IdM Rockstar
Adam Callen
Search Archives
"One of the top Identity Management Strategists in the market today!"
Welcome to my Identity Management blog with focus on proven implementation stratigies, best practices, product selection, and where I open my expertse to You!
Fortune 100, Higher Education, Government... I've done it all. I'm 7 feet tall, live in NYC, tattooed, and love a challenge! Here's what I've learned...
1
A lot of people out there work with, are friends with, or are even in a relationship with someone that is a traveling consultant. What’s that? It’s someone that has to fly out every week for work. For most people (the one’s that don’t do this), they think it’s easy and / or a glamourous job. It’s not. This video was made to show my wife what it is that I really do from the minute she drops me off at the airport.
I hope this helps a lot of others out there really get the point across of what it is that we do to earn our paychecks.
If you are also a traveling consultant, I’d love to hear feedback from you!
Cheers!
.: Adam
I just read this on a forum (link below) and it’s genius! Let’s say you need to copy all the .log files (and only the .log files) from within a bunch of directories to a /log directory. This is actually a pain in the ass. Check this out:
cp $(find . -name “*.log”) /log/
GENIUS!
Ref link: http://www.linuxquestions.org/questions/linux-general-1/useful-shortcut-pipe-results-of-search-to-cp-295092/
So you want to replicate your production data into your test environment. You understand all the reasons you shouldn’t do this, but your client wants it done anyway. Soooo, here’s a generic outline of the steps you’ll need to do. After this is done, don’t forget that you need to “refresh” all your resources (AD, OID, etc), so that all the accounts match up.
Refreshing OIM from existing environment
MUST DO THIS BEFORE YOU ERASE CURRENT ENVIRONMENT
- Stop all WebLogic Application Servers, Nodes, and Manager
- Copy the soon-to-be-refreshed environment details to an Excel sheet
- Copy all IT Resource information and details
- Copy current XELSYSADM email address
- Copy the details of the scheduled tasks that have environment specific data – Copy the details of environment specific lookup definitions
Refresh Steps
- Log into each node on environment to be refreshed and sudo into root and run the following – cd /opt/oracle/oim91/xellerate/config
- cp .xldatabasekey .xldatabasekey-STAGE
- cp /software/oracle/OIM/productionDBKey/.xldatabasekey .
- Answer ‘y’ to overwrite the old file
- Have someone rest the XELSYSADM password in OID to what the current environments password should be (OID is the repo for OAM in this instance)
- Have the DBA team change the oimuser (OIM data owner) password to what it should be for this environment
- Make sure the oimuser account is unlocked
- If any WebLogic services are up, they need to be stopped and restarted. You will have to kill them at the process level (kill -9)
- Start WebLogic
- open dev design console
- login as xelsysadm with production password – Wipe out all addresses for every IT resource
- If an application server doesn’t start, you will have to do it manually (example):
- Either have someone else change the password in OID for XELSYSADM to the production password or change it yourself if possible
- Open the OIM Web Console
- Login as XELSYSADM with the production password
- (If you login through OAM, but not into OIM, you need to disable SSO for OIM) – Click on My Account on the top left and then click Change Password
- Change the password to what the current environments password should be
Note: if the password you’re changing to doesn’t fit the password policy, you’ll have to delete the policy in the Design Console ( Resource Management > Resource Objects > Name = Xellerate User) Make sure to re-add it when done. Blue columns need to be double-clicked and selected. Not typed in. (Default | base password policy | 1)
- On the left, click Account Profile under My Account
- Modify the email address to match what it should be in the new environment
- Open the OIM Design Console and modify the IT Resources – Click on Resource Management on the left
- Click on Manage IT Resource – Click Search
- Click on OID Server
- Click the Edit button
- Fill in the correct information for this environment (See corresponding Excel document IT Resources) – Click Save
- Click on Users > Manage
- Select User ID from the first dropdown and XELSYSADM for the value
- Click on Search User button
- From the drop-down, select Resource Profile
- For OID User, click on Edit
- Change the password to the new password and click Save
- Log out of the Web console and re-login with the new password to verify that it’s working
- Open the OIM Design Console – Expand Resource Management – Open IT Resources
- Click the New icon
- Name: Test Mail Server
- Double-Click the Type field and select Mail Server
- Click the Save icon
- Double-click new test mail server to configure it
- Fill in the correct information for this environment (See corresponding Excel document IT Resources) – Click the Save icon
- Expand Administration
- Double-click System Configuration
- Click the Search icon
- Select the System Configuration Table tab at the bottom
- Double-click the number next to Email Server to configure it
- Change the value to ‘Test Mail Server’ (no quotes)
- Click the Save icon
- Open Task Scheduler on the left
- Click the Search button and then select the Task Scheduler Table tab at the bottom
- Edit all scheduled tasks that have environment specific variables from saved data
- Update the attributes for the new environment (server names) – Click Save
- Using the IT Resource information stored in the Excel doc before everything was wiped out, update the IT Resources
- Open a SQL DB Editor and login to the Database
- Run this SQL command:
- update USR SET USR_EMAIL=‘test@domain.com’; – Commit changes and then quit
- commit;
- Verify that the /etc/hosts file on each server has all the necessary host names and IP translations for this environment
- Truncate the AUD_JMS table (sql command: truncate table AUD_JMS). Restart all application servers.
- Who's got a G+ account? I wanna add ya. #
I know I can’t be the only one out there, so I gotta know, who the hell actually says “yeah, that sounds like a good deal!”?
Here’s a job description I just received:
Hello
Hope you’re doing wellTitle : ITIM resource
Location-US – New York
Duration -12 months
Rate-$40p/HrTechnical Skills:
Excellent knowledge on Tivoli –TIM/TAM
Should have knowledge on SiteMinder integration with WebServer, OID, Application Server
Good knowledge on Websphere Application and Portal Server
Should have WAS Administration Knowledge
Should have Portal administration experience.
Anyone worth their salt in this industry isn’t going to accept that. So what’s this really mean? It means that the client put out a bid for lets say $130/hr for this position because they’re smart and know they need someone half-way decent. Next comes these guys…my little Indian staffed headhunter agencies that have no problems pitching someone completely useless with the requested technology. And they get paid for this? This is bullshit! No middleman should get a chunk of the hourly just for finding a resource to do a gig. A finders fee, I understand, but this is ridiculous!
You think these guys even tech out the resources they pitch back to the client? Hell no. The only question they need answered is how much you’ll do the job for, other than that, they don’t give a rats ass. You know what I hear when I respond with, “I don’t even have experience with XXX” ? They tell me it’s ok and they’ll submit it anyway. OR(!) a couple of them even told me, “Why don’t you just add it on there, and then we’ll submit it.” !!!
Companies : ^^^^ These are the people you’re getting to staff a position you probably know little about!
It all seems normal, because it’s been going on for so long, that no one really questions it, but take a look at it from the consultants point of view. The company is paying an hourly fee for a service which is rendered by the consultant. The headhunter then takes their vig off the top before the consultant see’s a dime! It’s almost like the consultants are the one’s paying to have the gig.
Ok, I’ll subside on my rant… it’s just frustrating to get phone calls and emails every day with garbage like this. Because in the end the consultant is getting ripped off, and the client is getting a shoddy resource. Everyone looses except the scam artist in the middle.
My message to companies hiring consultants: Using headhunter agencies is fine, but make sure you’re getting a legit resource and they’re not a Visa mule, or getting suckered.
My message to the headhunters: FAIR SHARE! I get it, you definitely deserve a piece of the pie, and I have no problem giving it to you, but if you call me with a thick Indian accent and ask me to work for $40/hr, I will laugh at you and hang up.
My message to the consultants: Stick up for what you’re worth! Just because a bunch of dolts are saying yes to lower wages so that they can learn on the job and set the client back more time than they can afford, doesn’t mean you need to cave in.
You get what you pay for. So know what you’re paying for.
.: Adam
I am a dropbox user, and I love their service. That was until this security breach was found!
Here’s my interaction with Dropbox support on this one…
—————————————
| As I’m sure you’re well aware, the config.db issue is pretty big. Big enough to where I feel my data is extremely unprotected. I’m familiar with the computer security world, so I know full well the ramifications of this issue.
What I need to know is if you have any planned fix for this and how long until a patch is released. Until the software is updated, I’m afraid I have to stop using it, and if there is no response (or a “we’re working on it”), I’ll need to cancel my account and be requesting a refund. I really don’t like sugarsync, but I don’t really have a choice at the moment. Thank you, .: Adam
———————–
|
So… after a bunch of 11g attempts, turns out that OIM (Identity and Access Management) 11.1.1.4 isn’t compatible with anything in the 11.1.1.3 stack (including WebSphere 10.3.4).
Soooo… *Everything* must be at the 11.1.1.3 level! Why not release the 11.1.1.4 patches all at the same time? To easy. Why not make everything backwards compatible? It would probably put me out of a job.
Thanks Oracle!
.: Adam
One of the most pain in the ass things about Oracle software is their numbering / naming nomenclature. If OIM 9 is out now, you would expect the next version to be 10 right? Nope, it’s 11g! Because, actually, 10g is v9. Get it? Yeah… no one does. Dumbest idea ever.
Another problem is when you need to match your Design Console version to the OIM Install version after bundle patches have been installed. What, you expected it to say v9.1.0.2 BP03? Ha! Try: 9.1.0.1.1866.10. Totally understandable…
A buddy of mine just stumbled upon this little gold mine:
http://tanweerahmad.blogspot.com/2010/04/oim-builds.html
He’s listed out all the details to match up bundle patches with OIM versions, and a bunch of other juicy bits. Definitely worth a bookmark!
.: Adam
Another version question =)
You can see the generic version number in the Web console by clicking on the About link in the corner. You’ll see the build number and current version:
If you really want the nitty-gritty details of the installation though, you’ll need to turn to the OIM database. There is a table called XSD. In there are all the tasty bits:
And there ya have it!
.: Adam
I was working with a client and this error popped up at me when trying to export some configurations in OIM. Not really paying attention, I became very confused and aggravated. I clicked the Export link, the window opened, and then .. splat… nada. I see this:
Nexaweb Client failed to load. and a button telling me to click for more info… so what do I do? I click it:
This description didn’t help much either:
Your environment is supported. However the Nexaweb application failed to load. java.lang.SecurityException: sandboxed loaded attempted to load trusted resource from blah blah blah /xlWebApp/ClientClassServlet/xlWebApp/NexawebClient.jar
ok… what the hell? My connection works fine. When I copy the link and pop it into a browser, I get the JAR file no problem. So WTF?
Turns out, I hastily clicked “Yes” on this window dialog when it initially popped up:
Not reading it, I thought I was supposed to… wrong! Click “No” and the JAR file is loaded properly and the app launches…
Success!
Lesson learned? When in a hurry and simple shit stops working… slow down =)
Hope this helps all others that are as impatient as myself 
Later!
.: Adam
Back to top