OID DIP Synchronization Groups Needed For Directory Synchronization Permissions
(Doc ID 579580.1)
Last updated on SEPTEMBER 04, 2019
Applies to:Oracle Internet Directory - Version 10.1.2 to 11.1.1 [Release 10gR2 to 11g]
Information in this document applies to any platform.
There may be a case where the DIP processes, profiles, admins etc have been modified from the standard install either by including new profiles, or worse yet deleting standard profiles.
This note serves to document the default DIP Synchronization Groups that are necessary for OID DIP synchronization, OID 10.1.2 through 11g.
This document should be used as a baseline for comparing a non-functioning DIP Synchronization environment when other known profile/configuration/acis settings have been verified as correct.
An example trace file where the PROFILE NAME was not shown as a uniquemember of the odipgroup, resulting in error LDAP 50.
Normalized DN : cn=<TEST USER1>,cn=users,dc=<COMPANY>,dc=com
Processing modifyRadd Operation ..
Entry Not Found. Converting to an ADD op..
Processing Insert Operation ..
Exception creating Entry : javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient Access Rights]; remaining name 'cn=<TEST USER1>,cn=users,dc=<COMPANY>,dc=com'
[LDAP: error code 50 - Insufficient Access Rights]
Error in executing mapping DIP_LDAPWRITER_ERROR_CREATE
javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient Access Rights]; remaining name 'cn=<TEST USER1>,cn=users,dc=<COMPANY>,dc=com'
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document