Follow below URL, its a cool solution.
http://www.idmworks.com/blog/oim-installing-the-design-console-under-linux
It does work!!
Monday, November 22, 2010
Thursday, November 18, 2010
Make OIM portal load faster
Whenever a user tries to login to OIM admin console, OIM runs some additional SQL's to get the count of provisioning tasks, pending approvals etc, to display on the home page.
This can cause the home page to load slowly.
Since this information is not of much use in many organization on the home page, we can disable this additional SQL search and make sure only a link is placed on the home page to get to that same data.
To disable these counters, please execute below steps:
1) Login to Design Console with 'xelsysadm'
2) Go to Administration->> System Configuration
3) Search for the keyword "XL.WebAdminHome.CounterDisplay.Type"
4) Change the values from 'DayLimit' to 'CheckLink'
Now when a user logs in OIM he will see a link instead of counters.
For many users, the home page will be much faster from now on.
This can cause the home page to load slowly.
Since this information is not of much use in many organization on the home page, we can disable this additional SQL search and make sure only a link is placed on the home page to get to that same data.
To disable these counters, please execute below steps:
1) Login to Design Console with 'xelsysadm'
2) Go to Administration->> System Configuration
3) Search for the keyword "XL.WebAdminHome.CounterDisplay.Type"
4) Change the values from 'DayLimit' to 'CheckLink'
Now when a user logs in OIM he will see a link instead of counters.
For many users, the home page will be much faster from now on.
Special characters not allowed in name fields - OIM
The following fields in OIM do not support special characters:
If you are using your own form to create a user in OIM, make sure to restrict the above characters in the preceding fields.
The allowed special characters are as below :
! * @ $ ( ) ^ ? { } [ ] : ' ~ ` - _
Put these in a common regular expression pattern.
- User Login
- Group Name
- Organization Name
- Resource Name
- Process Name
- Request Number
- Column Label
- Task Name
- Semicolon ( ; )
- Pound ( # )
- Forward slash ( / )
- Percent ( % )
- Equals sign ( = )
- Bar ( | )
- Plus sign ( + )
- Comma ( , )
- Back slash ( \ )
- Double quotes ( " )
- Less than ( < )
- Greater than ( > )
If you are using your own form to create a user in OIM, make sure to restrict the above characters in the preceding fields.
The allowed special characters are as below :
! * @ $ ( ) ^ ? { } [ ] : ' ~ ` - _
Put these in a common regular expression pattern.
OIM user email field character restriction
If you are using OIM 9.0.1, then the user's email address field will only accept characters as defined in the below statement.
"The local-part and domain name portions of an e-mail address are restricted to ASCII letters, numbers, underscores, hyphens, and periods. The domain identifier portion of an e-mail address is restricted to ASCII letters and numbers"
(http://download.oracle.com/docs/cd/B32479_01/doc.903/b32455/componts.htm#CIHCCEAF)
But this restriction is removed in OIM 9.0.2 version. Below regular expression defined the characters allowed in the email address field in version 9.0.2
([\\w!#$%&'*+-/=?^_`{|}~])+[@](\\w|[-]|[.])+[.]([a-zA-Z0-9])+
So if you need all those special characters, you will have to make sure you are using 9.0.2 and not 9.0.1.
It is a patch update to upgrade from 9.0.1 to 9.0.2. So it should not be difficult.
"The local-part and domain name portions of an e-mail address are restricted to ASCII letters, numbers, underscores, hyphens, and periods. The domain identifier portion of an e-mail address is restricted to ASCII letters and numbers"
(http://download.oracle.com/docs/cd/B32479_01/doc.903/b32455/componts.htm#CIHCCEAF)
But this restriction is removed in OIM 9.0.2 version. Below regular expression defined the characters allowed in the email address field in version 9.0.2
([\\w!#$%&'*+-/=?^_`{|}~])+[@](\\w|[-]|[.])+[.]([a-zA-Z0-9])+
So if you need all those special characters, you will have to make sure you are using 9.0.2 and not 9.0.1.
It is a patch update to upgrade from 9.0.1 to 9.0.2. So it should not be difficult.
Auto Approve Self Registered Users in OIM
By default, a self registered user will have to be approved by a administrator. To automatically approve Self Registered Users in OIM
1. Open the OIM_HOME/xellerate/config/FormMetadata.xml file.
2. Copy the following lines from <form name="SelfRegistrationApprovalForm"> to <form name="SelfRegistrationUserForm"> section:
<attributereference editable="true" optional="true">Organizations.Organization Name</attributereference>
<attributereference editable="true" optional="false">Users.Xellerate Type</attributereference>
<attributereference editable="true" optional="true">Users.Role</attributereference>
3. Save changes and restart the OIM Server.
4. Now when you try to do a Self Register, you need to enter values for Organization name, User Type and Employee Role.
5. Enter value for User Type as End-User.
6. Enter value for Employee Role as Full-Time (Note: The value should be Full-Time and not Full-Time Employee).
7. Submit request, and the request would get automatically approved.
Delete OID users and Groups
To delete all OID users, please follow the below steps.
Run ldapsearch to extract the names of all users.
ldapsearch -x -h oidserver.corp.company.com -p 389 -D cn=orcladmin -w passwd -L -b "cn=users,dc=corp,dc=company,dc=com" -s one "objectclass=*" dn > current_users.txt
From the file that is generated, Delete the text dn: (Use find - replace to do this). Also make sure that every entry is in one single line.
Run the ldapdelete to delete all the users from the file.
ldapdelete -x -h oidserver.corp.company.com -p 389 -D cn=orcladmin -w passwd -c -v -f current_users.txt
Login to oidadmin to confirm the delete.
Run the same for cn=Groups to delete all groups.
Migrate or copy users from one OID to another
When you set up a OID environment, you would want to copy or migrate the users from existing environment to the new environment.
Below steps will guide you on how to do it. (These commands are for Linux)
On the source OID
Set the $oracle_home appropriately. Example is below
$export ORACLE_HOME=/oracle/db/product/oid/
Go to $ORACLE_HOME/ldap/bin FOLDER
$cd $ORACLE_HOME/ldap/bin
Run the following command to export the users
$ldapsearch -x -h oidserver.corp.company.com -p 389 -D cn=orcladmin -w password -L -b "cn=users,dc=oidserver,dc=corp,dc=company,dc=com" -s one "objectclass=*" dn o cn gcpcompanycode givenname mail objectclass oimuserkey preferredlanguage sn telephonenumber userpassword > oid_filteruser.txt
Run the following command to export the groups
$ldapsearch -x -h oidserver.corp.company.com -p 389 -D cn=orcladmin -w password -L -b "cn=Groups,dc=oidserver,dc=corp,dc=company,dc=com" -s one "objectclass=*" > oid_filtergroup.txt
Copy the files generated (in this case oid_filteruser.txt and oid_filtergroup.txt) to the destination OID
$scp oid_filteruser.txt oid_filtergroup.txt otherOidServer.corp.company.com:/oracle/db/oid_files/.
On the destination OID
If this is a existing environment, then delete the existing users and groups before you import new users. To know how to delete the users, follow this link Delete Users in OID
Stop OID
Set the $oracle_home as follows
$export ORACLE_HOME=/oracle/db/product/oid/
Go to $ORACLE_HOME/ldap/bin FOLDER
$cd $ORACLE_HOME/ldap/bin
Then run the following commands one after the other. (DEVOID is the schema name of OID)
./bulkload connect="DEVOID" generate=true load=true file="/oracle/db/oid_files/oid_filteruser.txt"
Enter the password when prompted. Import will them complete in few seconds.
./bulkload connect="DEVOID" generate=true load=true file="/oracle/db/oid_files/oid_filtergroup.txt"
Enter the password when prompted. Import will them complete in few seconds.
Start OID
Go to oidadmin console and verify.
Below steps will guide you on how to do it. (These commands are for Linux)
On the source OID
Set the $oracle_home appropriately. Example is below
$export ORACLE_HOME=/oracle/db/product/oid/
Go to $ORACLE_HOME/ldap/bin FOLDER
$cd $ORACLE_HOME/ldap/bin
Run the following command to export the users
$ldapsearch -x -h oidserver.corp.company.com -p 389 -D cn=orcladmin -w password -L -b "cn=users,dc=oidserver,dc=corp,dc=company,dc=com" -s one "objectclass=*" dn o cn gcpcompanycode givenname mail objectclass oimuserkey preferredlanguage sn telephonenumber userpassword > oid_filteruser.txt
Run the following command to export the groups
$ldapsearch -x -h oidserver.corp.company.com -p 389 -D cn=orcladmin -w password -L -b "cn=Groups,dc=oidserver,dc=corp,dc=company,dc=com" -s one "objectclass=*" > oid_filtergroup.txt
Copy the files generated (in this case oid_filteruser.txt and oid_filtergroup.txt) to the destination OID
$scp oid_filteruser.txt oid_filtergroup.txt otherOidServer.corp.company.com:/oracle/db/oid_files/.
On the destination OID
If this is a existing environment, then delete the existing users and groups before you import new users. To know how to delete the users, follow this link Delete Users in OID
Stop OID
Set the $oracle_home as follows
$export ORACLE_HOME=/oracle/db/product/oid/
Go to $ORACLE_HOME/ldap/bin FOLDER
$cd $ORACLE_HOME/ldap/bin
Then run the following commands one after the other. (DEVOID is the schema name of OID)
./bulkload connect="DEVOID" generate=true load=true file="/oracle/db/oid_files/oid_filteruser.txt"
Enter the password when prompted. Import will them complete in few seconds.
./bulkload connect="DEVOID" generate=true load=true file="/oracle/db/oid_files/oid_filtergroup.txt"
Enter the password when prompted. Import will them complete in few seconds.
Start OID
Go to oidadmin console and verify.
Unlock users in OID
There is always a need to unlock the user in OID. This can be done from the Konsole.
We must ideally create a file to do this so that we can use this multiple times.
Below are the steps.
Next time on, all you need to do is change the username and execute the file.
We must ideally create a file to do this so that we can use this multiple times.
Below are the steps.
- Create a file, say name it as unlockusers.sh.
- Paste the below content into the file.
ldapmodify -p 389 -h servername.corp.company.com -D cn=orcladmin -w password -x -v <<EOF
dn: cn=username, cn=Users,dc=corp,dc=company,dc=com
changetype: modify
add: orclpwdaccountunlock
orclpwdaccountunlock: 1
EOF Save and close the file. Give execute permission on that new file
chmod +x unlockuser.shExecute the file like
./unlockusers.sh
Next time on, all you need to do is change the username and execute the file.
Identity Management
I have started working on oracle identity management and thought of sharing some useful tips and guidelines in this new blog.
Hope this will be helpful for those who are beginners in OIM, OID and OAM.
Oracle Identity management is part of Oracle fusion middleware and includes Oracle identity manager (OIM), Oracle Access Manager (OAM), Oracle Identity Manager (OID) , Oracle Identity Federation and few others.
These are useful tools for a large organization which needs a good identity / user management system.
I am not going to talk any more about these tools as this information is readily available in oracle sites.
http://www.oracle.com/technetwork/middleware/id-mgmt/overview/index.html
I am going to use this blog to share some practical knowledge and useful tips.
For Java or webservices related tips, please refer to the other blog at http://thetechnick.blogspot.com/
Hope this will be helpful for those who are beginners in OIM, OID and OAM.
Oracle Identity management is part of Oracle fusion middleware and includes Oracle identity manager (OIM), Oracle Access Manager (OAM), Oracle Identity Manager (OID) , Oracle Identity Federation and few others.
These are useful tools for a large organization which needs a good identity / user management system.
I am not going to talk any more about these tools as this information is readily available in oracle sites.
http://www.oracle.com/technetwork/middleware/id-mgmt/overview/index.html
I am going to use this blog to share some practical knowledge and useful tips.
For Java or webservices related tips, please refer to the other blog at http://thetechnick.blogspot.com/
Subscribe to:
Posts (Atom)