Using LDAP Reconciled Groups As Assignees In OIM SOA Workflow, the Approval Tasks Fail
Last updated on JUNE 04, 2018
Applies to:Identity Manager - Version 18.104.22.168.170718 to 22.214.171.124.180331 [Release 11g]
Information in this document applies to any platform.
You have configured LDAP Sync between OID (or some other LDAP) and OIM. You are trying to assign an ApprovalTask to one of these groups, but you find that the task fails at run time. The issue does not occur with groups created in OIM, but only with groups created via LDAP Sync.
For example, say the entry in the UGP table for your role looks like this:
First, let's explain what these are:
- UGP_NAME is internal unique name. With LDAP SYNC, there can be two roles with same name in different containers.
- UGP_NAME is computed based on the container (namespace) in which the role is in LDAP.
- UGP_NAME is always prefixed with this namespace, and hence will always be unique.
- UGP_ROLENAME is the name of the Role.
At run time, you see errors like the following in the SOA diagnostic log when using the role name returned from invoking getRoleDetails which is UGP_ROLENAME:
The composites referenced in the errors above have been attached for your reference.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms