After Renaming An AD OU, OID DIP Sync'd Users Are Unable To Authenticate Via External Authentication Plugin Due to orclsourceobjectdn Not Updated With The New OU Value
(Doc ID 1507121.1)
Last updated on MARCH 21, 2024
Applies to:
Oracle Internet Directory - Version 10.1.4.3 and laterInformation in this document applies to any platform.
Symptoms
Oracle Internet Directory (OID) 10g 10.1.4.3 and higher.
After renaming an OU in Microsoft Active Directory (AD) that had been synchronized to OID, although the OU and all the user's DNs under it were changed correctly in OID, the users' orclsourceobjectdn were not updated to reflect the new OU, which in turn causes the External Authentication Plugin to fail to authenticate the users due to the incorrect/old orclsourceobjectdn value.
Steps to reproduce:
1. Example users originally synchronized to OID have:
orclsourceobjectdn: cn=<USER1>,ou=<OU>,dc=<COMPANY>,dc=com
DN: cn=<USER2>,ou=Users,ou=<OU>,cn=Users,dc=<COMPANY>,dc=com
orclsourceobjectdn: cn=<USER2,ou=Users,ou=<OU>dc=<COMPANY>,dc=com
2. Rename the OUs where those users reside in AD, and allow it to get sync'd to OID.
3. Check the OID entries and notice that their orclsourceobjectdn values are not updated:
orclsourceobjectdn: cn=<USER>,ou=<OU>,dc=<COMPANY>,dc=com
DN: cn=<USER2>,ou=Users,ou=<NEWOU>,cn=Users,dc=<COMPANY,dc=com
orclsourceobjectdn: cn=<USER2>,ou=Users,ou=<OU>,dc=<COMPANY,dc=com
Changes
OU renamed in AD.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |