Thursday, April 9, 2009

Integration BPEL / OID 10.1.4 Migration of LDIF data failed. Not all the entries are successfully

In the document: http://download-uk.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/service_config.htm#BABIBGFF is mentioned how the integration between BPEL and OID can be configured. But when this is done with OID version 10.1.4 some problems occur:

Migration of LDIF data failed. Not all the entries are successfully.
If the script configure_oid.sh is executed like this:

(Pay attention on a production system choose the option seedRequiredUsers instead of SeedAllUsers, otherwise all test users are in the OID)


cd $ORACLE_HOME/bpel/system/services/install/ant-tasks
./configure_oid.sh orcladmin <PASSWORD> 389 false us seedRequiredUsers oc4jadmin <PASSWORD> oc4j_soa
Buildfile: oid-config.xml

config-oid:
[echo] Configuring OID...
[mkdir] Created dir: $ORACLE_HOME/ldap/install
[java] Install Configuration
[java] Install Type: ConfigureOID
[java] Oracle Home: $ORACLE_HOME
[java] JDK Home: $ORACLE_HOME/jdk
[java] Proxy Required: false
[java] Database Vendor: oracle
[java] OID Host: ${oid.host}
[java] OID Port: 389
[java] OID Realm: us
[java] OID Seed: seedRequiredUsers
[java] Admin User: orcladmin

[java] ***************************************************************
[java] Trying to obtain OID specific details from configuration files.
[java] Warning: You would encounter problems if you have not associated your instance with an OID.
[java] ***************************************************************
[java] OID Host is: ldap.test.nl
[java] OID Port is: 389
[java] Seeding users/roles in OID realm : us...
[java] Buildfile: bpminstall.xml

[java] seed-oid:

[java] init:

[java] seed-oid:
[java] Seeding system users/roles into OID ...
[java] Migration of LDIF data failed. Not all the entries are successfully migrated
[java] Seeding demo users/roles into OID ...
[java] Migration of LDIF data failed. Not all the entries are successfully migrated

[java] BUILD SUCCESSFUL
[java] Total time: 5 seconds
[java] Exit: 0
[java] Configuring BPEL identity service configuration file ...
[java] Adding jaas-mode attribute to hw_services orion-application.xml
[java] Adding jaas-mode attribute to orabpel orion-application.xml

bpel-grant-privileges:
[echo] Granting Server privileges to BPMSystemAdmin role...
[echo] Granting Domain privileges to BPMDefaultDomainAdmin role...

all:

BUILD SUCCESSFUL
Total time: 11 seconds
Done


After some investigation I noticed that the ldif script that is inserted in the OID is in the directory: $ORACLE_HOME/bpel/system/services/config/ldap.

Then I tried to insert the users with the ldapadd commando an error occured:

ldapadd -h ldap.test.nl -p 389 -D cn=orcladmin -w <PASSWORD> -f system-oid_xxx.ldif
adding new entry cn=bpeladmin,cn=users, dc=us,dc=test,dc=nl
ldap_add: Constraint violation
ldap_add: additional info: Password Policy Error :9004: GSL_PWDNUMERIC_EXCP :Your Password must contain at least 1 numeric characters.


The conclusion is that there is een password policy in the OID, when this policy is changed the ldapadd works like a charm.

Change the policy in the OID:
start oidadmin > login with orcladmin > Password Policy Management > cn=pwdPolicies, cn=Common, cn=Product, cn=OracleContext > Password Policy for Realm dc=us,dc=test,dc=nl > tab Password Syntax

Change Number of Numeric Characters: 0



or you can change all passwords in the *.ldif file. But then the ant script is not working only because the ldif file is generated during the ant script.

The ldapadd command is working after the change in de oid and also when the passwords are changed:


ldapadd -h ldap.test.nl -p 389 -D cn=orcladmin -w <PASSWORD> -f system-oid_xxxx.ldif
adding new entry cn=bpeladmin,cn=users, dc=us,dc=test,dc=nl
adding new entry cn=default,cn=users, dc=us,dc=test,dc=nl
adding new entry cn=guest,cn=users, dc=us,dc=test,dc=nl
modifying entry cn=BPMSystemAdmin,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMDefaultDomainAdmin,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMWorkflowAdmin,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMWorkflowReassign,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMWorkflowSuspend,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMWorkflowViewHistory,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=rule-administrators,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMAnalyst,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMPublic,cn=Groups, dc=us,dc=test,dc=nl


Now also the configure_oid.sh works like it supposed to. But when you use this script you must change all passwords because default the passwords are CHANGE_ME. The passwords are defined in the file: $ORACLE_HOME/bpel/system/services/config/ldap/system-oid.sbs.

You can verifiy everything is working fine by invoking the BPEL identity service:
http://<hostname>:<port>/integration/services/IdentityService/identity?operation=lookupUser

If the execution of this request results in this error:


Identity Service cannot find user. Error occurs while getting user "[USER]" in realm "jazn.com" Verify that user "[USER]" exits in realm "jazn.com". Contact oracle support if error is not fixable.


Adjust the file $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml.


Line : provider="XML" location="./system-jazn-data.xml" default-realm="jazn.com"


Line :

provider="LDAP" location="ldap://test.nl:389" default-realm="us"


Change the $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml the same as $ORACLE_HOME/j2ee/home/config/jazn.xml


There is another problem in the integration of BPEL and OID.
Hint : LOGON TO THE BPEL ADMIN CONSOLE FAILS - INSUFFICIENT PRIVILEGES / NO DOMAIN

There are two OC4J homes in the environment ($ORACLE_HOME/j2ee/home and $ORACLE_HOME/j2ee/oc4j_soa).
OC4J instance is associated with OID through EM.

This modifies the $ORACLE_HOME/j2ee/home/config/jazn.xml. However, it does not modify the $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml file correctly.

$ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml


Line : provider="XML" location="./system-jazn-data.xml" default-realm="jazn.com"


Line :

provider="LDAP" location="ldap://test.nl:389" default-realm="us"


Change the $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml the same as $ORACLE_HOME/j2ee/home/config/jazn.xml

Refers:
http://download-uk.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/service_config.htm#BABIBGFF

8 comments:

  1. Respect! It's solve my problem completely! Thanks!!!

    ReplyDelete
  2. Hello Arjan Goos,
    my name is Enio and i'm getting an error when i run the script "configure_oid.sh". Could you please help me?

    Thanks...

    Buildfile: oid-config.xml

    config-oid:
    [echo] Configuring OID...
    [java] Install Configuration
    [java] Install Type: ConfigureOID
    [java] Oracle Home: /u01/app/oracle/product/10.1.3.1/OracleAS_4
    [java] JDK Home: /u01/app/oracle/product/10.1.3.1/OracleAS_4/jdk
    [java] Proxy Required: false
    [java] Database Vendor: oracle
    [java] OID Host: ${oid.host}
    [java] OID Port: 389
    [java] OID Realm: network
    [java] OID Seed: seedAllUsers
    [java] Admin User: orcladmin

    [java] ***************************************************************
    [java] Trying to obtain OID specific details from configuration files.
    [java] Warning: You would encounter problems if you have not associated you r instance with an OID.
    [java] ***************************************************************
    [java] OID Host is: oimhomovdoid1.network.ctbc
    [java] OID Port is: 389
    [java] Seeding users/roles in OID realm : network...
    [java] Buildfile: bpminstall.xml

    [java] seed-oid:

    [java] init:

    [java] seed-oid:
    [java] Seeding system users/roles into OID ...
    [java] Migration of LDIF data completed. All the entries are successfully m igrated
    [java] Seeding demo users/roles into OID ...
    [java] Migration of LDIF data completed. All the entries are successfully m igrated

    [java] BUILD SUCCESSFUL
    [java] Total time: 8 seconds
    [java] Exit: 0
    [java] Configuring BPEL identity service configuration file ...
    [java] Adding jaas-mode attribute to hw_services orion-application.xml
    [java] Adding jaas-mode attribute to orabpel orion-application.xml

    bpel-grant-privileges:
    [echo] Granting Server privileges to BPMSystemAdmin role...
    [java] User [oc4jadmin] does not exist in system.

    BUILD FAILED
    /u01/app/oracle/product/10.1.3.1/OracleAS_4/bpel/system/services/install/ant-tas ks/oid-config.xml:235: Java returned: 255

    ReplyDelete
  3. It looks like the oc4jadmin user is not created in your OID. Can you check if the user exists?

    ReplyDelete
  4. Hello Arjan Goos,
    thank to regards, i checked in OID and i found that the user oc4jadmin appears only under the BPMSystemAdmin and BPMDefaultDomainAdmin role.

    ReplyDelete
  5. Hello Enio Machado,

    Is your problem solved?

    This error indicates that the oc4jadmin user does not exists in the OID: [java] User [oc4jadmin] does not exist in system.

    ReplyDelete
  6. Hello Arjan Goos,
    my problem is not solved, i created a oc4jadmin in OID and i still getting the same error.

    ReplyDelete
  7. BPEL Admin Online Training, ONLINE TRAINING – IT SUPPORT – CORPORATE TRAINING http://www.21cssindia.com/courses/bpel-admin-online-training-65.html The 21st Century Software Solutions of India offers one of the Largest conglomerations of Software Training, IT Support, Corporate Training institute in India - +919000444287 - +917386622889 - Visakhapatnam,Hyderabad BPEL Admin Online Training, BPEL Admin Training, BPEL Admin, BPEL Admin Online Training| BPEL Admin Training| BPEL Admin| "Courses at 21st Century Software Solutions
    Talend Online Training -Hyperion Online Training - IBM Unica Online Training - Siteminder Online Training - SharePoint Online Training - Informatica Online Training - SalesForce Online Training - Many more… | Call Us +917386622889 - +919000444287 - contact@21cssindia.com
    Visit: http://www.21cssindia.com/courses.html"

    ReplyDelete

comment