My Oracle Support Banner

DIP Hanging On Complex Matching Filter Creating Synchronization Profile - DIP-10176 DIP-10007 TYPE-10640 [LDAP: error code 2 - Bad Search Filter] (Doc ID 2140374.1)

Last updated on MAY 28, 2020

Applies to:

Oracle Internet Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.1.9.X and OID 12c versions, Directory Integration Platform

When attempting to, create or save new profile the following error occurs.

Symptoms:
-----------------------
1. OID 11.1.1.9.X DIP configured. Import sync profile from Active Directory to OID. 

2.After the creation of the synchronization profile, setting filter in the sync profile "EM Fusion Middleware" hangs. It was noticed that this is due to the complex matching filter. If simpler matching filter is setting, everything works.

3.Same DIP sync profile perfectly working in an old OID 11.1.1.7 environment.   

4. Next print screen shows how "Test Filters" button just grayed out and icon about "Page Refresh" just continue spinning;



5. Next error messages are reported in the wls_ods1-diagnostic.log file

[2017-06-23T15:42:25.541-05:00] [wls_ods1] [NOTIFICATION] [DIP-10176] [oracle.dip.<SYNC_PROF_NAME>] [tid: <SYNC_PROF_NAME>] [userId: <anonymous>] [<ECID>] [APP: DIP#11.1.1.2.0] Changelog filter : (&(USNChanged>=<USNCHANGED_NUMBER>)(USNChanged<=<USNCHANGED_NUMBER>)...<complex filter>
[2017-06-23T15:42:25.541-05:00] [wls_ods1] [ERROR] [DIP-10007] [oracle.dip.<SYNC_PROF_NAME>] [tid:<SYNC_PROF_NAME>] [userId: <anonymous>] [<ECID>] [APP: DIP#11.1.1.2.0] error in execution of Agent thread: <SYNC_PROF_NAME>[[
ODIException: Failure During Search
at oracle.ldap.odip.gsi.ActiveChgReader.searchChanges(ActiveChgReader.java:283)
at oracle.ldap.odip.web.DIPSyncBean.mapExecute(DIPSyncBean.java:617)
at oracle.ldap.odip.web.DIPSyncBean.execMapping(DIPSyncBean.java:459)
at oracle.ldap.odip.web.DIPSyncBean.doOneIteration(DIPSyncBean.java:348)
at oracle.ldap.odip.web.DIPSync_2r3ocw_EOImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.ldap.odip.web.DIPSync_2r3ocw_EOImpl.doOneIteration(Unknown Source)
at oracle.ldap.odip.web.SyncQuartzJobImpl.execute(SyncQuartzJobImpl.java:178)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: javax.naming.directory.InvalidSearchFilterException: Filter (!) cannot be followed by more than one filters; remaining name 'DC=<MY_COMPANY>,DC=com'
at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:725)
at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)

As well as several:

[2017-06-24T14:58:30.572-05:00] [wls_ods2] [NOTIFICATION] [TYPE-10640] [oracle.dip] [tid: SyncProfileMBean] [userId: admin] [ecid: <ECID>] [APP: DIP#11.1.1.2.0] Reconnecting due to error : [LDAP: error code 2 - Bad Search Filter]
[2017-06-24T14:58:30.573-05:00] [wls_ods2] [NOTIFICATION] [TYPE-10640] [oracle.dip] [tid: SyncProfileMBean] [userId: admin] [ecid: <ECID>] [APP: DIP#11.1.1.2.0] Reconnecting due to error : <OID_SERVER_NAME>:<OID_NONSSL_PORT>
[2017-06-24T14:58:30.631-05:00] [wls_ods2] [NOTIFICATION] [TYPE-10640] [oracle.dip] [tid: SyncProfileMBean] [userId: admin] [ecid: <ECID>] [APP: DIP#11.1.1.2.0] Reconnecting due to error : <OID_SERVER_NAME>:<OID_NONSSL_PORT>
[2017-06-24T14:58:30.695-05:00] [wls_ods2] [NOTIFICATION] [TYPE-10640] [oracle.dip] [tid: SyncProfileMBean] [userId: admin] [ecid: <ECID>] [APP: DIP#11.1.1.2.0] Reconnecting due to error : [LDAP: error code 2 - Bad Search Filter]
[2017-06-24T14:58:30.754-05:00] [wls_ods2] [NOTIFICATION] [TYPE-10640] [oracle.dip] [tid: SyncProfileMBean] [userId: admin] [ecid: <ECID>] [APP: DIP#11.1.1.2.0] Reconnecting due to error : [LDAP: error code 2 - Bad Search Filter]
[2017-06-24T14:58:30.755-05:00] [wls_ods2] [NOTIFICATION] [TYPE-10640] [oracle.dip] [tid: SyncProfileMBean] [userId: admin] [ecid: <ECID>] [APP: DIP#11.1.1.2.0] Reconnecting due to error : <OID_SERVER_NAME>:<OID_NONSSL_PORT>

 

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Creating sync profile (import) between OID 11.1.1.9.X and Active Directory, and creating filter like:

odipcondirmatchingfilter=searchfilter=(&(&(objectclass=user)(|(userPrincipalName=<VALUE>*)(userPrincipalName=<VALUE>*))(!(objectclass=computer)))

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.