My Oracle Support Banner

Oracle Identity Governance(OIG 12c): Role-Sync Missing Without Access Manager Integrated LDAPSync in 12.2.1.4 (Doc ID 2833544.1)

Last updated on AUGUST 27, 2024

Applies to:

Identity Manager - Version 12.2.1.4.0 and later
Information in this document applies to any platform.

Symptoms

On : 12.2.1.4.0 version, Upgrade

ACTUAL BEHAVIOR
---------------
The OIM  (Oracle Identity Manager) 11g setup uses LDAP-Sync without OAM (Oracle Access Manager) integration and Role-Sync is automated via LDAP-Sync and works fine, until the move to version 12.2.1.4 of OIM / OIG (Oracle Identity Governance) and trying to use Connector based Sync. Then the Roles do not Sync into LDAP (Lightweight Directory Access Protocol) anymore. The documentation shows no support for non-OAM integrations migrated to Connector based LDAP-Sync.

EXPECTED BEHAVIOR
-----------------------
https://docs.oracle.com/en/middleware/idm/suite/12.2.1.4/idmig/upgrading-oig-oam-integrated-environments.html#GUID-C365C7C0-6843-412F-B27F-596E6D9AB283

The migration from LDAP-Sync to Connector-Sync need to account for non-OAM setups and Role Sync should remain functional.

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Have an 11g setup with LDAP-Sync and with OAM integration missing or removed
2. Perform an In-Place or Out-Of-Place upgrade to 12.2.1.4 retaining all LDAP-Sync and container rules features
3. Create Roles in OIG UI
4. Notice that the code seems to not support migration from LDAP-Sync without OAM Integration.

The result is that the Roles are not automatically sync'd over to the LDAP target via the Connector setup.

Changes

Upgrade from an 11g LDAP-Sync style setup, but without any OAM Integration, to 12c.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
 1. Prerequisites
 2. Disable existing LDAP-Sync jobs
 3. Remove the Event Handlers
 4. Delete the LibOVD adapters
 5. Download and Update the LDAP Connector
 6. Create the LDAP Applications
 7. Adding User Defined Fields (UDFs)
 8. Update the ssoIntegrationMXBean
 9. Import ldapconnector_sso_eventhandler.xml
 10. Verify LDAPContainerRules.xml exists
 11. Update "SSO Server"
 12. Performing Post-Upgrade Tasks
 13. Testing
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.