several resources configured by the access policy, allow multiple set to no

Similar Questions

• Not able to automatically configure users in the AD via the access policy

  Hello
  I can connect to AD and manually configure a user AD through IOM. Through very well. However, if I use an access strategy to do the same, he's stuck in step 'supply '. All values are identical in shape.
  Any suggestions on why it works manually but not automatically? I have all values including ad server filled my form. Are there additional configuration in the access policy that I'm missing?

  You fill out or have prepops for all the required fields in the form of commissioning?

  Do you have the automatic backup on?

  Best regards
  / Martin

• Resource not available for selection in the access policy

  
  Hello

  I'm working on OIM11g R2 PS2 explore all of the new features available.

  I created a resource COMPUTING (SunONE_Resource) for the provision to users of SunONE (using the connector of the OID ) and got users provisioned it successfully asking for it by the Instance of the Application. Now I want to do it Auto-mis in service. So, I created a single policy role and access. But in step 2 of the access policy where we Julie IT resource, my resource (SunONE_Resource) IT is not visible and is the resource available only: LDAP User. I have selected LDAP user as a resource and create access policy.

  But when I'm allocating the specific role of the user, the user does not have configured my SunONE resource.

  I have run the Task Scheduler to assess access policies manually as well.

  Please help me in this regard.

  Kind regards

  Maryse

  Thanks for your quick response.

  I have fixed the problem. The problem was there 2 political access do the same thing. Thus, the system searches for a system property: XL. AllowAPBasedMultipleAccountProvisioning and it has been set to false.

  So, I changed the settings to another AP who was who collide with mine. Then it worked.

• Notification does not send when supply is triggered by the access policy

  Hello
  
  I implemented a notification when a user is created in the ad. In fact the mail is sent when I set up the resource through the administration interface. I have an access policy that may trigger the commissioning of the AD resource; but in this case, no mail is sent.
  
  What I want to achieve, send an email to someone (not the usermanager nor the plaintiff fields) when the AD account is provisionned. I have put an assignment to a user and check the assignment, but no mail is sent if the resource is supplied via the access policy.
  
  Thanks in advance for your help

  I solved this problem by writing custom process tasks 'send Email Notification on creation of the user'...

  In the Java Code of the adapter, I read the values of the "Mail server", IT resource and my custom message template definition...

  (Using tcITResourceOperationsIntf and tcEmailDefinitionOperationsIntf)

  Then, using the OOTB class in mail.jar and xlDataObjects.jar, I sent the email...

  import com.thortech.xl.dataobj.util.tcEmailNotificationUtil;

  tcEmailNotificationUtil emailNotificationUtil = new tcEmailNotificationUtil (dataProvider);

  emailNotificationUtil.constructEmail (emailTemplateName);

  emailNotificationUtil.sendEmail (toEmailAddress);

  Since simply assigning this task to that specific user sends notification by e-mail to this user, trigger this task 'Send Email Notification on creation of the user' too with the task you want to assign to this user... that is to trigger the two tasks at the same time... It is simply divide (a solution) of the functionality of the original task

• Disable AD account with the access policy

  Hi all
  
  How can I disable AD account with the access policy (or create AD account in the off state)
  
  Kind regards
  Vladimir

  1. when a user is created in the HR system, must create a new IOM account and a new account AD must or must not (according to HR data) be created in AD in the off State

  Can be reached by the access policy but for Disbaled State, you must call turn off the task of the user on the success of Usertask to create in the definition of user AD process

  2. when a user is marked as rejected in the HR system, the AD account if exist, must be deactivated and moved to a special place in the AD tree.

  It can be reached through a custom code JNDI.
  You can move the user to some different containers.
  You can search in OOTB Conector something similar to the user to get around (some adapter)

  3. the same rules will be applied if the IOM account is created or marked as "Rejected" manually by the administrator of the IOM

  Same Setup will work... No need for additional configuration.

• Automatic provisioning using the access policy

  Hi all
  
  I have a resource I would have auto-mis in service to any user who meets the following criteria.
  
  1 UDF1 is a specific value.
  2 UDF2 contains a value.
  
  The only way I know how to do automatic provisioning uses an access that is associated with a group policy. And this group is automatically filled for members using one or more rules. However, I see a limitation with the rules that does not allow my second criteria. You can't have a rule where the value has a wild card. There is no work around for this?
  
  Thank you!

  Three options:

  1 adapter entity that affects the UDF 3rd in a value such as "UDF2 is empty. Change group membership rule to use 3rd UDF.
  2. switch to update the database tables where the rules are stored. Not recommended... but you can get the rules of priority in the speech empty or null.
  2. do not use Group membership rules, get users into groups (many resources). Access policy is based on groups so you don't lose it

• Configuration of the router to allow VPN traffic through

  I would like to ask for assistance with a specific configuration to allow VPN traffic through a router from 1721.

  The network configuration is the following:

  Internet - Cisco 1721 - Cisco PIX 506th - LAN

  Remote clients connect from the internet by using the Cisco VPN client. The 1721 should just pass the packets through to the PIX, which is 192.168.0.2. Inside of the interface of the router is 192.168.0.1.

  The pix was originally configured with a public ip address and has been tested to work well to authenticate VPN connections and passing traffic in the local network. Then, the external ip address was changed to 192.168.0.2 and the router behind.

  The 1721 is configured with an ADSL connection, with fall-over automatic for an asynchronous connection. This configuration does not work well, and in the local network, users have normal internet access. I added lists of access for udp, esp and the traffic of the ahp.

  Cisco VPN clients receive an error indicating that the remote control is not responding.

  I have attached the router for reference, and any help would be greatly apreciated.

  Manual.

  Brian

  For VPN clients reach the PIX to complete their VPN the PIX needs to an address that is accessible from the outside where the customers are. When the PIX was a public address was obviously easy for guests to reach the PIX. When you give the PIX one address private, then he must make a translation. And this becomes a problem if the translation is dynamic.

  You have provided a static translation that is what is needed. But you have restricted the TCP 3389. I don't know why you restricted it in this way. What is supposed to happen for ISAKMP and ESP, AHP traffic? How is it to be translated?

  If there is not a static translation for ISAKMP traffic, ESP and AHP so clients don't know how to reach the server. Which brings me to the question of what the address is configured in the client to the server?

  HTH

  Rick

• Cannot change the access policy (firepower 6.1)

  Hello

  I use the Service Module of firepower on ASA5525 and MC, firepower, the two version 6.1.

  After the upgrade to version 6.1, I can't save any changes on my access policy. I always get a message "error saving data - another operation by another user has prevented this operation. Please try again after some time.
  I am the only on access to the MC, there is no task that is running and I tried to reload the MC, but I got the same error.

  Please, did anyone see that? This could be the cause?

  Thank you.

  I solved the problem by replacing all the objects 'Private network' by 'IPv4-private-All-RFC1918.

• Specific configurations to the access point

  Hi all

  just a matter of an inch...

  If I had a scenario 2 controller with some specific Configurations of the AP, for example AP groups VLAN and a faulty controller, the APs move to the other controller. What the specific config? Assume that the controller configuration (dyn Interfaces lets say) is correct.

  Any hint of welcome

  BR, Michael

  But, do i have to connect and configure every AP to all Controllers in my Netwok and configure the same steps?
  

  If you have more than one controller, you can copy the config of a fully functional config to the new (just change the IP address).  You can also set global one are the primary and the secondary controller.

• How do I divide the values from the cfselect which allows multiple?

  I have a basic form with a drop-down box and a cfselect box which allows the user to select multiples. For each element selected in the cfselect box, I need to fill in a line in the database. How do I "split" the values of the cfselect and fill several lines in the database?

  Found a large sample... and it works fine now... http://KB.Adobe.com/selfservice/viewContent.do?externalId=tn_17007

  
  
  INSERT INTO tContentLinks (ContentID, SubSectionID)
  VALUES (' #Form.ContentID # ', ' #SubSectionID # ')
  
  

• Error in uncheck allow several resource object in the console design

  Hello

  I need to uncheck the allow several object resource into Console design, but operation generates an error, and the change is not applied.

  IOM will be 11 GR 1 material.

  DB read: select distinct ugp.ugp_key, ugp.ugp_name, ugp.ugp_display_name of the PMU PMU, gpg gpg where ugp.ugp_key = gpg.ugp_key and (gpg.gpg_ugp_key (23))
  [2013 03-21 T 06: 24:27.516 - 07:00] [oim_server1] [NOTIFICATION] [] [XELLERATE. PERFORMANCE] [tid: [ASSETS].] [ExecuteThread: '3' for the queue: "(self-adjusting) weblogic.kernel.Default"] [username: xelsysadm] [ecid: 91039ee4d5030ad9:6a4e2a3a:13d88717e95 :-8000-0000000000005521,0] [APP: IOM #11.1.1.3.0] query: DB: LOAD 0: 0, TOTAL: 0
  [2013 03-21 T 06: 24:27.516 - 07:00] [oim_server1] [NOTIFICATION] [] [XELLERATE. DATABASE] [tid: [ASSETS].] [ExecuteThread: '3' for the queue: "(self-adjusting) weblogic.kernel.Default"] [userId: xelsysadm] [ecid: 91039ee4d5030ad9:6a4e2a3a:13d88717e95 :-8000-0000000000005521,0] [APP: #11.1.1.3.0 IOM] DB read: SELECT count (*) as count of oug WHERE obj_key = 7 and (ugp_key in (1,5,6,7,8,9,10,11,12,13,14,15,16,17,18,20,21,22,23)) and oug_write = '1'
  [2013 03-21 T 06: 24:27.517 - 07:00] [oim_server1] [NOTIFICATION] [] [XELLERATE. PERFORMANCE] [tid: [ASSETS].] [ExecuteThread: '3' for the queue: "(self-adjusting) weblogic.kernel.Default"] [username: xelsysadm] [ecid: 91039ee4d5030ad9:6a4e2a3a:13d88717e95 :-8000-0000000000005521,0] [APP: IOM #11.1.1.3.0] query: DB: LOAD 0: 0, TOTAL: 0
  [2013 03-21 T 06: 24:27.517 - 07:00] [oim_server1] [NOTIFICATION] [] [XELLERATE. DATABASE] [tid: [ASSETS].] [ExecuteThread: '3' for the queue: "(self-adjusting) weblogic.kernel.Default"] [userId: xelsysadm] [ecid: 91039ee4d5030ad9:6a4e2a3a:13d88717e95 :-8000-0000000000005521,0] [APP: #11.1.1.3.0 IOM] DB read: select evt.evt_key, evt.evt_name, evt.evt_package dob dob, evt evt, dvt dvt where dob.dob_key = dvt.dob_key and dvt.evt_key = evt.evt_key and (dob.dob_name = 'com.thortech.xl.dataobj.tcOBJ' or dob.dob_name = dob.dob_name = 'com.thortech.xl.dataobj.tcDataObj' or 'com.thortech.xl.dataobj.tcTableDataObj') and dvt.dvt_pre_update_sequence > 0 by dvt.dvt_pre_update_sequence order
  [2013 03-21 T 06: 24:27.518 - 07:00] [oim_server1] [NOTIFICATION] [] [XELLERATE. PERFORMANCE] [tid: [ASSETS].] [ExecuteThread: '3' for the queue: "(self-adjusting) weblogic.kernel.Default"] [userId: xelsysadm] [ecid: 91039ee4d5030ad9:6a4e2a3a:13d88717e95 :-8000-0000000000005521,0] [APP: IOM #11.1.1.3.0] query: DB: 1, LOAD: 0, TOTAL: 1
  [2013 03-21 T 06: 24:27.518 - 07:00] [oim_server1] [ERROR] [] [XELLERATE. SERVER] [tid: [ASSETS].] [ExecuteThread: '3' for the queue: "(self-adjusting) weblogic.kernel.Default"] [userId: xelsysadm] [ecid: 91039ee4d5030ad9:6a4e2a3a:13d88717e95 :-8000-0000000000005521,0] [APP: IOM #11.1.1.3.0] class/method: tcDataObj/save error: failed to update data
  [2013 03-21 T 06: 24:27.518 - 07:00] [oim_server1] [NOTIFICATION] [] [XELLERATE. DATABASE] [tid: [ASSETS].] [ExecuteThread: '3' for the queue: "(self-adjusting) weblogic.kernel.Default"] [userId: xelsysadm] [ecid: 91039ee4d5030ad9:6a4e2a3a:13d88717e95 :-8000-0000000000005521,0] [APP: #11.1.1.3.0 IOM] DB read: select err_key, err_code, err_desc, err_rowver, err_remedy, err_count, err_last_occurance, err_action, err_help_url, err_severity of err where err_code ='DOBJ. UPDATE_FAILED'
  [2013 03-21 T 06: 24:27.519 - 07:00] [oim_server1] [NOTIFICATION] [] [XELLERATE. PERFORMANCE] [tid: [ASSETS].] [ExecuteThread: '3' for the queue: "(self-adjusting) weblogic.kernel.Default"] [userId: xelsysadm] [ecid: 91039ee4d5030ad9:6a4e2a3a:13d88717e95 :-8000-0000000000005521,0] [APP: IOM #11.1.1.3.0] query: DB: 1, LOAD: 0, TOTAL: 1
  [2013 03-21 T 06: 24:27.519 - 07:00] [oim_server1] [ERROR] [] [XELLERATE. DATABASE] [tid: [ASSETS].] [ExecuteThread: '3' for the queue: "(self-adjusting) weblogic.kernel.Default"] [userId: xelsysadm] [ecid: 91039ee4d5030ad9:6a4e2a3a:13d88717e95 :-8000-0000000000005521,0] [APP: IOM #11.1.1.3.0] class/method: tcDataBase/rollbackTransaction some problems: Rollback performed [[...]
  java.lang.Exception: Rollback performed
  at com.thortech.xl.dataaccess.tcDataBase.rollbackTransaction(tcDataBase.java:578)
  at com.thortech.xl.dataobj.tcDataObj.rollback(tcDataObj.java:904)
  at com.thortech.xl.dataobj.tcDataObj.doRollback(tcDataObj.java:867)
  at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:538)
  at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)

  After you apply BP06, let the Multiple Option cannot be changed from true to False [1556385.1 ID]

• Several resources working on the same page ADF / same application

  Hello
  
  Sorry this is perhaps a fundamental question for some of you. But I really need experts.
  
  First question is:
  
  I'm working on JDEV 11.1.1.3.0 developing ADF UI. In one of my page, I have 12 tabs and around 6 pop-up windows. This is a page that some complex. So we can distribute the same application and the same page different resources and allocation of development different tabs? If Yes, then how we can merge?
  
  Second question is:
  I'm really curious to know how the major projects of the ADF are developed?
  
  Thank you
  MC

  A way to divide the work is to use fragments of the page inside the taskflows for each tab.
  Then, each developer can work on her page fragment, and in the end you just add these taskflows as a region to your homepage.
  Of course, you want to also use a central Subversion (or other SCM system) repository to synchronize the work on your project-level files.

• Access policy - value of the attribute of provisioning failure

  Hello

  is it possible to configure a value for the attribute of non-entitlement to access policy applies to all users? I changed a strategy of access and successfully implemented a change in the rights of the system target, but did not at the disposal of another value of the attribute (by changing the form of target system in the definition of the access policy).

  Peter

  In this case, you will need to write your own custom code and need to trigger as an adapter of task of process or event handlers.

  ~ J

• How to pre-populate the organization name, and other fields in the form of access policy?

  Hi all

  I created a strategy of access to users to autoprovision for MS AD, but I need to solve a problem. I do not know how to pre-populate e.g. name of the Organization (or other fields) of resource AD user in the access policy and prepopulate the plugins created for user AD form do not work here.

  Please, could you help me to solve this "problem"?

  Thank you

  Milan

  Access policies get a static value.  You can't fill a field with an adapter.  If you do, leave the field blank and put an adapter on the process shape to your field which must be filled by using code or logic.

  -Kevin

• Access policy for the user whose status is "disabled until the start date.

  Hello
  
  By default political access does not work for the user whose start date is later in OIM 11 g. I have an access policy that the provisions of all users of Xellerate OID. This policy is not work for users who start date is later, i.e. status = disabled until the start date.
  
  No workaround to make the strategy work is much appreciated.
  
  
  
  Thank you
  GYAN

  up to 10g it work very well if you put provisining date as the current date. But, you cannot apply even in oim 11g

  Try below

  Add new udf to the user profile
  reconcile the start date in the new udf and leave the start of oim null date
  In this case the access policy will be triggers and you will be able to get an account created to the OID, and then set the start workflow OID IOM

  for reminder and all just to add trigger for the new udf and update on the changes.

  Note: In your case as OID in disable State it will cause no problem after the user status "disable up to that Start Date. If the resource object in activate State and change you the status to disable up to that starting date, it does not fire disable the user trigger.

  Kind regards
  Mireille nayan