Synchronization of users who are members of groups fails between an LDAP Oracle Directory Service Manager (DSM) and VMware Identity Manager (vIDM). This occurs even when the LDAP attributes are correctly configured in vIDM. The issue is specifically tied to a constraint violation during the synchronization process.

• vIDM Connector Logs: Show the error message OperationNotSupportedException - Extension not supported and an informational message IN VLV Search, normal extension didn't work.
• LDAP Server Logs: Show the result RESULT err=12 tag=101 nentries=0 etime=0 with the reason unsupported critical extension for a search on a group named <LDAP Group Name>.

Additional Log Findings: Further review indicated a Constraint violation error with a status code 409 during the synchronization bulk API call (/jersey/manager/api/sync/bulk), which is related to a database constraint violation.

VMware Identity Manager 3.3.7

Oracle Directory Service Manager 11g Release 1 (11.1.1.7.0)

The Group DN (Distinguished Name) being synchronized is too long, exceeding the database limit. The internal database limit for the Group name is 64 characters. This length violation causes the synchronization to crash immediately when vIDM attempts to write the group reference into its internal database table.

Rename the affected Group name by shortening the characters and removing any spaces to ensure it is below the 64-character limit.