The following are known issues associated with this release of the connector:
Bug 5526185
On the target system, you can use one of the following methods to change the group membership details of a user account:
Edit the user account and directly change the group membership details.
Edit the group and add or modify the user's membership details.
During both operations, only the group object is time stamped. Incremental reconciliation from the target system is based on the time stamp of the user object. Therefore, group membership changes made to a user account are not reconciled into Oracle Identity Manager.
Note:
This known issue affects only reconciliation of updates to group membership details. Reconciliation of new group membership details is not affected.Bug 7225753 and 7232276
Through provisioning, you cannot move a target system user from one domain controller to another. This is because the IT resource enables you to specify only a single domain controller as the target system.
Bug 7003816
Microsoft ADAM does not support the "User must change password at next logon" attribute. In order for provisioning to be successful, this attribute (check box) must not be checked when the target system in ADAM.
Bug 7136085
The Country lookup field displays country names in English, regardless of the locale you select.
Bug 7212391
The ADITResource IT resource is created by default when you install the connector. If you want to use the Invert Display Name parameter of the IT resource, then you must use the ADITResource IT resource. If you create and use a new IT resource with a different name, then the Invert Display Name parameter is not used.
Bug 7296381
If Oracle Identity Manager is using Microsoft SQL Server, then a limit is imposed on the total character length of all the fields on the process form. During the connector installation process, this check is implemented when the Deployment Manager imports the connector XML files. If the combined length of the process form fields is determined to be more than 8060 characters, then the XML file is not imported.
To work around this requirement, the character lengths of some process form fields are kept less than their target system counterparts. For example, although the length of the Department field on the target system is 64 characters, the length of this field on the process form is 40 characters.
After you deploy the connector, you can modify the lengths of the process form fields. See Appendix A, "Character Lengths of Target System Fields and Process Form Fields" for a listing of the fields whose lengths are different on the target system and the process form. This appendix also describes the procedure to use the Design Console for modifying the lengths of the process form fields.
Bug 7207232
Some Asian languages use multibyte character sets. If the character limit for fields on the target system is specified in bytes, then the number of Asian-language characters that you can enter in a particular field may be less than the number of English-language characters that you can enter in the same field. The following example illustrates this point:
Suppose you can enter 50 characters of English in the User Last Name field of the target system. If you have configured the target system for the Japanese language, then you would not be able to enter more than 25 characters in the same field.
Bug 7126712
After you revoke the Microsoft Active Directory resource of an OIM User, if you run the AD User Target Delete Recon scheduled task, then the button to provision new Active Directory resources for the user is disabled.
Bug 8346302
During first-time reconciliation of a resource, the status of the resource is set to Enabled or Disabled instead of Provisioned.
Bug 6736667
Critical extensions in an SSL certificate are not supported.
Bug 8262055
The following issue is observed if the Remote Manager is not running (that is, not in use):
If you perform an Update User provisioning operation on a resource created through target resource reconciliation, then the Terminal Allow Login Updated process task is triggered. The status of the task is shown as Rejected on the Administrative and User Console. However, the Update User operation gives the expected results, and it is not affected by rejection of the Terminal Allow Login Updated process task.
Bug 8976436
The following issue is observed if the target system is Microsoft Windows Server 2008 Active Directory installed on Microsoft Windows Server 2008:During provisioning operations, when you set a user's account expiration date, the actual date set on the target system is a day earlier than the date that you specify. For example, if you set 30-Nov-2009 as the expiration date, then the actual expiration date set on the target system is 29-Nov-2009.
Bug 11904573
The Code Key entry of the Lookup.AD.Domains lookup definition contains the root context of the domain. If the Code Key entry contains 'dc' in lower case, then trusted source reconciliation across multiple domains fails and a Null Pointer Exception is encountered.
As a workaround, ensure that 'DC' in the Code Key entry is in upper case only.
The following issues are observed when you deploy this release of the connector on Oracle Identity Manager release 11.1.1 and 11.1.2.x:
Bug 7627046
Reconciliation of organization data is not supported.
Bug 9799541
Reconciliation of group data is not supported.
Bug 9799563
You cannot reconcile data about deleted Groups from the target system.
Bug 17365924
The Reconciliation Rule for the Xellerate Organization resource object is not present.
As a workaround, update the Xellerate Organization resource object to include a valid organization-matching rule, and then regenerate the reconciliation profile.