User Entry Changes in AD Of Types: Delete, Moddn (User Moves Location/Container in AD), Modrdn (Username Changes in AD), Are Not Getting Updated In OID Groups / Propagated To The Groups (Doc ID 397078.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 10.1.2.2 to 10.1.4.3 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
Information in this document applies to any platform.

Goal

OID (Oracle Internet Directory) 10g 10.1.4.

Either via OID ldap tools (ldapdelete, ldapmoddn) or via DIP synchronization with 3rd party directory such as Active Directory (AD), if the user is a member of one or more groups, the groups are not being updated with the changes to the user DN (user moves container/location in AD) or username (username changes in AD). If there is a subsequent change to the group (i.e., another member added), then the group is synchronized properly.

Likewise, if a user is deleted in AD, the user is subsequently deleted in OID. However, the user is still a member of all groups. Again, when the group is updated and resynchronized, the membership is then updated correctly.  (Note: Unless the usnchanged is actually updated in the AD group itself when the deletion happens, then DIP cannot know about the change, thus nothing will happen with the synched group in OID.)

So there is a period of time where the group memberships are not correct, and currently having to manually update the group in AD to address this issue.

Is this the expected behavior?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms