LDAPSync: Functionality To Move Groups Between Containers

(Doc ID 2253320.1)

Last updated on APRIL 12, 2017

Applies to:

Identity Manager - Version 11.1.2.3.161018 and later
Information in this document applies to any platform.

Symptoms

1. In a ldap sync environment, modify the LDAPContainerRules.xml to add a new rule for the role based on Role Description, for example: Below are two rule in /LDAPContainerRules.xml



So if the Role description is "Group1", then the role should be pushed to cn=Group1,dc=example,dc=com, if it "Group2", it should be pushed to cn=Group2,dc=example,dc=com this works perfectly fine for new role.

2. But if your modifying the Role Description, lets say, Role Description is NUll and if your modifying the role with "Role Description" as Group 1, the role is not pushed to container "cn=Group1,dc=example,dc=com".

Modify the same Role Description to "Group2", now the role will be pushed to earlier container cn=Group1,dc=example,dc=com.

You further update any other attribute in Role, now it gets pushed to container "cn=Group1,dc=example,dc=com"

So technically pushing of role on a modify operation is (x-1) times, where x is the container that it actually had to be pushed too.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms