After Renaming An AD OU, OID DIP Sync'd Users Are Unable To Authenticate Via External Authentication Plugin Due to orclsourceobjectdn Not Updated With The New OU Value (Doc ID 1507121.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 10.1.4.3 and later
Information in this document applies to any platform.

Symptoms

Oracle Internet Directory (OID) 10g 10.1.4.3 and higher.

After renaming an OU in AD that had been synchronized to OID, although the OU and all the user's DNs under it were changed correctly in OID, the users' orclsourceobjectdn were not updated to reflect the new OU, which in turn causes the External Authentication Plugin to fail to authenticate the users due to the incorrect/old orclsourceobjectdn value.

Steps to reproduce:

1. Example users originally synchronized to OID have:

DN: cn=MyUser,ou=MyOU,cn=Users,dc=mycompany,dc=com
orclsourceobjectdn: cn=MyUser,ou=MyOU,dc=mycompany,dc=com

DN: cn=MyUser2,ou=Users&Workstations,ou=MyOU,cn=Users,dc=mycompany,dc=com
orclsourceobjectdn: cn=MyUser2,ou=Users&Workstations,ou=MyOU,dc=mycompany,dc=com

2. Rename the OUs where those users reside in AD, and allow it to get sync'd to OID.

3. Check the OID entries and notice that their orclsourceobjectdn values are not updated:

DN: cn=MyUser,ou=MyNewOU,cn=Users,dc=mycompany,dc=com
orclsourceobjectdn: cn=MyIser,ou=MyOU,dc=mycompany,dc=com

DN: cn=MyUser2,ou=Users&Workstations,ou=MyNewOU,cn=Users,dc=mycompany,dc=com
orclsourceobjectdn: cn=MyUser2,ou=Users&Workstations,ou=MyOU,dc=mycompany,dc=com

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms