oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : doUpdate : Error while updating user[[ org.identityconnectors.framework.common.exceptions.UnknownUidException: Object with Uid 'Attribute: {Name=__UID__, Value=[2D8273319FE5CAE2E050EA9D62281277]}' and ObjectClass 'ObjectClass: __ACCOUNT__' does not exist!

Issue: 

Update, enable and disable operation on OID target fails for some users with below exception:

[2016-03-17T03:57:29.068-07:00] [oim_server1] [ERROR] [] [ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER] [tid: [ACTIVE].ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 77bddbf65a4931ae:64858e41:1537b129d1d:-8000-000000000002311f,0] [APP: oim#11.1.2.0.0] [DSID: 0000LE46_tz7u1^Y1T2FVV1Mu3Ne000034] oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : doUpdate : Error while updating user[[

org.identityconnectors.framework.common.exceptions.UnknownUidException: Object with Uid 'Attribute: {Name=__UID__, Value=[2D8273319FE5CAE2E050EA9D62281277]}' and ObjectClass 'ObjectClass: __ACCOUNT__' does not exist!

        at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$8.createException(CommonObjectHandlers.java:218)

        at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$8.createException(CommonObjectHandlers.java:215)

        at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$ThrowableHandler.deserialize(CommonObjectHandlers.java:115)

        at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)

        at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313)

        at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObjectField(BinaryObjectDecoder.java:417)

        at org.identityconnectors.framework.impl.serializer.MessageHandlers$5.deserialize(MessageHandlers.java:155)

        at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)

        at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313)

        at org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.readObject(RemoteFrameworkConnection.java:153)

        at org.identityconnectors.framework.impl.api.remote.RemoteOperationInvocationHandler.invoke(RemoteOperationInvocationHandler.java:101)

        at com.sun.proxy.$Proxy636.update(Unknown Source)

Debugging:

Check oim_server1-digaonistic.log, under oim_server1/logs to find the cause of update/disable/enable operation failure.

Cause:

If you added new objectclass along with attribute in OID and added that attribute in Provisioning lookup.

Solution:

As such there is no solution to make newly created objectclass applicable for all the existing OID users.

Please make sure all the custom objectclasses are created in OID before provisioning the users on target.

Note: If you created any custom Objectclass and using the same while provisioning, updating, disabling and enabling the user, please make sure that entry of the same added in Configuration Lookup against ObjectClass Code.

Connector pick terminate or disable value in status column at the time of create user and enable user in Database Application Table or DBAT connector.

Background:

In an enterprise setup, many applications in the organization may use relational database tables as a repository for user data. Oracle has provided OOTB connector to perform CRUD operations on the DB tables called Database Application Table or DBAT Connector.

Problem : 

Connector pick terminate or disable value in status column at the time of create user and enable user operation in DBAT connector.

Example: If you provided E as enable value, D as disable value and STATUS as status column for target in the IT Resource configuration, now while creating or enabling user connector should pick E for column STATUS but connector picking disable value D instead.

Solution:

Remove the status column mapping from provisioning lookup if any, as IT Resource already has enabled, disabled and status column values. 

If provided status mapping like User Status | __Enable__  in Provisioning lookup, then it will cause ambiguity to connector as get status column values from IT resource as well as Process form and due to which connector pick Disabled value for status column.