[midPoint] Use of LDAP Connector with Oracle Internet Directory

Tue Mar 10 20:50:54 CET 2026

Yeah, I'm more of a DSEE guy myself.

The schema LDIF is over 1700 lines, so here are the lines that reference OID 1.3.6.1.4.1.1466.115.121.1.38 or the objectIdentifierMatch matching rule that it seems to be getting hung up on:

attributetypes: ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' )
attributetypes: ( 2.5.4.30 NAME 'supportedApplicationContext' EQUALITY objectIdentifierMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' )
attributetypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' USAGE dSAOperation )
attributetypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' USAGE dSAOperation )
attributetypes: ( 2.5.18.7 NAME 'collectiveExclusions' EQUALITY  objectIdentifierMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' )
attributetypes: ( 2.5.18.0 NAME 'excludeAllCollectiveAttributes' EQUALITY  objectIdentifierMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE )
attributetypes: ( 2.16.840.1.113894.1.1.709 NAME 'orclcertExtensionOID' EQUALITY objectIdentifierMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE )
attributetypes: ( 2.16.840.1.113894.1.1.711 NAME 'orclcertExtensionAttribute' EQUALITY objectIdentifierMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE )
matchingrules: ( 2.5.13.0 NAME 'objectIdentifierMatch' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' )
ldapsyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )

I'm not seeing anything unexpected here, but also I'm not well versed on how the ConnID LDAP connector processes the LDAP schema.

Thanks,

Neil

________________________________
From: Gustavo J Gallardo <ggallard at identicum.com>
Sent: Tuesday, March 10, 2026 7:36 AM
To: MidPoint General Discussion <midpoint at lists.evolveum.com>
Cc: Gaede, Neil <NSGaede at sbec.com>
Subject: Re: [midPoint] Use of LDAP Connector with Oracle Internet Directory

Hi Neal,
not really an expert in Oracle OID here, but can you export the schema (cn=subschemasubentry) to an LDIF file to compare attributes?

Regards,

Gustavo

On Mon, Mar 9, 2026 at 7:23 PM Gaede, Neil via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> wrote:
Has anyone had any luck using the current version of the LDAP connector with Oracle Internet Directory? I'm getting an InvalidAttributeValueException at the discovery step when trying to add our OID server as a resource.

2026-03-09 21:56:02,327 [] [http-nio-8080-exec-135] WARN (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): Got ConnId exception (might be handled by upper layers later) org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException in OID Test: ConnectorSpec.Main(resource:null(SBEC OID Test)): Error parsing resource schema: ERR_13787_OID_EXPECTED An oid is expected (line ( 2.5.13.0 NAME 'objectIdentifierMatch' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ), col 47), reason: Error parsing resource schema: ERR_13787_OID_EXPECTED An oid is expected (line ( 2.5.13.0 NAME 'objectIdentifierMatch' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ), col 47) (class org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException)

I find the "OID Expected" at column 47 message to be interesting because it sure looks to be an OID, though maybe the fact that it's single-quoted is throwing it off?

We're running a pretty bog-standard implementation of Internet Directory 12.2.1.4.0.

Apologies for any potential OID (Object Identifier) / OID (Oracle Internet Directory) confusion.

Thanks,

Neil
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260310/67f80b86/attachment-0001.htm>