OID 10g Import Sync From Novell eDirectory Fails On Entries Changed To Have "Secure Login" Type Objectclasses And Attributes Added In Edir. Sync Profile Trace File Error: Error LDAP_CREATECHG_EXCEPTION / Source ChangeRecord NULL

(Doc ID 1475542.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 10.1.4.0.1 to 10.1.4.3 [Release 10gR3]
Information in this document applies to any platform.

Symptoms

Oracle Internet Directory (OID) 10g 10.1.4, integrated with Novell eDirectory via Directory Integration Platform (DIP) import synchronization.

After the eDirectory Administrator changed a user entry to what achieve what may be called a 'secure login', which created many new attributes and objectclasses, this eDir entry will no longer sync to OID, and further, while processing the change, the entry is completed removed / deleted from OID altogether.

All other entries that do not have this special set of attributes/objectclasses continue to work fine.  Only the entries that are changed to have the many attributes/objectclasses for 'secure login' are affected.

Nothing meaninful is shown in the <eDirprofilename>.trc file; only the following is seen:

...<snip>...

  Naming attribute value: objectclass
  Total # of Mod Items : 2
  Modified Entry Successfully : cn=regularUser1,ou=min,cn=users,dc=mycompany,dc=com
  Only modifytimestamp of entry cn=regularUser1,ou=min,cn=users,dc=mycompany,dc=com is synchronized.
  [mAvailableChangeNum] last change key = 20110909153419Z
  Current modifytimestamp 20110909151834Z
  extractDNcn=SecureLoginUser,ou=min,o=myou
  Error LDAP_CREATECHG_EXCEPTION
  Source ChangeRecord NULL
  Current modifytimestamp 20110909152054Z
  extractDNcn=regularUser2,ou=min,o=myou
  ChangeRecord : ----------

...<snip>...

Please note that the entry in question is eDir entry "cn=SecureLoginUser,ou=min,o=myou."

The previous OID entry "cn=regularUser1,ou=min,cn=users,dc=mycompany,dc=com" sync's successfully, and so does the entry afterwards which is edir entry "cn=regularUser2,ou=min,o=myou."

A command line ldapsearch directly to eDir for the problem user works and retrieves the entry without problems.  Also verified the eDir modifytimestamp value is set  to greater than the last applied change number LACN in the profile after making a change.

Changes

 The eDir entry was modified to have many objectclasses and attributes added for "secure login."

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms