How to Assign Roles and Accounts When They're all Under the Same AD or LDAP OU (Doc ID 1294888.1)

Last updated on MAY 09, 2023

Applies to:

Goal

In a typical 10g Content Server or 11g UCM external authentication, authorization scheme, when adding Roles and Accounts to LDAP or Active Directory, they're added to separate Organization Units, OUs.

Example hierarchy:

OU=Oracle

OU=Roles

cn=contributor
cn=admin
cn=sysmanager

OU=Accounts

cn=Account1_RW
cn=Account1_R
cn=Account2_RW
cn=Account3_RW

However, there may be a configurations where all the roles and accounts are under the same OU, such as:

OU=Oracle

cn=UCM-contributor
cn=UCM-admin
cn=UCM-sysmanager
cn=UCM-Account1_RW
cn=UCM-Account1_R
cn=UCM-Account2_RW
cn=UCM-Account3_RW

In this situation the UCM won't be able to differentiate between what is a role and what is an account. In the user's profile they will all be listed as roles or the correct roles will be listed but not the accounts. And as such, the user won't have the proper account access.

This note will cover how they can be properly assigned using a credential map.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.