My Oracle Support Banner

LDAPSync: Functionality To Move Groups Between Containers (Doc ID 2253320.1)

Last updated on APRIL 03, 2019

Applies to:

Identity Manager - Version and later
Information in this document applies to any platform.


1. In a ldap sync environment, modify the LDAPContainerRules.xml to add a new rule for the role based on Role Description, for domain: Below are two rule in /LDAPContainerRules.xml

So if the Role description is "Group1", then the role should be pushed to cn=Group1,dc=domain,dc=com, if it "Group2", it should be pushed to cn=Group2,dc=domain,dc=com this works perfectly fine for new role.

2. But if your modifying the Role Description, lets say, Role Description is NUll and if your modifying the role with "Role Description" as Group 1, the role is not pushed to container "cn=Group1,dc=domain,dc=com".

Modify the same Role Description to "Group2", now the role will be pushed to earlier container cn=Group1,dc=domain,dc=com.

You further update any other attribute in Role, now it gets pushed to container "cn=Group1,dc=domain,dc=com"

So technically pushing of role on a modify operation is (x-1) times, where x is the container that it actually had to be pushed too.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.