E-4 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform Problem UserGroup Modify And Delete Events Not being consumed by the application. Solution Verify the host port details and credentials using the Test Connection feature for the profile in Oracle Enterprise Manager Fusion Middleware Control. If the connection fails after using the Test Connection option, an error message appears providing information about the failed connection. For additional information about the failed connection, you can examine the diagnostic log using Oracle Enterprise Manager Fusion Middleware Control or from the command line. The diagnostic log is located at: MW_HOME user_projectsdomainsDOMAIN_NAMEserversNAME_OF_MANAGED_SERVERlogs Problem Subscription to binary attributes results in the event propagation error. Solution Binary attributes propagation is not supported. Remove the binary attribute assignments from the event subscription in the provisioning profile. Problem Insufficient Access Rights to do proxy as the Application DN. Solution The Oracle Directory Integration Platform server group has not been granted browse privilege by the application DN. Use the ldapmodify command to load the following ACIs, which grant browse privileges from the application DN to the Oracle Directory Integration Platform group: orclaci: access to attr= by group=cn=odisgroup,cn=DIPAdmins,cn=Directory Integration Platform,cn=products,cn=oraclecontext read,write,search,compare orclaci: access to entry by group=cn=odisgroup,cn=DIPAdmins,cn=Directory Integration Platform,cn=products,cn=oraclecontextbrowse,proxy Problem Insufficient access rights to use an application DN as a proxy. Solution The Oracle Directory Integration Platform server group has not been granted proxy privileges by the application DN. Use the ldapmodify command to load the following ACI, which grants proxy privileges from the application DN to the Oracle Directory Integration Platform group: orclaci: access to entry by group= cn=odisgroup, cn=odi,cn=oracle internet directory browse,proxy Note: The file name is NAME_OF_MANAGED_ SERVER-diagnostic.log Troubleshooting the Oracle Directory Integration Platform E-5 E.2.2 Synchronization Errors and Problems This section provides solutions for synchronization errors and problems. Problem LDAP: error code 50 - Insufficient Access Rights; remaining name CN=Users,dc=mycompany,dc=com Solution The record target is not in a default container. Find the DST CHANGE RECORD. Check the ACIs for the target container. If they are blank, then use DIP Tester to apply a known set of ACIs to the new container. Problem LDAP: error code 50 - Insufficient Access Rights; ACTIVECHGIMP MAPPING IMPORT OPERATION FAILURE; Agent execution successful, Mappingimport operation failure Solution By default the cn=Users,default realm contains the proper ACIs. However, this error can occur when trying to synchronize into a different container within the default realm. Open the trace file, locate the change record that is causing the error, and then check the ACIs for the record’s parent container. Apply the same ACIs to the target container. Problem Log File Error: Not able to construct DN Output ChangeRecord : Changetype: 1 ChangeKey: cn=users, dc=us,dc=oracle,dc=com Exception javax.naming. ContextNotEmptyException: [LDAP: error code 66 - Not Allowed On Non-leaf]; remaining name ’cn=users,dc=us,dc=oracle,dc=com’ Missing mandatory attributes. Solution There is a problem with the mapping file. Refer to Note: 261342.1—Understanding DIP Mapping in My Oracle Support formerly MetaLink at http:metalink.oracle.com . Problem Trace File Error: IPlanetImport:Error in Mapping Enginejava.lang.NullPointerException java.lang.NullPointerException at oracle.ldap.odip.engine.Connector.setValuesConnector.java:101. Solution The orclcondirlastappliedchgnum attribute is null or has no value. This may occur if bootstrapping failed or if you manually populated Oracle Internet Directory and did not assign a value to the orclcondirlastappliedchgnum attribute. Verify that the orclcondirlastappliedchgnum attribute has a value. If it does not have a value, set it using the DIP Tester utility or using WLST to configure the DIP Mbean. See Also: Note: 276481.1—Troubleshooting OID DIP Synchronization Issues in My Oracle Support formerly MetaLink at http:metalink.oracle.com