DIP Synchronization Fails with [Ldap: Error Code 68 - Entry Already Exists] When User is Moved in Active Directory (AD)
(Doc ID 1266944.1)
Last updated on AUGUST 30, 2023
Applies to:
Oracle Internet Directory - Version 10.1.4 to 11.1.1 [Release 10gR3 to 11g]Oracle Unified Directory - Version 11.1.1.5.0 and later
Information in this document applies to any platform.
Symptoms
Directory Integration and Provisioning (DIP) has been configured to synchronize entries from Active Directory (AD) to the Oracle backend directory.
DIP synchronization is failing with error [LDAP: error code 68 - Entry Already Exists] when a user is moved from one Organizational Unit (OU) in AD to another.
The DIP synchronization profile debug trace log shows entries similar to the following:
Possibly, multiple entries with the same orclobjectguid attribute value may be found to exist in Oracle backend directory.
Workaround
Verify which of the duplicate entries should exist by checking which AD OU the user is currently located in, then deletes the other entry in Oracle backend directory using DAS (/oiddas) or other LDAP administration interface.
DIP Synchronization will then be able to continue until the next duplicate is encountered during MODDN operation.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |