IOM and OAM

Hello


I would like to install a server with a solution IMO + the solution of the OAS.
We are on the AIX 5.3 platform.



From the download page, we have CDs to IOM: Oracle and Oracle Identity Federation identity management Infrastructure
But what is the OAM installation. (* Oracle Access Manager * OR Oracle Access Manager-3rd party integration)



Oracle Access Manager is not scheduled to AIX.
So, the only way is to use OAM - 3rd party integration. Right?

Thank you
Den

Access Manager (10.1.4.2) is not supported on Aix. The integration of the thrid group is just for webgate or webpass. I think it has been supported on Aix (I just downloaded oblix 7 SDK access server because we need a custom solution on Aix for webgate)...

Tags: Fusion Middleware

Similar Questions

  • Benefits of IOM and OAM...

    Hello friends...

    I am new to IOM and OAM but I know java and Struts. If I decided to learn the OIM/OAM then what will be the future scope of these technologies for me. And what I'm going to work. Currently to work as a Java developer and ready to learn IOM and OAM.

    Please know me if anyone knows...


    Thanks and greetings
    DB

    This is my understanding of how the products relate to each other:

    Oracle Identity Management is not a real product, it's a generic term, Oracle use to describe products Oracle Identity and Access Management. Please take a look at the link below:

    http://www.Oracle.com/technology/products/id_mgmt/index.html

    Oracle Identity Manager and Oracle Access Manager are separate products.

    Oracle Identity Manager is a product of commissioning and compliance formerly Xellerate Identity Manager of Thor.

    Oracle Access Manager is a product of access and authentication used to fix and providing single sign-on to web-based applications.

    Both products have other features in addition to what is described above some of these overlap of features such as workflows, user self service and password.

    I hope this helps.

  • WLST Script to create the domain weblogic for IOM and OAM

    Hello

    I intend to set up PS3 IOM - OAM in the new environment. We intend to perform the installation in silent mode. Does anyone have example WLST to create the domain weblogic for IOM or OAM?

    Thank you

    Here is an example of OUD. I post this one since it's the simplest and shortest, but it is the same for OAM and IOM except that the script is much longer because they ask a lot more questions. You will need to export the variables used or replace them with the appropriate values for your system.

    wait-<>

    the value of timeout 600

    spawn ${OUD_BASE}/${WLS_NAME}/common/bin/config.sh mode = console

    # Create a WebLogic domain

    wait {}

    {"Enter the index number to select GOLD *" {send "1\n"}}

    # Choose the components of the Weblogic Platform

    wait {}

    {"Enter the index number to select GOLD *" {send "1\n"}}

    # | ___Oracle directory Services Manager - 11.1.2.3.0 [Oracle_OUD1] [3]

    wait {}

    {"Enter number exactly as it appears in the media *" {send "3\n"}}

    wait {}

    {"Enter number exactly as it appears in the media *" {send "n"}}

    # Change the domain information

    wait {}

    "" Enter the value of * "{send" ${OUD_DOMAIN_NAME} \n "}}"

    wait {}

    {"Enter the number of the option to select GOLD *" {send "n\n"}}

    # Select the target area for this domain directory

    wait {}

    {'Enter' new target location GOLD * {send "${OUD_BASE} / user_projects/domains\n"}}

    wait {}

    {'Enter' new target location GOLD * {send "n\n"}}

    # Configure password and username administrator

    wait {}

    {"Enter the number of the option to select GOLD *" {send "2\n"}}

    wait {}

    "" Enter new * "{send" ${WLS_PASS} \n "}}"

    wait {}

    {"Enter the number of the option to select GOLD *" {send "3\n"}}

    wait {}

    "" Enter new * "{send" ${WLS_PASS} \n "}}"

    wait {}

    {"Enter the number of the option to select GOLD *" {send "n\n"}}

    # Configuration mode field-> 1 | Development mode

    wait {}

    {"Enter the index number to select GOLD *" {send "1\n"}}

    # Java SDK selection

    wait {}

    {"Enter the index number to select GOLD *" {send "2\n"}}

    wait {}

    {'Enter' new JVM Directory GOLD * {send "${JAVA_HOME} \n"}}

    wait {}

    {'Enter' new JVM Directory GOLD * {send "n\n"}}

    # Select Optional Configuration

    wait {}

    {"Enter the index number to select GOLD *" {send "1\n"}}

    wait {}

    {"Enter the index number to select GOLD *" {send "n"}}

    # Configure the Administration Server

    # Change "Listen port.

    wait {}

    {"Enter the number of the option to select GOLD *" {send "3\n"}}

    wait {}

    "" Enter the value of * "{send" ${ODSM_PORT} \n "}}"

    # Change 'SSL enabled.

    wait {}

    {"Enter the number of the option to select GOLD *" {send "4\n"}}

    wait {}

    {"Enter the index number to select GOLD *" {send "1\n"}}

    # Change 'SSL listening Port.

    wait {}

    {"Enter the number of the option to select GOLD *" {send "4\n"}}

    wait {}

    "" Enter the value of * "{send" ${ODSM_SPORT} \n "}}"

    # Then

    wait {}

    {"Enter the number of the option to select GOLD *" {send "n\n"}}

    # wait for install

    wait {}

    {"Successfully created * field *" {send "\n"}}

    EXPRESSIONS OF FOLKLORE

  • Federation and OAM 11 g R2

    We currently have IOM and OAM 11 g R1 installed. Our migration path is as well to the OIF. I read in OAM 11 g R2 documentation that OIF is now a service of OAM. Is this true? With R1, I configured hosts for OIF, so now I guess I didn't need. In the Federation we only act as a service provider for federated partners.

    If you only need the capabilities of the service provider, then you can use Service of Federation which is delivered in 11 GR 2 OAM.

    If you need to the ability to the identity provider then you must separate OIF

    hope this helps

  • difference between the roles of the IOM and the default roles

    Hello

    I would like to know what is the difference between the roles of the IOM and the default roles.

    Thank you

    I forget which, but one of the categories will not be charged in the catalog for available roles apply.

    -Kevim

  • OVD and OAM 11 GR 2

    Hello

    It seems that OVD did not in identity management, Oracle Fusion Middleware 11 g 2 release. The latest version is always one that is provided in the version of 11 GR 1 Oracle Fusion Middleware Identity Management matter. Is this correct?

    If so, I have a deployment of Oracle 11 g 2 Access Manager, which I would like to integrate with TPM. This means I have to deploy an another entire WebLogic domain for the release of 11 GR 1 Oracle Fusion Middleware Identity Management matter? Or is it possible to install version 11 GR 1 matter of TPM in the instance of 11 GR 2 somehow I already have?

    -Jim

    Yes, the latest version of OVD's 11.1.1.6 (11g R1). You can use this version with OAM 11 GR 2.

    OVD 11.1.1.6 use WebLogic 10.3.6 and OAM 11 g R2 also uses the same version of weblogic. Please let me know if you are on a different version of WLS.

    According to best practices, try to keep the OAM and OVD in distinct areas of WLS.

  • In what concerns the Elimination of roles in the Administration of IOM and Console user

    Hello

    Administration of IOM and Console user, I created a user, role, rule. Now I'm trying to delete a role and a rule. IM able to remove the rule element in the console design, but not able to remove Rule.At time when I tried to remove the role that it displays "cannot remove role because he has already exixsting relationship '.

    Please suggest how to remove the role as rule.

    On the ruler, click on the use tab, if something exists, then find the role and deleting the membership are entrusted to him. Now, the use must be empty, and you can remove it.

    -Kevin

  • IOM and OAAM 11g changing Password Integration

    After completing the integration IOM and OAAM, when I connect to IOM and then navigate to the profile > Security > change password I get redirected to the login page OAAM, but I receive an error message stating "sorry, the ID you entered is not recognized. Please try again. »

    I found the following error in the oaam_server_server1 - diagnostic.log. It seems that OAAM trying to make a back-end call to the /bea_wls_internal, but it's using the host name virtual sso.mycompany.com. I do not set up this context on the host virtual sso and it does not seem right to do so. Does anyone have an idea what is happening here? I think that he should ask bea_wls_internal to an internal host name and not the external virtual host.

    [2010-10-20 T 09: 34:46.242 - 05:00] [oaam_server_server1] [ERROR] [] [oracle.oaam] [tid: [ASSETS].] [ExecuteThread: '0' for the queue: "(self-adjusting) weblogic.kernel.Default"] [username: < anonymous >] [ecid: 004 ^ kpFaP600zkWFLzuHOA00024w00010b, 0:1] [APP: oaam_server #11.1.1.3.0] [URI: /oaam_server/oimChangePassword.jsp] error loading instance plugin for className = com.bharosa.vcrypt.services.OAAMUserMgmtOIM []
    javax.security.auth.login.LoginException: java.net.ConnectException: https://sso.mycompany.com:4443: Destination unreachable; nested exception is:
    java.io.FileNotFoundException: answer: 404: not found ' URL: ' https://sso.mycompany.com:4443/bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+10.3.3.0+dummy+%0A & rand = 5446459301412305231 .htm & DID = 2048 & HL = 19'; No router available at destination
    at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:194)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
    to javax.security.auth.login.LoginContext.access$ 000 (LoginContext.java:186)
    to javax.security.auth.login.LoginContext$ 4.run(LoginContext.java:683)
    at java.security.AccessController.doPrivileged (Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
    at Thor.API.Security.LoginHandler.weblogicLoginHandler.login (weblogicLoginHandler.java:61)
    at oracle.iam.platform.OIMClient.login(OIMClient.java:134)
    at oracle.iam.platform.OIMClient.login(OIMClient.java:129)
    at com.bharosa.vcrypt.services.OAAMUserMgmtOIM.init(OAAMUserMgmtOIM.java:407)
    to com.bharosa.vcrypt.services.OAAMUserMgmtOIM. < init > (OAAMUserMgmtOIM.java:87)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0 (Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
    at java.lang.Class.newInstance0(Class.java:355)
    at java.lang.Class.newInstance(Class.java:308)
    at com.bharosa.uio.util.UIOUtil.getPlugin(UIOUtil.java:1926)
    at com.bharosa.uio.util.UIOUtil.getPasswordManager(UIOUtil.java:1895)
    at com.bharosa.uio.actions.ChangePasswordAction.bharosaExecute(ChangePasswordAction.java:198)
    at com.bharosa.uio.actions.UIOBaseAction.execute(UIOBaseAction.java:81)
    at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:421)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:226)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
    at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    to weblogic.servlet.internal.StubSecurityHelper$ ServletServiceAction.run (StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
    at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:526)
    at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
    at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1056)
    at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:261)
    at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:388)
    at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:316)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:231)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
    at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    to weblogic.servlet.internal.StubSecurityHelper$ ServletServiceAction.run (StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
    at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:526)
    at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
    at jsp_servlet.__oimchangepassword._jspService(__oimchangepassword.java:71)
    at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
    to weblogic.servlet.internal.StubSecurityHelper$ ServletServiceAction.run (StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.wls.filter.SSOSessionSynchronizationFilter.doFilter(SSOSessionSynchronizationFilter.java:279)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    to weblogic.servlet.internal.WebAppServletContext$ ServletInvocationAction.doIt (WebAppServletContext.java:3684)
    to weblogic.servlet.internal.WebAppServletContext$ ServletInvocationAction.run (WebAppServletContext.java:3650)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

    ]]

    If I set up the context of the bea_wls_internal on the virtual host of sso, I have the followig error:

    [2010-10-20 T 10: 15:02.320 - 05:00] [oaam_server_server1] [ERROR] [] [oracle.oaam] [tid: [ASSETS].] [ExecuteThread: '1' for the queue: "(self-adjusting) weblogic.kernel.Default"] [username: < anonymous >] [ecid: 004 ^ krVaEMv0zkWFLzuHOA0003w3000028, 0:1] [APP: oaam_server #11.1.1.3.0] [URI: /oaam_server/oimChangePassword.jsp] error loading instance plugin for className = com.bharosa.vcrypt.services.OAAMUserMgmtOIM []
    javax.security.auth.login.LoginException: java.net.ConnectException: https://sso.mycompany.com:4443: Destination unreachable; nested exception is:
    java.net.ProtocolException: result not specified - Tunneling is the HTTP server to the host: port and 'sso.mycompany.com': '4443' a WebLogic Server? No router available at destination

    Published by: user582588 on October 20, 2010 08:18

    The property oaam.oim.url in environment OAAM settings control the host name, it should be on your IOM-internal vip, which refers directly to managed servers. Also, make sure you have HTTP Tunneling enabled on your servers IOM managed - you can find the setting under oim_server1 > protocols > HTTP.

  • integration of Shibboleth and OAM

    We strive to integrate Shibboleth OAM, i.e., using Shibboleth for authentication and authorization for .NET applications OAM. I put in place basic OAM for the application and it works very well and wonder if it is possible to integrate Shibboleth and OAM for Shibboleth can support authentication?

    We use Windows 2003 server and OAM version 10.1.4.0.1.

    You need OIF at the top of the OAM then integration with Shibboleth via SAML is easy. With plain OAM, I guess it's possible, but you'll be reinventing the wheel from the OIF

  • OAM: password policy coherence between the Server LDAP and OAM

    Customer has an OAM installed using an LDAP server, say MS - AD 2003, as users, policies, and the configuration data store.

    The customer has configured their LDAP server, password policies claiming for example that the users passwords expire 60 days after they have been fixed and this departure 5 days before they expire, users, at the opening of the session, should be warned that their passwords are about to expire.

    Customer has configured identical policies inside the OAM.

    (A) consider the following sequence:

    Day X: user connects to the 'User Manager' component of OAM in the identity and, through 'My profile' admin console, changes his password.

    Day X + Y (1 < = Y < 55): the user connects to the MS - AD domain and sets its password interfacing directly the LDAP server, outside of OAM (for example: by pressing CTRL-ALT-DEL and invoking 'Change Password' in a field of MS-Windows, MS - AD-controlled).

    Question A.1) day X + 56: user tries to access a web resource protected by OAM: OAM made realize that the user has changed the password recently (through the LDAP server), and that should NOT be notified?

    Question A.2) day X + 61: user tries to access a web resource protected by OAM: OAM made realize that the user changed the password recently (through the LDAP server), and that should NOT be asked to change his or her password again?

    (B) consider the following sequence:

    Day X: user connects to the MS - AD domain and sets its password interfacing directly the LDAP server, outside of OAM (for example: by pressing CTRL-ALT-DEL and invoking 'Change Password' in a field of MS-Windows, MS - AD-controlled).

    Day X + Y (1 < = Y < 55): the user connects to the 'User Manager' component of OAM in the Administration of identity and through 'My profile' console, changes his password.

    Question B.1) day X + 56: the user is trying to connect to the MS - AD domain: MS - AD made realize that the user has changed his password to recently (OAM), and as it should NOT be notified?

    Question B.2) day X + 61: the user is trying to connect to the MS - AD domain: MS - AD made realize that the user has changed his password to recently (OAM), and that should NOT be asked to change his or her password again?



    Kind regards


    Angelo Carugati

    (A) you're done. OAM is not aware of changes in password performed at the entrance to the user if the change does not take place through OAM. There is no good solution because you have two different versions of the truth, even if they are logically equivalent policies with us will tell the expiry of 60 days, apply to the same person. A possible solution is to be synchronized with the attributes that store things password policies in AD (as when the user has changed the password) to the attributes of the political equivalents of associated storage stuff in OAM password (as when the user has changed the password - oblastsomething). I don't know if this synchronization is still possible, but it's an idea. AD and OAM attributes can both live in AD, but they are distinct attributes in separate containers.

    (B) you are ok. AD is aware of the change, and is aware of the change.

  • IOM - Forced OAM of password change signout redirection URL

    Hello

    We have integrated the OAM and IOM 11.1.2.2 using a DCC 11g webgate.

    SignOut IOM correctly goes to the page of disconnection, OAM.  Aclose with the help of IOM forgotten password OI featureM redirects to the OAM login page.

    My problem occurs when a user is forced to change their password at the first login.  Screens of the IOM appears as expected, but after completing the page and clicking on 'Submit', the display shows an error ' ADFC-02017: the value of the url cannot be null or empty.  Logs show SSOAutoLoginHelper: redirect Signout URL: null.

    Change of password is successful, is just the redirect which fails.

    Can someone tell me where the redirect Signout URL must be set?

    Thank you

    Darren

    Thanks for your reply, but it's an integrated OAM and IOM put in place there is no link of password change created by me.

    In my case, that error was because OID obpasswordchangeflag is set to true but that IOM usr_change_pwd_at_next_logon has not been set to 1.

    This because the IOM has been upgraded from a version 10g, who has worked with an OAM 10 g version where all the functionality of password entrusted by OAM 10 g, if no user was never their flag usr_change_pwd_at_next_logon is set.

  • EPUB3 InDesign fixed layout and .oam files

    Were there any progress on that? the help files to:

    http://helpx.Adobe.com/InDesign/using/export-content-EPUB-cc.html

    Say clearly:

    • You can include video, audio and edge animate content (files with extension .oam).

    Yes you can and you can preview them, but they do not appear in iBooks on the iPad. If InDesign epub 3 fixed layouts are to make any impact probably edge animate .oam files should work in?

    Let me know if Miss me something, or how you get them to work on an iPad via iBooks.

    My understanding is the fact that the OAM files do not work on an iPad in iBooks is a bug in the iOS7 software or iBooks for iPad.

    If you view the EPUB3 FLX files in iBooks on a Macintosh in Mavericks (Mac OSX 10.9), the animation of the OAM will play well.

    You could try them in 4 new digital editions on Adobe, which just came out:

    Adobe Digital Editions 4

  • .... Tables of IOM and SOA for new application roles

    Hello experts of the IOM, please help me. I need the list of database tables that updated when we submit the new roles demand. I need the updated tables by SOA and IOM during the presentation of the request and approval.

    Enjoy your great help.

    Thank you

    Published by: Jyothi on October 23, 2012 03:52

    As long as I can remember (may be a few others) is updated tables:
    IOM scheme: req, orc, usg, ugp, usr
    SOA-Infra SCHEMA: WFTASK, WFTASKHISTORY

    Kind regards
    GP

  • OSH and OAM

    OHS 11.1.1.5
    11.1.1.5 OAM

    I am able to protect resources in the folder htdocs OSH by OAM. But there are web pages in the htdocs directory that does not need to be protected by the means of the OAM.

    Thus, I did not define policies for OAM resources. But when I have access to these resources, I get a 404 not found error page. Homepage even to access the OHS is return 404 error.

    http://localhost:7777 /-404 page not found

    Why is this behavior? My 11g indicator a deny on unprotected webgate is enabled. What is the origin of the problem?

    Hi Kestar,

    Yes, it is expected with 11g WebGates behavior (and 10g WebGates with refuse together on not protected). When resources are not included in any policy OAM, then the WebGate said the web server do not allow access. If you want OAM to redirect under these circumstances, then resources need to be in an Application domain and you can then take the action with an authentication (or authorization) success or failure url parameter. An alternative might be to change the behavior of the web server, possibly using directives ErrorDoc.

    I expect the WebGate to query the OAM server to check whether or not the resource is protected, but this happens behind the scenes - not in the http stream. It must be visible in the OAM (server and webgate) newspapers.

    Kind regards
    Colin

  • OID provisioning with IOM and the addition of a custom multivalue attribute

    Hello - I have a class of the custom object that contains an attribute with multiple values (e.g. mymultiattribute1). I wish that this attribute was available on the form of OID process on the UD_OID_USR main form or child form UD_OID_RL. The idea is to have IOM admin add values or update the value of this attribute for example during the OID commissioning of the admin user account IOM should be able to add value1 and the value 2 to this attribute (similar to the role of the OID connector assignment feature). Since this is a multivalued attribute, so I think it must be a form of child? Correct me if I'm wrong.

    Guys please can you me how to configure IOM to achieve? Now that we do not have the cycles to customize the connector (i.e. coding), so we are looking to set up the system of the IOM or use existing functionality of OOTB, maybe configure feature role assignment for our objectclass and attribute in the IOM is the option?

    Thank you

    Additional information on the functionality of role OID which might be useful for your answers :-)

    The table Lookup.OID.Configuration contains the following three parameters which I believe are associated with roles.

    ldapRoleDNprefirx = cn
    ldapRolememberAttr = roleOccupant
    ldapRoleObjectClass = organizationalRole

    The table AttrName.Role.Prov.Map.OID contains the following parameters:

    Role name = cn

    You will need to follow adding attributes to new for commissioning multiple values before you start on to update for Provisioning new multivalued attributes

Maybe you are looking for