How To Selectively Synchronize Users Into OID Via A DIP Matching Filter (Doc ID 1342979.1)

Last updated on JULY 01, 2016

Applies to:

Oracle Internet Directory - Version: 11.1.1 to 11.2.0.3   [Release: 11g to 11g]
Information in this document applies to any platform.

Goal

In implementing the OID External Authentication Plugin (10.1.4.3 and later) to an Active Directory server that contains, say, 30K users, only about 1,000 of them need Oracle Access.  There are multiple OU containers and users requiring access may be in any of those containers. 

One solution might be to have the AD administrator place each of these users in a special group and then synchronize users based upon group membership using matching filter memberOF=groupname.  However, in most cases the AD administrator does not wish to setup yet another group to manage.

This document describes a method to place a value, in a normally unused attribute of the user entry, that in turn can be used to distinguish the user to be synchronized by DIP.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms