My Oracle Support Banner

LDAP Error 19 For objectclass=leaf With Synchronization From AD To OID (Doc ID 368939.1)

Last updated on JANUARY 30, 2022

Applies to:

Oracle Internet Directory - Version 10.1.2 and later
Information in this document applies to any platform.

Symptoms

After successful bootstrap with an Active Directory (AD) import profile, the odisrv process has been started on configset=1 but DIP synchronization does not execute the enabled profile. The profile status shows:
   Synchronization Status = NOT EXECUTED YET
   Bootstrap Status = BOOTSTRAP SUCCESSFUL

Further investigation by enabling debug logging for odisrv and the profile shows that AD->OID synchronization is failing with LDAP Error 19 or LDAP Error 65 when attempting to synchronize specific entries from AD:

The debug ldap/odi/log/<profilename>.trc log shows e.g.:


The profile Connected Directory Matching Filter value is the default value taken from the sample ldap/odi/conf/ad*.properties files:

"searchfilter=(|(objectclass=group)(objectclass=organizationalunit)(&(objectclass=user)(!(objectclass=computer))))"

Based on this search filter the entries being synchronized when the errors occur should not be retrieved from Active Directory by DIP for synchronization.

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.