Two Accounts Exists In AD With Same CN Except For Extra Whitespace, But OID DIP Sync Only Replaces or Modifies One Single / Same Account (Doc ID 605507.1)

Last updated on JULY 28, 2021

Applies to:

Symptoms

Using Active Directory (AD) DIP Synchronization to Oracle Internet Directory (OID).

Two distinct accounts exist in AD with essentially the same CN.  Both accounts could either belong to the same user but must be kept separately for different functions (so cannot use the solution from <Note:578367.1>), or each account could belong to a unique user.

One AD account has one space in between the first and last name in the CN, ie "User ONE" while the other account has an extra whitespace, ie two / 2 spaces: "User  ONE."

In OID however, only one of the two accounts is created via the sync process, and when the account with doublespace is modified in AD, OID does not create the separate account and instead replaces the account with one space in the CN.  So OID sync is not keeping separated the two corresponding AD accounts as desired.

Looking for a least intrusive/non-outage way to fix such usernames so that both are sync'd to OID and kept/maintained separately in OID as they are in AD.  (Any mapping or other more drastic changes would need to be tested/evaluated first for impact to all integrated applications.)

NOTE:  Currently just having the sync profile skip on errors and continue (as per <Note:342648.1>), but continues to see the same sync profile trace errors for the problem entries, for group and user sync's on different attributes, as reported in <Note:578367.1>, i.e.:

Also, in testing, after adding such a second account with double spaces for the same user in AD, the profile sync trace shows error:

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.