After Renaming An AD OU, OID DIP Sync'd Users Are Unable To Authenticate Via External Authentication Plugin Due to orclsourceobjectdn Not Updated With The New OU Value

(Doc ID 1507121.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version and later
Information in this document applies to any platform.


Oracle Internet Directory (OID) 10g and higher.

After renaming an OU in AD that had been synchronized to OID, although the OU and all the user's DNs under it were changed correctly in OID, the users' orclsourceobjectdn were not updated to reflect the new OU, which in turn causes the External Authentication Plugin to fail to authenticate the users due to the incorrect/old orclsourceobjectdn value.

Steps to reproduce:

1. Example users originally synchronized to OID have:

DN: cn=MyUser,ou=MyOU,cn=Users,dc=mycompany,dc=com
orclsourceobjectdn: cn=MyUser,ou=MyOU,dc=mycompany,dc=com

DN: cn=MyUser2,ou=Users&Workstations,ou=MyOU,cn=Users,dc=mycompany,dc=com
orclsourceobjectdn: cn=MyUser2,ou=Users&Workstations,ou=MyOU,dc=mycompany,dc=com

2. Rename the OUs where those users reside in AD, and allow it to get sync'd to OID.

3. Check the OID entries and notice that their orclsourceobjectdn values are not updated:

DN: cn=MyUser,ou=MyNewOU,cn=Users,dc=mycompany,dc=com
orclsourceobjectdn: cn=MyIser,ou=MyOU,dc=mycompany,dc=com

DN: cn=MyUser2,ou=Users&Workstations,ou=MyNewOU,cn=Users,dc=mycompany,dc=com
orclsourceobjectdn: cn=MyUser2,ou=Users&Workstations,ou=MyOU,dc=mycompany,dc=com



Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms