LDAPSync: Functionality To Move Groups Between Containers
(Doc ID 2253320.1)
Last updated on APRIL 03, 2019
Applies to:Identity Manager - Version 220.127.116.11.161018 and later
Information in this document applies to any platform.
1. In a ldap sync environment, modify the LDAPContainerRules.xml to add a new rule for the role based on Role Description, for domain: Below are two rule in /LDAPContainerRules.xml
So if the Role description is "Group1", then the role should be pushed to cn=Group1,dc=domain,dc=com, if it "Group2", it should be pushed to cn=Group2,dc=domain,dc=com this works perfectly fine for new role.
2. But if your modifying the Role Description, lets say, Role Description is NUll and if your modifying the role with "Role Description" as Group 1, the role is not pushed to container "cn=Group1,dc=domain,dc=com".
Modify the same Role Description to "Group2", now the role will be pushed to earlier container cn=Group1,dc=domain,dc=com.
You further update any other attribute in Role, now it gets pushed to container "cn=Group1,dc=domain,dc=com"
So technically pushing of role on a modify operation is (x-1) times, where x is the container that it actually had to be pushed too.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document