1. Configuring the Oracle Internet Directory Application
  2. Troubleshooting

9 Troubleshooting

This chapter provides solutions to problems you might encounter with the Oracle Internet Directory connector.

Table 9-1 Troubleshooting for the OID Connector

Problem Solution

User Sync Reconciliation initiation fails against OUD 11.1.1.5.0 with an error message. For example:

Can not use cookie based sync strategy because control 1.3.6.1.4.1.26027.1.5.4 is not supported for OUD

This problem can be caused by either:

  • You are not using OUD Release 2 or later. Upgrade to supported release of OUD, as listed in Certified Components.

  • You did not enable the changelog. The OUD changelog is automatically enabled when enabling replication.

The OID Connector Group Search Delete Reconciliation job fails with the following error message:

java.lang.IllegalArgumentException: The method is only for single value attributes

This problem can be caused if more than one group name is preconfigured for the cn field on the OID target system. For example:

OracleDASEditGroup and OracleResourceAccessGroup

or

OracleDASEditGroup and oraclemanageextendedpreferences

Before running the OID Connector Group Search Delete Reconciliation job, you must remove additional cn entries from the OID target system and ensure that only one group name is configured.

Multiple reconciliation events are generated during reconciliation of groups that are deleted and then created again on the target system. For example:

  1. Create two groups in the target system, create similar organizations in Oracle Identity Governance, and then run group reconciliation. The events are linked.

  2. Delete the two groups and run group delete reconciliation. The events are linked and then revoked.

  3. Create the same two groups in the target system again and run target reconciliation.

Result: Four reconciliation events are created for the two groups (two reconciliation events per group). Two events are linked, and two are not linked.

This result is the expected behavior by the connector. The sync reconciliation task reads the changelog, and every record (create, update, or delete) related to the specific object class is returned from the connector.

A group provisioning operation fails when you try to provision it to a user that already has another virtual static group provisioned. The same happens during a delete provisioning operation as well.

This problem is caused because virtual static groups are not supported by default. To use the connector for dynamic or virtual static groups, you must apply the following guidelines:

  • Ensure referential integrity in OUD is enabled.

  • Set the value of the maintainLdapGroupMembership entry in the Lookup.LDAP.OUD.Configuration lookup definition to false.