DIP 11.1.1.9 AD to OID Synchronization Using DirSync Approach Does Not Work if Any Search Filter is Included in the Profile. DIP Log Shows: error in execution of Agent thread: DirSync | ODIException: Failure During Search (Doc ID 2125532.1)

Last updated on JUNE 30, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Internet Directory (OID) 11g 11.1.1.9 with Directory Integration Platform (DIP) Microsoft (MS) Active Directory (AD) to OID import synchronization profile using the DirSync approach (instead of the more common USNChanged method) stops working as soon as a search filter is included in the profile, even if the filter is valid such as searchfilter==(objectclass=person) for example.

It starts working once the search filter is removed through Enterprise Manager (EM) Fusion Middleware (FMW) Control console.

The following stack is observed in the wls_ods1 diagnostic.log after introducing the searchfilter:

[2016-03-03T07:17:24.646+00:00] [wls_ods1] [ERROR] [DIP-10007] [oracle.dip.DirSync] [tid: DirSync] [userId: <anonymous>] [ecid:0000LCvCPuvCsl2_vpo2yX1MpxhB000003,0] [APP: DIP#11.1.1.2.0] error in execution of Agent thread: DirSync[[
ODIException: Failure During Search
at oracle.ldap.odip.gsi.ActiveReader.searchChanges(ActiveReader.java:278)
at oracle.ldap.odip.web.DIPSyncBean.mapExecute(DIPSyncBean.java:617)
at oracle.ldap.odip.web.DIPSyncBean.execMapping(DIPSyncBean.java:459)
at oracle.ldap.odip.web.DIPSyncBean.doOneIteration(DIPSyncBean.java:348)
at oracle.ldap.odip.web.DIPSync_2r3ocw_EOImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.ldap.odip.web.DIPSync_2r3ocw_EOImpl.doOneIteration(Unknown source)
at oracle.ldap.odip.web.SyncQuartzJobImpl.execute(SyncQuartzJobImpl.java:178)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'DC=vm,DC=oracle,DC=com'
at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:446)
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146)
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at oracle.ldap.odip.gsi.ActiveReader.searchChanges(ActiveReader.java:272)
... 9 more

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms