DIP Directory Sync Deletes All Members of Target Group with "Error while processing dnconvert function for dn"
(Doc ID 2684868.1)
Last updated on JUNE 30, 2020
Applies to:Oracle Internet Directory - Version 126.96.36.199.0 to 188.8.131.52.0 [Release 11g to 12c]
Oracle Unified Directory - Version 184.108.40.206.0 to 220.127.116.11.0 [Release 11g to 12c]
Information in this document applies to any platform.
The following two directories are synchronized using Oracle Directory Integration Platform (DIP);
Source Directory : Oracle Unified Directory (OUD)
Target Directory : Microsoft Active Directory (AD)
An attribute mapping for group membership uses the dnconvert function because both domains are different;
This issue is not depended on LDAP directory applications in many cases.
The issue occurs with the following steps for example;
1. Create UserA, UserB, UserC and group that the users join in the Source Directory.
-> Synced to the Target Directory by DIP.
2. Delete the UserC account from the Source Directory. (Do not delete its group membership at this time)
-> Synced to the Target Directory by DIP, then the user and its group membership are deleted from the Target Directory.
3. Delete the UserC membership from the group in the Source Directory.
-> Synced to the Target Directory by DIP, then all of group members are deleted from the Target Directory.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document