My Oracle Support Banner

After Renaming An AD OU, OID DIP Sync'd Users Are Unable To Authenticate Via External Authentication Plugin Due to orclsourceobjectdn Not Updated With The New OU Value (Doc ID 1507121.1)

Last updated on MARCH 21, 2024

Applies to:

Oracle Internet Directory - Version and later
Information in this document applies to any platform.


Oracle Internet Directory (OID) 10g and higher.

After renaming an OU in Microsoft Active Directory (AD) that had been synchronized to OID, although the OU and all the user's DNs under it were changed correctly in OID, the users' orclsourceobjectdn were not updated to reflect the new OU, which in turn causes the External Authentication Plugin to fail to authenticate the users due to the incorrect/old orclsourceobjectdn value.

Steps to reproduce:

1. Example users originally synchronized to OID have:

DN: cn=<USER1>,ou=<OU>,cn=Users,dc=<COMPANY>,dc=com
orclsourceobjectdn: cn=<USER1>,ou=<OU>,dc=<COMPANY>,dc=com

DN: cn=<USER2>,ou=Users,ou=<OU>,cn=Users,dc=<COMPANY>,dc=com
orclsourceobjectdn: cn=<USER2,ou=Users,ou=<OU>dc=<COMPANY>,dc=com

2. Rename the OUs where those users reside in AD, and allow it to get sync'd to OID.

3. Check the OID entries and notice that their orclsourceobjectdn values are not updated:

DN: cn=<USER>,ou=<NEWOU>,cn=Users,dc=<COMPANY>,dc=com
orclsourceobjectdn: cn=<USER>,ou=<OU>,dc=<COMPANY>,dc=com

DN: cn=<USER2>,ou=Users,ou=<NEWOU>,cn=Users,dc=<COMPANY,dc=com
orclsourceobjectdn: cn=<USER2>,ou=Users,ou=<OU>,dc=<COMPANY,dc=com



OU renamed in AD.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.