OIM "Evaluate User Policies" Job Does Not Add Or Remove AD Groups During Role Changes. (Doc ID 2322328.1)

Last updated on NOVEMBER 02, 2017

Applies to:

Identity Manager - Version 11.1.2.2.6 and later
Information in this document applies to any platform.

Symptoms

OIM version 11g R2 PS2 BP06  -

"Evaluate User Policies" job does not Add or Remove AD/OUD groups during role changes.

Expected behavior is that  accounts needs to be updated with entitlements and also appropriate process tasks for Child form updates should get triggered.

However one don't see "Group membership Insert" or "Group membership Delete" Process tasks added for the User.

 OIM diagnostic log shows the following errors.

 

2017-10-14T00:19:58.435+00:00] [oim_server1] [ERROR] [] [XELLERATE.DATABASE]
[tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default(self-tuning)'] [userId: oiminternal] [ecid:
27741e1f913cd975:-671ba680:15f17f41dd7:-8000-0000000000000004,0] [APP:oim#11.1.2.0.0] Class/Method: tcDataBase/writeStatement encounter some problems: ORA-02291: integrity constraint (DEV_OIM.FK_UD_ADUSRC_UD_ADUSER)
violated - parent key not found[[java.sql.SQLIntegrityConstraintViolationException: ORA-02291: integrityconstraint (DEV_OIM.FK_UD_ADUSRC_UD_ADUSER) violated - parent key not found

[2017-10-14T00:19:58.454+00:00] [oim_server1] [ERROR] []
[oracle.iam.accesspolicy.impl.handlers.provisioning.util] [tid:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default(self-tuning)'] [userId: oiminternal] [ecid:
27741e1f913cd975:-671ba680:15f17f41dd7:-8000-0000000000000004,0] [APP:oim#11.1.2.0.0] childRecordChangedByPolicyKey:21 accountKey: 14279
childFormName: UD_ADUSRC childRecordPrimaryKeyName: UD_ADUSRC_KEYchildRecordPrimaryKeyValue: 38 action: Modify *** FAILED TO ADD/MODIFY CHILD
RECORD *** with error: DOBJ.UPDATE_FAILED: C: Update failed.
[2017-10-14T00:19:58.454+00:00] [oim_server1] [ERROR] [][oracle.iam.accesspolicy.impl.handlers.provisioning] [tid:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default(self-tuning)'] [userId: oiminternal] [ecid:
27741e1f913cd975:-671ba680:15f17f41dd7:-8000-0000000000000004,0] [APP:oim#11.1.2.0.0] An error occurred while retrieving details of user account(key: 41)
[2017-10-14T00:19:58.455+00:00] [oim_server1] [ERROR] [][oracle.iam.accesspolicy.impl.handlers.provisioning] [tid:[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: oiminternal] [ecid:27741e1f913cd975:-671ba680:15f17f41dd7:-8000-0000000000000004,0] [APP:oim#11.1.2.0.0] processId: 30089 eventId: 31016 operation:
ACCESS_POLICY_BASED_MODIFY entityType: Resource entityId-OIU_KEY: 41 GotError: An error occurred while retrieving details of user account (key: 41)
[2017-10-14T00:19:58.465+00:00] [oim_server1]
[NOTIFICATION] [][oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '0' forqueue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid:
27741e1f913cd975:-671ba680:15f17f41dd7:-8000-0000000000000004,0] [APP:oim#11.1.2.0.0] Orchestration process moved to failed stage, and thecorresponding error is - {0}[[
oracle.iam.platform.kernel.EventFailedException: An error occurred whileretrieving details of user account (key: 41)at
oracle.iam.accesspolicy.impl.handlers.provisioning.ModifyAccountActionHandler.
execute(ModifyAccountActionHandler.java:105)

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms