DIP Does Not Synchronize From An Active Directory Subdomain

(Doc ID 358801.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version: 9.0.4 to 10.1.2
This problem can occur on any platform.

Symptoms

DIP synchronization has been configured successfully from Active Directory (AD) to OID for the root AD domain.

A subdomain has been added to Active Directory and a new profile has been created with domainRules specific to the sub domain. However the profile does not detect any users added or modified in the subdomain.

There are no errors in the debug profile tracefile. Entries modified in the root domain are detected in the tracefile but not implemented since they do not match the profile domainRules. This is expected behaviour.

 

ldapbind with the profile connected directory details succeeds i.e.

   ldapbind -h <orclodipcondirurl_hostname> -p <orclodipcondirurl_port> -D <orclodipcondiraccessaccount> -w <orclodipcondiraccessaccount_password>

Output:
   Bind successful

However ldapsearch with the same connection details on the subdomain root fails i.e.

   ldapsearch -h <orclodipcondirurl_hostname> -p <orclodipcondirurl_port> -D <orclodipcondiraccessaccount> -w <orclodipcondiraccessaccount_password> -b "<subdomain_base>" -s base "(objectclass=*)"

Output:
   ldap_search: Operations error
   ldap_search: additional info: 00000000: LdapErr: DSID-0C0905FF, comment: In order to perform this operation a successful bind must be completed on the connection, data 0, vece

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms