OIM – How to view orchestration diagnostics in 11g R2 PS3

Comments :

There is a Orchestration Engine Mbean which replaces the EM dashboard  page of previous release Orchestration Engine diagnostics.

Ref :

https://docs.oracle.com/cd/E52734_01/oim/OMADM/emdiagnostics.htm#OMADM5311

https://docs.oracle.com/cd/E52734_01/oim/OMADM/emdiagnostics.htm#OMADM5558

 

Advertisements

OIM – How to change xelsysadm password

# use the below link :

https://docs.oracle.com/cd/E40329_01/admin.1112/e27149/handlinglcm.htm#OMADM3020

For OIM-OAM Integrated Env.

1) Change xelsysadm password in Identity Self service console.
2) Change OIMAdmin password from EM Console under Weblogic domain -> iam domain -> security ->credentials – > oracle.wsm.security folder.
3) Change xelsysadm password in Directory side using ldap. Because change in xelsysadm password will NOT be propagated to LDAP. One need to manually update the password in LDAP directory as well.

OIM – clean identity audit data i.e. all policy violations, remediation and scans data while retaining rules, policies and scan definitions

# clean identity audit data i.e. all policy violations, remediation and scans data while retaining rules, policies and scan definitions

# run the following sql on db :


--
-- drop all IDA data except for
--   scan definitions, config and event listener data
--
alter table IDA_SCAN_RUN_POLICIES disable constraint FK_ISRP_SCAN_RUN_ID;
alter table IDA_SCAN_RUN_POLICIES disable constraint FK_ISRP_POLICY_ID;

alter table IDA_SCAN_RUN_USER disable constraint FK_ISRU_SCAN_RUN_ID;
alter table IDA_SCAN_RUN_USER disable constraint FK_ISRU_USR_KEY;

alter table IDA_SCAN_RUN_POLICY_VIOLATION disable constraint FK_ISRPV_SCAN_RUN_ID;
alter table IDA_SCAN_RUN_POLICY_VIOLATION disable constraint FK_ISRPV_POLICY_VIOLATION_ID;

alter table IDA_TASK_POLICY_VIOLATION disable constraint FK_ITPV_PV_ID;

alter table IDA_REMEDIATOR disable constraint FK_IR_POLICY_VIOLATION_ID;
alter table IDA_POLICY_VIOLATION disable constraint FK_IPV_POLICY_ID;
alter table IDA_POLICY_VIOLATION_CAUSE disable constraint FK_IPVC_POLICY_VIOLATION_ID;
alter table IDA_POLICY_VIOLATION_CAUSE disable constraint FK_IPVC_RULE_ID;


truncate table ida_scan_run_user;
truncate table ida_scan_run_policy_violation;
truncate table ida_scan_run;
truncate table ida_scan_run_policies;

truncate table IDA_TASK_POLICY_VIOLATION;

truncate table IDA_REMEDIATOR;
truncate table IDA_POLICY_VIOLATION_CAUSE;
truncate table IDA_POLICY_VIOLATION;

alter table IDA_POLICY_VIOLATION enable constraint FK_IPV_POLICY_ID;
alter table IDA_POLICY_VIOLATION_CAUSE enable constraint FK_IPVC_POLICY_VIOLATION_ID;
alter table IDA_POLICY_VIOLATION_CAUSE enable constraint FK_IPVC_RULE_ID;
alter table IDA_REMEDIATOR enable constraint FK_IR_POLICY_VIOLATION_ID;

alter table IDA_SCAN_RUN_POLICIES enable constraint FK_ISRP_SCAN_RUN_ID;
alter table IDA_SCAN_RUN_POLICIES enable constraint FK_ISRP_POLICY_ID;

alter table IDA_SCAN_RUN_USER enable constraint FK_ISRU_SCAN_RUN_ID;
alter table IDA_SCAN_RUN_USER enable constraint FK_ISRU_USR_KEY;

alter table IDA_SCAN_RUN_POLICY_VIOLATION enable constraint FK_ISRPV_SCAN_RUN_ID;
alter table IDA_SCAN_RUN_POLICY_VIOLATION enable constraint FK_ISRPV_POLICY_VIOLATION_ID;

alter table IDA_TASK_POLICY_VIOLATION enable constraint FK_ITPV_PV_ID;

OIM SQL DB list of resource names


SELECT obj_name,
  parentform,
  LISTAGG(childform, '|') WITHIN GROUP (
ORDER BY SDH_CHILD_KEY) AS childform
FROM
  (SELECT obj_name,
    sdk.sdk_name parentform,
    childsdk.sdk_name childform,
    SDH_CHILD_KEY
  FROM tos,
    obj,
    pkg ,
    sdk,
    sdh,
    sdk childsdk
  WHERE tos.pkg_key    = pkg.pkg_key
  AND obj.obj_key      = pkg.obj_key
  AND sdk.sdk_key      = tos.sdk_key
  AND sdk.sdk_key      = sdh.sdh_parent_key
  AND childsdk.sdk_key = sdh.SDH_CHILD_KEY
  )
GROUP BY obj_name,
  parentform;

oracle.iam.platform.kernel.EventFailedException: IAM-3010068:Password reset failed because user xxxxx is not synchronized to the LDAP directory.:xxxxx

Error :

oracle.iam.platform.kernel.EventFailedException: IAM-3010068:Password reset failed because user xxxxx is not synchronized to the LDAP directory.:xxxxx

Soln :

- Clean USR_LDAP_GUID and USR_LDAP_DN for the particular user 
- Run LDAPSync Post Enable Provision Users to LDAP.