DIP: wls_ods out of memory

Bug 13977226  DIP wls_ods1 outofmemory (OOM) error when using database or eBS profile. The ODIP managed server (WLS_ODS) crashes with an out of memory error. A lot of instances of “oracle.dms.jmx.MetricMBeanInfo” occupy the majority of the heap. These are caused by unclosed JDBC connections. One or more of the following classes is being used:
DBConnector, PLSQLReader, PLSQLWriter, ProvAppToOIDSync_2_0 and ProvOIDToAppSync_2_0
Most likely eBS provisioning or a database profile.
Product (Component)Range of versions believed to be affectedVersions >= 11.1.1.1 but BELOW 11.1.1.9Versions confirmed as being affected
•    11.1.1.7
•    11.1.1.6
•    11.1.1.5
•    11.1.1.4
•    11.1.1.3
•    11.1.1.2
•    11.1.1.1
Platforms affectedGeneric (all / most platforms affected)

FIX:
Patch 13977226: WLS_ODS1 OUTOFMEMORY (OOM) CONDITION FOR THE MANAGED SERVER
The following are the bugs fixed by this patch:
  13977226: WLS_ODS1  OUTOFMEMORY (OOM) CONDITION FOR THE MANAGED SERVER

Synchronizing Deletions from Microsoft Active Directory

To synchronize deletions in Microsoft Active Directory with Oracle Internet Directory, you must grant the necessary privilege to the Microsoft Active Directory user account that the Oracle directory integration server uses to perform synchronizations with Microsoft Active Directory. Microsoft Active Directory deletions can be synchronized with Oracle Internet Directory by querying for them in Microsoft Active Directory.

For the USN-Changed (ActiveChgImp) approach, the Microsoft Active Directory user account that the Oracle Directory Integration Platform uses to access Microsoft Active Directory must have “List Content” and “Read Properties” permission to the cn=Deleted Objects container of a given domain. In order to set these permissions, you must use the dsacls.exe command which was previously known as Active Directory Application Mode or ADAM.

Follow below steps to execute dsacls command:

1. Open a command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

2. At the command prompt, type the following and press enter after each command:

· dsacls <deleted_object_dn> /takeownership

Ex: dsacls “CN=deleted objects, dc = domain” /takeownership

· dsacls <deleted_object_dn> /G <user_or_group>:LC

Ex: dsacls “CN=deleted objects, dc = domain” /G ldapaccess:LC

· dsacls <deleted_object_dn> /G <user_or_group>:RP

Ex: dsacls “CN=deleted objects, dc = domain” /G ldapaccess:RP

Parameter	Description
deleted_object_dn	The distinguished name of the deleted directory object.
user_or_group	The user or group for whom the permissions apply. (user account used to access AD from OID)

If you create a matching filter for the ActiveChgImp profile (for the USN-Changed profile) be sure to include only the following key Microsoft Active Directory attributes:

• ObjectGUID
• ObjectSID
• ObjectDistName
• USNChanged

If you specify any attributes in a matching filter other than the preceding key attributes, deletions in Microsoft Active Directory are not propagated to Oracle Internet Directory.