ODIP / OUD - ManageSyncProfiles Error: "InvalidDomainConstructRule"
(Doc ID 1562580.1)
Last updated on NOVEMBER 28, 2022
Applies to:
Oracle Unified Directory - Version 11.1.2.1.0 and laterInformation in this document applies to any platform.
Goal
1. Problem Origin: After running syncProfileBootstrap on a large number of AD entries into OUD
This is error is output when a large number of AD entries have been uploaded into OUD after running the command syncProfileBootstrap on a given profile.
As DIP admin server currently is launching an unindexed search request, any AD-OUD data with more than 4K entries uploaded will create this problem.
2. Triggering the problem using EM, or manageSyncProfile
The problem can be generated immediately either via EM (or using the command manageSyncProfiles) when trying to enable (or manipulate) the synchronization profile corresponding to the data just uploaded with syncProfileBootstrap.
The following error messages are output -
Domain rule "0" has error: Invalid domain construct rule: 'ou=people_ad_10000,dc=<SUFFIX_DN><suffix_dn>' not found
Domain rule "1" has error: Invalid domain construct rule: 'ou=people_ad_10000,dc=<SUFFIX_DN><suffix_dn>' not found
Domain rule "2" has error: Invalid domain construct rule: 'ou=people_ad_10000,dc=<SUFFIX_DN><suffix_dn>' not found
....
3. Diagnosing the problem
The problem is also characterized by the following warning/error messages:
wls_ods1-diagnostic.log
orclodipvalidationerrors: MAP_ERRORS:orclodipattributemappingrules:DOMAIN_RULE:0:Invalid domain construct rule: ''ou=people_ad_10000,dc=<SUFFIX_DN><suffix_dn>'' not found
orclodipagentcontrol: DISABLE
OUD access log
[15/Jun/2013:16:37:50 +0000] SEARCH RES conn=8799 op=6 msgID=7 result=50 message="You do not have sufficient privileges to perform an unindexed search" nentries=0 etime=3
The complete OUD access log with the failing transaction -
[15/Jun/2013:16:37:49 +0000] BIND REQ conn=8799 op=0 msgID=1 type=SIMPLE dn="cn=odisrv,cn=Registered Instances,cn=Directory Integration Platform,dc=<SUFFIX_DN><suffix_dn>"
[15/Jun/2013:16:37:49 +0000] BIND RES conn=8799 op=0 msgID=1 result=0 authDN="cn=odisrv,cn=Registered Instances,cn=Directory Integration Platform,dc=<SUFFIX_DN><suffix_dn>" etime=0
[15/Jun/2013:16:37:49 +0000] SEARCH REQ conn=8799 op=1 msgID=2 base="orclodipagentname=AD2OUD_10K,cn=subscriber profile,cn=changelog subscriber,cn=directory integration platform,dc=<SUFFIX_DN><suffix_dn>" scope=base filter="(objectClass=*)" attrs="orclodipAttributeMappingRules"
[15/Jun/2013:16:37:49 +0000] SEARCH RES conn=8799 op=1 msgID=2 result=0 nentries=1 etime=1
[15/Jun/2013:16:37:49 +0000] SEARCH REQ conn=8799 op=2 msgID=3 base="" scope=base filter="(objectclass=*)" attrs="subschemasubentry"
[15/Jun/2013:16:37:49 +0000] SEARCH RES conn=8799 op=2 msgID=3 result=0 nentries=1 etime=1
[15/Jun/2013:16:37:49 +0000] SEARCH REQ conn=8799 op=3 msgID=4 base="cn=schema" scope=base filter="(objectClass=subschema)" attrs="objectClasses,attributeTypes,matchingRules,ldapSyntaxes,objectClass,javaSerializedData,javaClassName,javaFactory,javaCodeBase,javaReferenceAddress,javaClassNames,javaRemoteLocation"
[15/Jun/2013:16:37:50 +0000] SEARCH RES conn=8799 op=3 msgID=4 result=0 nentries=1 etime=26
[15/Jun/2013:16:37:50 +0000] ABANDON REQ conn=8799 op=4 msgID=5 idToAbandon=4
[15/Jun/2013:16:37:50 +0000] ABANDON RES conn=8799 op=4 msgID=5 result=119 etime=0
[15/Jun/2013:16:37:50 +0000] SEARCH REQ conn=8799 op=5 msgID=6 base="ou=people_ad_10000,dc=<SUFFIX_DN><suffix_dn>" scope=base filter="(objectclass=*)" attrs="1.1"
[15/Jun/2013:16:37:50 +0000] SEARCH RES conn=8799 op=5 msgID=6 result=0 nentries=1 etime=0
[15/Jun/2013:16:37:50 +0000] SEARCH REQ conn=8799 op=6 msgID=7 base="ou=people_ad_10000,dc=<SUFFIX_DN><suffix_dn>" scope=one filter="(objectClass=*)" attrs="ALL"
[15/Jun/2013:16:37:50 +0000] SEARCH RES conn=8799 op=6 msgID=7 result=50 message="You do not have sufficient privileges to perform an unindexed search" nentries=0 etime=3
[15/Jun/2013:16:37:50 +0000] MODIFY REQ conn=8799 op=7 msgID=8 dn="orclodipagentname=AD2OUD_10K,cn=subscriber profile,cn=changelog subscriber,cn=directory integration platform,dc=<SUFFIX_DN>"
[15/Jun/2013:16:37:50 +0000] MODIFY RES conn=8799 op=7 msgID=8 result=0 etime=1
[15/Jun/2013:16:37:50 +0000] MODIFY REQ conn=4065 op=1356 msgID=1357 dn="orclodipagentname=AD2OUD_10K,cn=subscriber profile,cn=changelog subscriber,cn=directory integration platform,dc=<SUFFIX_DN><suffix_dn>"
[15/Jun/2013:16:37:50 +0000] MODIFY RES conn=4065 op=1356 msgID=1357 result=0 etime=1
[15/Jun/2013:16:37:50 +0000] SEARCH REQ conn=4065 op=1357 msgID=1358 base="orclodipagentname=AD2OUD_10K,cn=subscriber profile,cn=changelog subscriber,cn=directory integration platform,dc=<SUFFIX_DN>" scope=base filter="(objectClass=*)" attrs="orclodipSynchronizationMode,orclVersion,orclodipAgentControl,orclodipInterfaceType,orclODIPCondirType"
This issue corresponds to Bug 16907941 - INVALID DOMAIN CONSTRUCT RULE WHEN CREATING DIP PROFILE - OUD - DIP - AD
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |