While creating users and assigning roles to the users created for Fusion Applications 11.1.8 in the LDAP, I encountered an error like:
[2014-06-17T02:24:27.918+05:30] [wls_oim1] [ERROR] [IAM-3010076] [oracle.iam.ldapsync.impl.eventhandlers.membership] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 004yzcv6nrrFO9WFLzjO8A0003AI00001O,0:2] [APP: oim#11.1.1.3.0] [DSID: 0000KQaL0VfFO9WFLzjO8A1JbogO00000R] [URI: /admin/faces/pages/Admin.jspx] Adding user membership failed because the role with LDAP DN cn=PER_EMPLOYEE_ABSTRACT,cn=FusionGroups,cn=Groups,dc=xxxx,dc=com doesnt exist in the directory
[2014-06-17T02:24:37.836+05:30] [wls_oim1] [ERROR] [IAM-3056030] [oracle.iam.identity.rolemgmt.utils] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 004yzcv6nrrFO9WFLzjO8A0003AI00001O,0:2] [APP: oim#11.1.1.3.0] [DSID: 0000KQaL0VfFO9WFLzjO8A1JbogO00000R] [URI: /admin/faces/pages/Admin.jspx] An exception occurred while performing the operation.[[
oracle.iam.platform.kernel.EventFailedException: IAM-3010076:Adding user membership failed because the role with LDAP DN cn=PER_EMPLOYEE_ABSTRACT,cn=FusionGroups,cn=Groups,dc=xxxxx,dc=com doesnt exist in the directory:cn=PER_EMPLOYEE_ABSTRACT,cn=FusionGroups,cn=Groups,dc=xxxxx,dc=com
at oracle.iam.ldapsync.impl.util.LDAPSyncUtil.createEventFailedException(LDAPSyncUtil.java:706)
at oracle.iam.ldapsync.impl.util.LDAPSyncUtil.createEventFailedException(LDAPSyncUtil.java:722)
at oracle.iam.ldapsync.impl.eventhandlers.membership.UserMembershipCreateLDAPHandler.grantRoleMembership(UserMembershipCreateLDAPHandler.java:228)
at oracle.iam.ldapsync.impl.eventhandlers.membership.UserMembershipCreateLDAPHandler.execute(UserMembershipCreateLDAPHandler.java:143)
at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:902)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:637)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:230)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:763)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:519)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:459)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:378)
at oracle.iam.identity.rolemgmt.impl.RoleManagerImpl.grantRoles(RoleManagerImpl.java:574)
at oracle.iam.identity.rolemgmt.impl.RoleManagerImpl.grantRoles(RoleManagerImpl.java:681)
at oracle.iam.identity.rolemgmt.api.RoleManagerEJB.grantRolesx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
What I did,
Login to the OIM --> Advanced Administration, and search for Scheduled Jobs from System Management,
LDAP Role Delete full Reconciliation, later ran LDAP Consolidated Full Reconciliation
Later assigned the IT_SECURITY_MANAGER role to xellerate Users,
Start adding the roles to the users.
It went without any errors.
Cheers!!!