Groups Entitlements
Hi All,
I am using OIM 11gR2 BP01 (on weblogic 10.3.6 2 node cluster) and activedirectory-11.1.1.5.0 with patch ( p14190610) Connector for AD
I have a weird issue,
All my groups are reconciled properly in the IDM,
All my users are reconciled (Trusted + Target) perfectly in IDM.
PPROBLEM:
1- The Groups in Child form are not being displayed, it is showing empty rows for the groups assigned to the user, i.e if the user is assigned 3 groups it is showing 3 empty rows if 5 groups it showing 5 empty rows. Nothing is shown in the Entitlements Tab, I have checked in the backed database in UD_ADUSRC table the data is present properly.
2- From IDM webconsole at Identity URL, I can perform Modification to the AD account of a user and add a new group for him now it is being shown in the Child form along with other empty rows for already existing groups, it is also shown in the Entitlement Tab.
3- No if I make changes from the Domain Controller AD server to this user and add/remove the a group (and some other attribute to change the time-stemp) and run AD Target Reconciliation, then check the Child form of the same user, all the rows (including the latest added) are again shown empty and the data from Entitlements Tab is also removed.
All above test cases are working fine in my identical test environment (Single node weblogic), so i know that what ever the test I am doing is valid. I don't know what is missing in my production that its having this issue. please let me know if anyone has any idea.
Regards