AD to OID 11g DIP Sync Does not Update Groups When Referential Integrity (RI) is Enabled in OID. DIP Log Error: [LDAP: error code 53 - Referential integrity constraint violated for uniquemember. Specified value does not exist in directory.]
Last updated on MARCH 08, 2017
Applies to:
Oracle Internet Directory - Version 11.1.1 and laterInformation in this document applies to any platform.
Symptoms
Oracle Internet Directory (OID) 11g with Directory Integration Platform (DIP) Synchronization from Microsoft (MS) Active Directory (AD) to OID.
Referential Integrity (RI) is turned on in OID.
AD user created and added to groups, or moved from one OU to another in AD, sync to OID ok, but most of the groups in which the user belongs do not get updated in OID. Some groups are only partially adjusted and the rest are not.
DIP log shows:
[2015-02-27T12:44:31.555-06:00] [wls_ods1] [ERROR] [DIP-10005] [oracle.dip.ActiveChgImpGroups] [tid: oracle.ldap.odip.web.DIPSyncWriterThread] [userId: ] [ecid: 0000KjC8nTPBp2YzLoZR8A1KwAnJ000002,1:28608] [APP: DIP#11.1.1.2.0] Error in applying map rule.[[
ODIException: Error Modifying Entry in Directory
at oracle.ldap.odip.gsi.LDAPWriter.checkNReplace(LDAPWriter.java:1180)
at oracle.ldap.odip.gsi.LDAPWriter.checkNReplace(LDAPWriter.java:981)
at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:940)
at oracle.ldap.odip.gsi.LDAPWriter.performWriteChanges(LDAPWriter.java:438)
at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:268)
at oracle.ldap.odip.web.DIPSyncWriterThread.run(DIPSyncWriterThread.java:71)
Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Referential integrity constraint violated for uniquemember. Specified value does not exist in directory.]; remaining name 'cn=mygroup,ou=myou,ou=all groups,cn=groups,dc=mycompany,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1458)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:153)
at oracle.ldap.odip.gsi.LDAPWriter.checkNReplace(LDAPWriter.java:1127)
ODIException: Error Modifying Entry in Directory
at oracle.ldap.odip.gsi.LDAPWriter.checkNReplace(LDAPWriter.java:1180)
at oracle.ldap.odip.gsi.LDAPWriter.checkNReplace(LDAPWriter.java:981)
at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:940)
at oracle.ldap.odip.gsi.LDAPWriter.performWriteChanges(LDAPWriter.java:438)
at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:268)
at oracle.ldap.odip.web.DIPSyncWriterThread.run(DIPSyncWriterThread.java:71)
Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Referential integrity constraint violated for uniquemember. Specified value does not exist in directory.]; remaining name 'cn=mygroup,ou=myou,ou=all groups,cn=groups,dc=mycompany,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1458)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:153)
at oracle.ldap.odip.gsi.LDAPWriter.checkNReplace(LDAPWriter.java:1127)
Cause
Sign In with your My Oracle Support account |
|
Don't have a My Oracle Support account? Click to get started |
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms