When a user is created in OID the user provisioning in Content Services happens in two phases:
1) The ODISRV process pushes a new OID USER_ADD event into the content services schema. ODISRV / the directory integration agent will check OID for new actions every 5 minutes and push a USER_ADD event into a content services schema table called ODMZ_OIDCREDENTIALMANAGEREVNT.
2) The OidCredentialManagerAgent reads the event from the table and provisions the user: The OidCredentialManagerAgent is configured to run every 15 minutes (by default). When it runs it will read all events from the DMZ_OIDCREDENTIALMANAGEREVNT table and provision the user.
There are two intervals which may cause the final user provisioning to take up to 20 minutes.
(5 minutes for the ODISRV process + 15 minutes activationtime for the oidcredentialmanageragent).To speed up the user provisioning time, follow the steps mentioned below.
Step 1: Change the 5 minute interval to 1 minute for the odisrv agent:
1) Start oidadmin (Oracle Directory Manager) and logon to the OID infrastructure as orcladmin
2) Navigate to Entry Management-> cn=OracleContext -> cn=Products -> cn=Directory Integration Platform -> cn=Provisioning -> cn=Profiles -> orclODIPProfileName= XXXXXX
3) Change the value if 'orclodipprofileschedule' from 300 to 60 (seconds)
4) Press 'Apply' to save the change
5) Restart the IAS infrastructure to activate the change
Step 2: Change the OidCredentialManagerAgent interval:
Login to Application Server Enterprise Manager console, navigate to “CONTENT” -> Server Configurations -> OidCredentialManagerAgentConfiguration
1) Set the IFS.SERVER.TIMER.ActivationPeriod from default 15m to 1m
2) Restart the Content Services domain to activate the change
This should allow new users to provision within 5 minutes after they are created in OID.
No comments:
Post a Comment