Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

OIM AD Connector - not connecting to AD LDAP

712210Jul 16 2009 — edited Jul 20 2009
Hello,

I'm new to Oracle Identity Management, so it could be some trivial misconfiguration issue.

I've installed OIM on a Windows Server 2003 with AD and Exchange already configured (with several user accounts).
Next, I've installed the AD connector for OIM and configured the 'AD Server' resource as follows:

Name: ADITResource
Type: AD Server

Admin FQDN: CN=Administrator,CN=Users,dc=mydomain,dc=COM // tested with a LDAP browser - ok
Admin Login: Administrator
Admin Password: *****
Allow Password Provisioning: yes
Port Number: 636
Root Context: OU=HQ1,DC=mydomain,dc=COM // tested with a LDAP browser - ok
SSL Port Number: 636
Server Address: 127.0.0.1
Use SSL: yes
isADAM: no
isLookupDN: no

I then configured the ActiveDirectoryReconTask, using the ADITResource above.

When I run the task, it runs instantly, but nothing actually happens.
In the JBoss console, I get a lot of lines saying:

INFO [ACCOUNTMANAGEMENT] UsernamePasswordLoginModule/initialize : Un-authenticated Identity: Unknown

and then an exception saying:

ERROR [APIS] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'null' does not exist.

In the Deisgn Console, under Reconciliation Manager, there are no results.

I then tried to set up the ADITResource to not use SSL and connect to port no. 389.
Same results, JBoss console throws the same errors and exceptions.

I also tried running the AD connector test, runADTest.bat, but that didn't work either (it could not create the test user into AD).

With SSL, the runADTest.bat error is:

[OIMCP.ADCS],The error occured in ADClient::connectorToAvailableAD():127.0.0.1:636; socket closed.
[OIMCP.ADCS],Class/Method: ADClient/creatingUser encounter some problems: Connection Error Occur
.......
[OIMCP.ADCS],User Createdfalse

Without SSL, the runADTest.bat error is:

[OIMCP.ADCS],The error occured in ADClient::createObject():LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'OU=HQ1,DC=mydomain,DC=COM'
.......
[OIMCP.ADCS],User Createdfalse

Again, the "OU=HQ1,DC=mydomain,DC=COM" is valid.


Any clues ?

Thanks,
Chris

Edited by: user11699987 on Jul 16, 2009 5:31 AM
This post has been answered by Rajiv Dewan on Jul 20 2009
Jump to Answer
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Aug 17 2009
Added on Jul 16 2009
#identity-management, #identity-manager
22 comments
2,835 views