This Post Covers how to synchronize AD users to OID who actually want EBS application and OBIEE Application with MS – AD Integration by our trainee Firoz-Hussain from our Oracle EBS -OAM Integration Training. He did the brilliant job and was successfully able to propagate the users from custom Container to EBS FND_USER. Firoz is a part of our more than 10+ various training programs and a VIP Member of K21 Trainings
Let’s Discuss here what all issues and challenges he faced in this use case and how he troubleshooted and fixed the issues which may come while propagating the user from the custom container to EBS FND_USER.
You have user who will access OBIEE and EBS applications and some users will use both applications and to perform this create one custom container for EBS users, and for OBIEE users let it come to Users container in OID.
Step 1: Extend AD with one custom attribute and attach to the users who want to access EBS application and have to synchronize that users to OID filtering with the help of extended AD attribute
we set the following in profile users at AD having employeeNumber attribute value starting with X will be mapped to OID. orclodipcondirmatchingfilter=searchfilter=(|(objectclass=group)(objectclass=organizationalunit)(&(objectclass=user)(employeeNumber=x*)(!(objectclass=computer)))) —- with this he used the criteria to avoid service accounts and only employees accounts will come to OID
Example: From Firoz how he created one custom attribute called “ebscustom” in AD and added to one user and in filter tab of synchronization profile of DIP and included in syntax, that’s worked
- After populating users from AD who will access EBS application only, he extended AD with one custom attribute called ebscustom, based on this custom attribute given in synchronization profile of DIP able to populate EBS users in cn=ebsusers,dc=hussain,dc=net.
- Now, here actual issue raised, from cn=ebsusers,dc=hussain,dc=net the users are not getting provisioned to EBS fnd_user from OID, as his provision type was 4.
- But when he populate EBS users to cn=Users,dc=hussain,dc=net then able to provision users from OID to EBS fnd_users, but not able to provision from cn=ebusers,dc=hussain,dc=net to EBS fnd_user.
4. So, decided to enable debug on DIP and also EBS, after enabling debug he got the issue error from DIP log as
———-NEW EVENT STATUS ——————–
Event ID : 84659
Object GUID : null
Error Code : -1400
Error String : ORA-01400: cannot insert NULL into (“APPLSYS”.”WF_ATTRIBUTE_CACHE”.”ENTITY_KEY_VALUE”)
Error Disp : EVENT_ERROR
- This issue is a BUG on Oracle support but related to this BUG there is no patches or solution
Bug 5001589 : ORA-01400: CANNOT INSERT NULL INTO “APPLSYS”.”WF_ATTRIBUTE_CACHE”.”ENTITY_KEY_VA
- On Oracle Support, this bug says that provisioning of users from OID to EBS is looking only for container cn=Users,dc=hussain,dc=net. (Example from Firoz Use Case)
- it’s looking for only Users container is , from attribute orclCommonUserSearchBase, you can found that in cn=common,cn=Products,cn=OracleContext,dc=hussain,dc=net, you have to add the cn=ebsusers,dc=hussain,dc=net (Custome Attribute Entry) in that attribute.
(Use Case from Firoz Screen)
- After this change, he was able to propagate users from OID to EBS fnd_user.
Steps to Perform after adding the Custom attribute under orclCommonUserSearchBas:
(Note: This is an Example just to show you how Firoz did his Final Test to propagate users from OID to EBS fnd_user from his Custom Attribute.)
- created a user called ADTEST30 in MSAD, in turn, it will populate to OID in cn=ebsusers,dc=hussain,dc=net and in turn, it will propagate to EBS fnd_user
Did You Find this Blog useful?
What more, Blog on technical issues you want to see ???
Leave a Comment.
Watch out our FREE Facebook Live session with Oracle ACE & Author Atul Kumar, On Oracle EBS (R12) Integration with Microsoft Active Directory (MS-AD), OAM/OID/OVD for Single Sign-On : Customer Case Study & Lessons Learned. Click Here
- Integration of E-Business suite with Oracle Single Sign-on click here
- Overview of Single Sign-On Integration Options for Oracle E-Business Suite Click Here
- Oracle Single Sign-on for Apps DBA Click Here
- EBS-OAM Integration: OAMSSA-20142: Authentication Failure for OID user Click Here
- [Video] Oracle EBS R12 – OAM/OID/OUD Integration: Request Flow & Troubleshoot Login Errors Click Here
- [Video] EBS (R12)-OAM/OID/OUD Integration for SSO: Architecture & Components Click Here
- Oracle EBS R12.2-OAM Integration: Internal Error: Webgate allowed access to protected page GUID=null Click Here
(If you are not yet the member of our Facebook K21Academy Page Click Here to get subscribed)
If you have not yet downloaded FREE eBook – 7 Docs every Oracle Apps DBA must read for EBS R12 integration with OAM/OID for SSO get a copy in your Email