5 Testing and Troubleshooting

After you deploy and configure the connector, you must test it to ensure that it functions as expected. This chapter discusses the following topics related to connector testing:

5.1 Running Test Cases

You can use the testing utility to identify the cause of problems associated with connecting to the target system and performing basic operations on the target system.

To use the testing utility:

  1. Copy the contents of the test directory on the installation media, to one of the following directories:

    Note:

    If a particular destination directory does not exist on the Oracle Identity Manager host computer, then create it.

    • For Oracle Identity Manager release 9.0.3.x or 9.1.0.x:

      OIM_HOME/xellerate/SJSDS/test/troubleshoot

    • For Oracle Identity Manager release 11.1.1:

      OIM_HOME/server/SJSDS/test/troubleshoot

  2. Specify values for the parameters in the TroubleShootIPlanet.properties file.

    • For Oracle Identity Manager release 9.0.3.x or 9.1.0.x:

      OIM_HOME/xellerate/SJSDS/test/troubleshoot

    • For Oracle Identity Manager release 11.1.1:

      OIM_HOME/server/SJSDS/test/troubleshoot

    The following table describes the sections of this file in which you must provide information for running the tests.

    Section Information

    Sun Java System Directory Server connection parameters

    Connection parameters required to connect to the target system

    These parameters are the same as the parameters of the IT resource that you configure by performing the procedure described earlier in this guide.

    Create User information

    Parameters required to create a user

    Modify User information

    Parameters required to modify a user

    Delete User information

    DN of the user to be deleted

  3. If you are using Oracle Identity Manager release 11.1.1, then copy the SJSDSProv.jar file from the lib directory on the installation media to a temporary directory on the Oracle Identity Manager host computer. For example, OIM_HOME/server/jars.

  4. Add the following to the CLASSPATH environment variable:

    • For Oracle Identity Manager release 9.0.3.x or 9.1.0.x:

      OIM_HOME/xellerate/JavaTasks/SJSDSProv.jar
OIM_HOME/xellerate/lib/xlLogger.jar
OIM_HOME/xellerate/ext/log4j-1.2.8.jar
OIM_HOME/xellerate/lib/xlUtils.jar
OIM_HOME/xellerate/lib/xlAPI.jar

    • For Oracle Identity Manager release 11.1.1:

      OIM_HOME/server/Jars/SJSDSProv.jar
OIM_HOME/server/lib/xlLogger.jar
OIM_HOME/server/ext/log4j-1.2.8.jar
OIM_HOME/server/lib/xlUtils.jar
OIM_HOME/server/lib/xlAPI.jar
OIM_HOME/designconsole/lib/oimclient.jar

  5. Create an ASCII-format copy of the TroubleShootIPlanet.properties file as follows:

    Note:

    You must perform this procedure every time you make a change in the contents of the TroubleShootIPlanet.properties file.

    1. In a command window, change to the following directory:

      OIM_HOME/xellerate/SJSDS/test/troubleshoot

    2. Enter the following command:

      native2ascii TroubleShootIPlanet.properties global.properties

      The global.properties is created when you run the native2ascii command. The contents of this file are an ASCII-format copy of the contents of the TroubleShootIPlanet.properties file.

  6. Perform the following tests:

    • Create a user as follows:

      java -DpropertyFile=./global.properties -Dlog4j.configuration=./log.properties TroubleShootingUtilityIPlanet createUser

    • Modify a user as follows:

      java -DpropertyFile=./global.properties -Dlog4j.configuration=./log.properties TroubleShootingUtilityIPlanet modifyUser

    • Delete a user as follows:

      java -DpropertyFile=./global.properties -Dlog4j.configuration=./log.properties TroubleShootingUtilityIPlanet deleteUser

5.2 Troubleshooting Connector Problems

The following sections list solutions to some commonly encountered errors of the following types:

5.2.1 Connection Errors

The following table describes solutions to commonly encountered Create User errors.

Problem Description Solution

Oracle Identity Manager cannot establish a connection to Sun Java System Directory.

Returned Error Message:

Connection error encountered

Returned Error Code:

INVALID_CONNECTION_ERROR

  • Ensure that Sun Java System Directory is running.

  • Ensure that Oracle Identity Manager is running (that is, the database is running).

  • Ensure that all the adapters have been compiled.

  • Examine the Oracle Identity Manager record (from the IT Resources form). Verify that the specified IP address, admin ID, and admin password are correct.

Target not available

Returned Error Message:

Target server not available

Returned Error Code

TARGET_UNAVAILABLE_ERROR

Ensure that the specified Sun Java System Directory server connection values are correct.

Authentication error

Returned Error Messages

Invalid or incorrect password

Returned Error Code

AUTHENTICATION_ERROR

Ensure that the password is correct in the user account credentials that you specify.

5.2.2 Create User Errors

The following table describes solutions to commonly encountered Create User errors.

Problem Description Solution

Oracle Identity Manager cannot create a user.

Returned Error Message:

Required field information not provided

Returned Error Code:

INSUFFICIENT_INFORMATION_PROVIDED

  • Ensure that the IP address, admin ID, and admin password are correct.

  • Ensure that the following information is provided:

    User ID

    User password

    User container

    User first name

    User last name

Oracle Identity Manager cannot create a user.

Returned Error Message:

User already exists

Returned Error Code:

USER_ALREADY_EXIST

Check if a user with the specified ID already exists in Sun Java System Directory.

Assign a new ID for this user, and try again.

Oracle Identity Manager cannot create a user.

Returned Error Message:

Naming exception encountered

Returned Error Code:

INVALID_NAMING_ERROR

  • Check if the specified Sun Java System Directory connection values are correct.

  • Check if an attribute value violates the schema definition.

Oracle Identity Manager cannot create a user.

Returned Error Message:

Required information missing, could not create user

Returned Error Code:

USER_CREATION_FAILED

Check if an attribute value violates the schema definition.

The Create User operation failed because a value was being added to a nonexistent attribute.

Returned Error Message:

Attribute does not exist

Returned Error Code:

ATTRIBUTE_DOESNOT_EXIST

In the AttrName.Prov.Map.iPlanet lookup definition, check if the decode values are valid attribute names in the target system.

The Create User operation failed because an invalid value was being added.

Returned Error Message:

Invalid value specified for an attribute

Returned Error Code:

INVALID_ATTR_VALUE_ERROR

Check the values specified during user creation.

5.2.3 Modify User Errors

The following table describes the solution to commonly encountered Modify User errors.

Problem Description Solution

Oracle Identity Manager cannot modify the attribute value of a user.

Returned Error Message:

Invalid attribute value or state

Returned Error Code:

INVALID_ATTR_MODIFY_ERROR

Check the specified user ID.

The Modify User operation failed because a value was being added to a nonexistent attribute.

Returned Error Message:

Attribute does not exist

Returned Error Code:

ATTRIBUTE_DOESNOT_EXIST

  1. From the corresponding process task, get the value that is passed for AttrName of the connector.

  2. Using the name obtained in the previous step, check in the AttrName.Prov.Map.iPlanet lookup definition if the decode value is a valid attribute name in the target.

The Modify User operation failed because an invalid value was being added.

Returned Error Message:

Invalid value specified for an attribute

Returned Error Code:

INVALID_ATTRIBUTE_VALUE_ERROR

Check the value specified.

The Modify User operation failed because of an attempt to add a value to an attribute that does not exist in the AttrName.Recon.Map.iPlanet lookup definition.

Returned Error Message:

One or more attribute mappings are missing

Returned Error Code:

ATTR_MAPPING_NOT_FOUND

  1. From the corresponding process task, get the value that is passed for AttrName of the connector.

  2. Using the name obtained in the previous step, check if an entry has been made in the AttrName.Recon.Map.iPlanet lookup definition.

The operation failed because a duplicate value was being added to an attribute.

Returned Error Message:

Duplicate value

Returned Error Code:

DUPLICATE_VALUE_ERROR

Check the value specified.

Oracle Identity Manager cannot move a user from one container to another.

Returned Error Message:

Could not move user to different container

Returned Error Code:

USER_MOVE_FAILED

Generic error. Review the log for more details.

Oracle Identity Manager cannot add a user to a security group.

Returned Error Message:

Group does not exist

Returned Error Code:

GROUP_DOES_NOT_EXIST

The specified user security group does not exist in Sun Java System Directory. Check the group name.

Oracle Identity Manager cannot add a user to a group.

Returned Error Message:

Duplicate value

Returned Error Code:

DUPLICATE_VALUE_ERROR

The user is already a member of the group.

Oracle Identity Manager cannot add a role to a user.

Returned Error Message:

Role does not exist

Returned Error Code:

ROLE_DOESNOT_EXIST

The specified role for the user in Oracle Identity Manager does not exist in Sun Java System Directory. Create the role in Sun Java System Directory.

Oracle Identity Manager cannot add a role to a user.

Returned Error Message:

Could not update user

Returned Error Code:

USER_UPDATE_FAILED

Generic error. Review the log for more details.

Oracle Identity Manager cannot add a role to a user.

Returned Error Message:

Duplicate value

Returned Error Code:

DUPLICATE_VALUE_ERROR

The user has already been assigned this role.

Oracle Identity Manager cannot remove a role assigned to a user.

Returned Error Message:

Could not remove role from user

Returned Error Code:

USER_REMOVE_ROLE_FAILED

Generic error. Review the log for more details.

5.2.4 Delete User Errors

The following table describes  the solution to a commonly encountered Delete User error.

Problem Description Solution

Oracle Identity Manager cannot delete a user.

Returned Error Message:

User does not exist

Returned Error Code:

USER_DOESNOT_EXIST

The specified user does not exist in Sun Java System Directory.

5.2.5 Reconciliation Errors

The following table describes the solution to a commonly encountered reconciliation error.

Problem Description Solution

Oracle Identity Manager cannot reconcile users from Sun Java System Directory.

Returned Error Message:

javax.naming.NamingException: tcUtilLDAPOperations -> : NamingException : Unable to search LDAP

Returned Error Code:

LDAP: error code 11 - Administrative Limit Exceeded

Change the Sun Java System Directory configuration as follows:

  1. Open the Sun ONE Directory Server admin console.

  2. Select Configuration, Performance, and Client Control.

  3. Set the size limit to unlimited.

  4. Set the look-through limit to unlimited.

  5. Save the changes, and restart Sun Java System Directory.

5.2.6 Logging Errors

The following table describes the solution to a commonly encountered logging error.

Problem Description Solution

Not receiving logging in Debug level even after configuring logging.xml accordingly..

Returned Error Message:

unable to read logging configuration.

  1. Ensure that for every logger present in the logging.xml there is a corresponding log-handler present.

  2. The level of log for console-handler should be "TRACE:32"