DIP Sync 10g/11g With SunOne iPlanet or OID Source Directories Connected Directory SearchFilter Not Working / Being Ignored
(Doc ID 1307676.1)
Last updated on AUGUST 17, 2021
Applies to:
Oracle Internet Directory - Version 10.1.4.2 and laterInformation in this document applies to any platform.
Symptoms
Oracle Internet Directory (OID) Directory Integration Platform (DIP) 10g (also reproducible in OID 11g).
Scenario:
Two OID and a SunOne iPlanet ldap servers. Currently synchronizing both OID’s directly from the same iPlanet as source directory.
Now configured sync in between the two OIDs in order to propagate any changes made directly to each OID (not just by cn=orcladmin by could be from different accounts/DNs). However, need to avoid iPlanet changes from getting sync'd via this new OID to OID profile, i.e., need to avoid looping or having the same changes from iPlanet and from OID from being applied more than once.
Following documentation:
Oracle Identity Management Integration Guide 10g (10.1.4.0.1) Part Number B15995-01
Chapter 6 Configuration of Directory Synchronization Profiles
Topic Configuring Matching Filters
Tried setting a compound Connected Directory Matching Filter as follows:
However this filter does not work and seems ignored. Any similar filter with OR operator does not work either. Only a single expression with != (not equal) operator seems to work.
A profile trace file with debug level 63 shows the filter is not included in the CHGLOGFILTER evaluation and its first portion (cut off) is shown under Required Attribute list, for example:
Writer Initialised!!
Writer proxy connection initialised!!
MapEngine Initialised!!
Filter Initialised!!
searchF :
CHGLOGFILTER : (&(objectclass=changelogentry)(changenumber>=3268939)(changenumber<=3268940))
Search Time 9
Search Successful till # 3268940
Search Changes Done
Changenumber 3268939
Changenumber 3268940
start time Mon Mar 14 16:14:45 CDT 2011
Required Attribute list [orclsourceobjectdn, krbprincipalname, cn, uid, objectclass, (|(modifiersname]
Source ChangeRecord : ChangeRecord : ----------
Changetype: MODIFY
ChangeKey: uid=user1,cn=users,dc=mycompany,dc=com
Attributes:
Class: null Name: orclsourceobjectdn Type: nonbinary ChgType: NOCHANGE Value: [uid=user1,ou=people,dc=mycompany,dc=com]
Class: null Name: krbprincipalname Type: nonbinary ChgType: NOCHANGE Value: [uid=user1,ou=people,dc=mycompany,dc=com]
Class: null Name: cn Type: nonbinary ChgType: NOCHANGE Value: [ME14]
Class: null Name: uid Type: nonbinary ChgType: NOCHANGE Value: [user1]
Class: null Name: objectclass Type: nonbinary ChgType: NOCHANGE Value: [inetorgperson, person, orclsunoneobject, top, organizationalPerson, orcluserv2]
Class: null Name: displayname Type: null ChgType: REPLACE Value: [AR]
-----------
End time : Mon Mar 14 16:14:45 CDT 2011
Setting Change Success Count : 10487
Setting Change Failure Count : 0
Replacing Attribute orclodipLastSuccessfulExecutionTime in the Profile with value : 20110314161445
Removed Existing attribute
RePopulated Attribute..
Updated Attributes
orclodipLastExecutionTime: 20110314161445
orclodipConDirLastAppliedChgNum: 3268940
orclOdipSynchronizationStatus: Synchronization Successful
orclodipLastSuccessfulExecutionTime: 20110314161445
Ending Mapping execution.
...<end>...
Adding the searchfilter= keyword in front of the filter does not work either.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |