Last updated on JULY 01, 2016
Applies to:
Oracle Internet Directory - Version: 11.1.1.1.0 to 11.1.1.3.0 - Release: 11g to 11gInformation in this document applies to any platform.
Symptoms
When using Server Chaining with Active Directory (AD), after enabling addOrcluserv2ToADUsers in the server chaining definition, performing an ldapsearch against a chained user fails with "Unknown Error Encountered".Server chaining was working successfully without addOrcluserv2ToADUsers.
Steps to reproduce:
1. Set up server chaining with AD, initially with addorcluserv2toadusers set to 0, which is disabled ( This is the default value).
2. Check that you can successfully dump the attributes of a chained user using ldapsearch:
Example:
$ORACLE_HOME/bin/ldapsearch -h myoid.au.oracle.com -p 3060 -D "cn=orcladmin" -w mypasswd -b "cn=test, cn=ad, cn=users,dc=au,dc=oracle,dc=com" -s base "objectclass=*"
==>
cn=test
uid=test
userpassword=testpwd
objectclass=top
objectclass=person
objectclass=organizationalPerson
objectclass=user
objectclass=computer
objectclass=inetorgperson
orclsamaccountname=TEST$ 3. Enable addOrcluserv2ToADUsers by setting the value to 1
Example:
- Create a file mod_ocluserv2.ldif with the contents:
dn: cn=oidscad,cn=oid server chaining,cn=subconfigsubentry
changetype: modify
replace: addOrcluserv2ToADUsers
addOrcluserv2ToADUsers: 1
- Update the addOrcluserv2ToADUsers
$ORACLE_HOME/bin/ldapmodify -h myoid.au.oracle.com -p 3060 -D "cn=orcladmin" -w mypasswd -v -f mod_ocluserv2.ldif
4. Dump the chained user again, and it now fails with UnKnown Error Encountered:
Example:
$ORACLE_HOME/bin/ldapsearch -h myoid.au.oracle.com -p 3060 -D "cn=orcladmin" -w mypasswd -b "cn=test, cn=ad, cn=users,dc=au,dc=oracle,dc=com" -s base "objectclass=*"
ldap_search: UnKnown Error Encountered Cause
Sign In with your My Oracle Support account |
|
Don't have a My Oracle Support account? Click to get started |
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms