My Oracle Support Banner

DIP Directory Sync Deletes All Members of Target Group with "Error while processing dnconvert function for dn" (Doc ID 2684868.1)

Last updated on NOVEMBER 23, 2022

Applies to:

Oracle Internet Directory - Version 11.1.1.9.0 to 12.2.1.4.0 [Release 11g to 12c]
Oracle Unified Directory - Version 11.1.2.3.0 to 12.2.1.4.0 [Release 11g to 12c]
Information in this document applies to any platform.

Symptoms

The following two directories are synchronized using Oracle Directory Integration Platform (DIP);

Source Directory : Oracle Unified Directory (OUD)
Target Directory : Microsoft Active Directory (AD)

An attribute mapping for group membership uses the dnconvert function because both domains are different;

This issue is not depended on LDAP directory applications in many cases.

Changes

The issue occurs with the following steps for example;

1. Create USER_A, USER_B, USER_C and group that the users join in the Source Directory.
-> Synced to the Target Directory by DIP.

2. Delete the USER_C account from the Source Directory. (Do not delete its group membership at this time)
-> Synced to the Target Directory by DIP, then the user and its group membership are deleted from the Target Directory.

3. Delete the USER_C membership from the group in the Source Directory.
-> Synced to the Target Directory by DIP, then all of group members are deleted from the Target Directory.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.