OIM – OUD Ldap sync – attributes like obpasswordchangeflag, obpasswordexpirydate not created

Problem:
We have integrated OAM-OIM-OUD. LDAP Sync has been enabled between OIM and OUD.
When we create an user in OIM , it creates user in OUD without password management objectclass and attributes like oblogintrycount / obpasswordchangeflag / obpasswordexpirydate.

Due to this password management related things not working as expected. Below you can find Sample user attribute details from OUD, whic is synched from OIM.

dn: cn=LdapSync test,cn=users,dc=mydomain,dc=com
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: orclIDXPerson
objectClass: top
givenName: LdapSync
uid: LDAPSYNC
orclPwdExpirationDate: 20171025000000z
cn: LdapSync test
sn: test
userPassword:: e1NTSEE1MTJ9SENUbDgyd3VaeDhXbjZyQ3Nubmx0cXQ0UXdjREZ
employeeType: Full-Time
displayName: LdapSync test

 

Cause :
This is due to attribute oamEnabled=false in adapter.os_xml file which is under DOMANIN_HOME/ovd/oim/ directory

<plugin>
<name>UserManagement</name>
<class>oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement</class>
<initParams>
<param name="directoryType" value="oud"/>
<param name="mapObjectclass" value="container=orclContainer"/>
<param name="oamEnabled" value="false"/>
<param name="pwdMaxFailure" value="10"/>
</initParams>
</plugin>

 

Solution:
Set oamEnabled=true as below and restart OIM

<plugin>
<name>UserManagement</name>
<class>oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement</class>
<initParams>
<param name="directoryType" value="oud"/>
<param name="mapObjectclass" value="container=orclContainer"/>
<param name="oamEnabled" value="true"/>
<param name="pwdMaxFailure" value="10"/>
</initParams>
</plugin>

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s