My Oracle Support Banner

How To Selectively Synchronize Users Into OID Via A DIP Matching Filter (Doc ID 1342979.1)

Last updated on SEPTEMBER 05, 2019

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.


In implementing the OID External Authentication Plugin ( and later) to an Active Directory server that contains, say, 30K users, only about 1,000 of them need Oracle Access.  There are multiple OU containers and users requiring access may be in any of those containers. 

One solution might be to have the AD administrator place each of these users in a special group and then synchronize users based upon group membership using matching filter memberOF=groupname.  However, in most cases the AD administrator does not wish to setup yet another group to manage.

This document describes a method to place a value, in a normally unused attribute of the user entry, that in turn can be used to distinguish the user to be synchronized by DIP.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.