LDAP Error 19 For objectclass=leaf With Synchronization From AD To OID
(Doc ID 368939.1)
Last updated on JANUARY 30, 2022
Applies to:
Oracle Internet Directory - Version 10.1.2 and laterInformation in this document applies to any platform.
Symptoms
After successful bootstrap with an Active Directory (AD) import profile, the odisrv process has been started on configset=1 but DIP synchronization does not execute the enabled profile. The profile status shows:
Synchronization Status = NOT EXECUTED YET
Bootstrap Status = BOOTSTRAP SUCCESSFUL
Further investigation by enabling debug logging for odisrv and the profile shows that AD->OID synchronization is failing with LDAP Error 19 or LDAP Error 65 when attempting to synchronize specific entries from AD:
The debug ldap/odi/log/<profilename>.trc log shows e.g.:
The profile Connected Directory Matching Filter value is the default value taken from the sample ldap/odi/conf/ad*.properties files:
"searchfilter=(|(objectclass=group)(objectclass=organizationalunit)(&(objectclass=user)(!(objectclass=computer))))"
Based on this search filter the entries being synchronized when the errors occur should not be retrieved from Active Directory by DIP for synchronization.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |