DIP Does Not Synchronize From An Active Directory Subdomain
Last updated on MARCH 08, 2017
Applies to:Oracle Internet Directory - Version: 9.0.4 to 10.1.2
This problem can occur on any platform.
DIP synchronization has been configured successfully from Active Directory (AD) to OID for the root AD domain.
A subdomain has been added to Active Directory and a new profile has been created with domainRules specific to the sub domain. However the profile does not detect any users added or modified in the subdomain.
There are no errors in the debug profile tracefile. Entries modified in the root domain are detected in the tracefile but not implemented since they do not match the profile domainRules. This is expected behaviour.
ldapbind with the profile connected directory details succeeds i.e.
ldapbind -h <orclodipcondirurl_hostname> -p <orclodipcondirurl_port> -D <orclodipcondiraccessaccount> -w <orclodipcondiraccessaccount_password>
However ldapsearch with the same connection details on the subdomain root fails i.e.
ldapsearch -h <orclodipcondirurl_hostname> -p <orclodipcondirurl_port> -D <orclodipcondiraccessaccount> -w <orclodipcondiraccessaccount_password> -b "<subdomain_base>" -s base "(objectclass=*)"
ldap_search: Operations error
ldap_search: additional info: 00000000: LdapErr: DSID-0C0905FF, comment: In order to perform this operation a successful bind must be completed on the connection, data 0, vece
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms