Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Role and rule membership error - oim 11gr2 ps2

user8744020Feb 12 2016 — edited Feb 18 2016

Hi,

We have a role in OIM which had many members. As per the new requirement, all the users who have user type as internal (-INT) should belong to this role.

So, i removed the old members and added a rule User Type Contains "-INT"  and executed "Apply and Evaluate". But, it didn't add the users.

But, new users are getting added to this role, if the user type contains "-INT".


Even i ran the "refresh role membership" job to see if it refreshes the memberships. But, the job failed with below errors



[2016-02-11T21:37:27.309-08:00] [oimext_server1] [WARNING] [] [oracle.iam.identity.scheduledtasks] [tid: OIMQuartzScheduler_Worker-2] [userId: oiminternal] [ecid: b834c9b3cae0f91f:-4417ab0:152d2804e37:-8000-0000000000000003,1:17861] [APP: oim#11.1.2.0.0] Role MART_Consumer could not assigned to the users[[

oracle.iam.platform.kernel.EventFailedException: IAM-3010072:Adding user membership failed because user RITZ is not synchronized to the LDAP directory:RITZ

        at oracle.iam.ldapsync.impl.util.LDAPSyncUtil.createEventFailedException(LDAPSyncUtil.java:1387)

        at oracle.iam.ldapsync.impl.util.LDAPSyncUtil.createEventFailedException(LDAPSyncUtil.java:1403)

        at oracle.iam.ldapsync.impl.eventhandlers.membership.UserMembershipCreateLDAPHandler.grantRoleMembership(UserMembershipCreateLDAPHandler.java:287)

        at oracle.iam.ldapsync.impl.eventhandlers.membership.UserMembershipCreateLDAPHandler.execute(UserMembershipCreateLDAPHandler.java:155)

        at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:1125)

[2016-02-11T21:37:27.310-08:00] [oimext_server1] [NOTIFICATION] [] [oracle.iam.identity.scheduledtasks] [tid: OIMQuartzScheduler_Worker-2] [userId: oiminternal] [ecid: b834c9b3cae0f91f:-4417ab0:152d2804e37:-8000-0000000000000003,1:17861] [APP: oim#11.1.2.0.0] Role membership rule evaluation failed for following roles :MART_Consumer

[2016-02-11T21:37:27.310-08:00] [oimext_server1] [WARNING] [] [oracle.iam.scheduler.vo] [tid: OIMQuartzScheduler_Worker-2] [userId: oiminternal] [ecid: b834c9b3cae0f91f:-4417ab0:152d2804e37:-8000-0000000000000003,1:17861] [APP: oim#11.1.2.0.0] IAM-1020021 Unable to execute job : Refresh Role Memberships with Job History Id:240344[[

oracle.iam.platform.utils.SuperRuntimeException: Role membership rule evaluation failed for following roles :MART_Consumer

        at oracle.iam.identity.scheduledtasks.RefreshRoleMembershipsTask.execute(RefreshRoleMembershipsTask.java:175)

        at oracle.iam.scheduler.vo.TaskSupport.invokeExecute(TaskSupport.java:270)

        at oracle.iam.scheduler.vo.TaskSupport.access$000(TaskSupport.java:46)

        at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:221)

        at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:10)

Does this mean, if the job fails for one user, the job will stop immediately without continuing for other users ?



What could be the issue here ? Please suggest


Thanks
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 17 2016
Added on Feb 12 2016
#identity-management, #identity-manager
7 comments
3,083 views