My Oracle Support Banner

DIP 11g Mapping All the Values in OID so the RDN (i.e., CN) Value is Setup to Have the AD Username (samaccountname) Fails Validation Rule: The following required destination attributes are not mapped inetorgperson (Doc ID 2147636.1)

Last updated on MARCH 04, 2019

Applies to:

Oracle Internet Directory - Version and later
Information in this document applies to any platform.


Oracle Internet Directory (OID) 11g with Directory Integration Platform (DIP) synchronization from Microsoft (MS) Active Directory (AD) to OID.

Unable to use the "keywords" / rdn in DIP sync profile mapping.

Trying to change the mapping for CN from AD to OID, from default (CN in AD to CN in OID) to having the AD samaccountname mapped to OID CN instead.

Following documentation:

Oracle® Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform
Chapter 9 Configuring Directory Synchronization
Section 9.4.1 Distinguished Name Mapping

Either the domain or the CN mapping rule fails validation, depending on the combination tried.

If forcing a validation and trying a DIP Tester Test synchronization, it fails with different errors depending on the combination used.

For example, having the profile DomainRules with:





And attribute mapping with:


Returns CN mapping validation failure:

The following required destination attributes are not mapped inetorgperson

Move the CN mapping rule to the top of the profile attribute mappings does not help.

( NOTE:  Incidentally, the documentation states using either singlequotes or doublequotes in the editing rule is allowed, but using single quotes returns error: Invalid char literal "'cn='". Should have length 1. )


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.