My Oracle Support Banner

LDAPSync: Functionality To Move Groups Between Containers (Doc ID 2253320.1)

Last updated on FEBRUARY 04, 2018

Applies to:

Identity Manager - Version 11.1.2.3.161018 and later
Information in this document applies to any platform.

Symptoms

1. In a ldap sync environment, modify the LDAPContainerRules.xml to add a new rule for the role based on Role Description, for example: Below are two rule in /LDAPContainerRules.xml



So if the Role description is "Group1", then the role should be pushed to cn=Group1,dc=example,dc=com, if it "Group2", it should be pushed to cn=Group2,dc=example,dc=com this works perfectly fine for new role.

2. But if your modifying the Role Description, lets say, Role Description is NUll and if your modifying the role with "Role Description" as Group 1, the role is not pushed to container "cn=Group1,dc=example,dc=com".

Modify the same Role Description to "Group2", now the role will be pushed to earlier container cn=Group1,dc=example,dc=com.

You further update any other attribute in Role, now it gets pushed to container "cn=Group1,dc=example,dc=com"

So technically pushing of role on a modify operation is (x-1) times, where x is the container that it actually had to be pushed too.

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.