
org.identityconnectors.framework.common.exceptions.ConnectorException:
Unable to get the Directory Entry
at
org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$13.createException(CommonObjectHandlers.java:265)
at
org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$13.createException(CommonObjectHandlers.java:262)
at
org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$ThrowableHandler.deserialize(CommonObjectHandlers.java:115)
at
org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)
at
org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313)
at
org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObjectField(BinaryObjectDecoder.java:417)
at
org.identityconnectors.framework.impl.serializer.MessageHandlers$5.deserialize(MessageHandlers.java:155)
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)
at
org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313)
at org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.readObject(RemoteFrameworkConnection.java:153)
at
org.identityconnectors.framework.impl.api.remote.RemoteOperationInvocationHandler.invoke(RemoteOperationInvocationHandler.java:101)
at com.sun.proxy.$Proxy616.create(Unknown
Source)
at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at
java.lang.reflect.Method.invoke(Method.java:606)
at
org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:107)
at com.sun.proxy.$Proxy616.create(Unknown
Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:76)
at com.sun.proxy.$Proxy616.create(Unknown
Source)
at
org.identityconnectors.framework.impl.api.AbstractConnectorFacade.create(AbstractConnectorFacade.java:123)
at
oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.createObject(ICProvisioningManager.java:277)
at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at
java.lang.reflect.Method.invoke(Method.java:606)
at
com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCCREATEOBJECT.CREATEOBJECT(adpADIDCCREATEOBJECT.java:109)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCCREATEOBJECT.implementation(adpADIDCCREATEOBJECT.java:54)
at
com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:197)
at
com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2496)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:3382)
at
com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:804)
Solution:
Verify the Organization Unit name across AD's while prepopulating
or while auto provisioning to active directory. Though the OU's are reconciled
from target, they should be correct as we select it from the list that appears,
but many a times while migrating the policies or code that populate the OU
value from one environment to other may have different IT Resource key (e.g. 4 ~OU=ABC, DC=example,
DC=com). ‘4’ is the IT Resource and it could vary environment to environment .So
this might cause an issue.
Apart from this there are other
reasons as well for such exception:
2. Check is AD configuration supports SSL,if it does then configure SSL=true in IT Resource.
No comments:
Post a Comment