How to Assign Roles and Accounts When They're all Under the Same AD or LDAP OU

(Doc ID 1294888.1)

Last updated on NOVEMBER 03, 2016

Applies to:

Oracle WebCenter Content - Version 10.1.3.5.0 and later
Information in this document applies to any platform.

Goal

In a typical 10g Content Server or 11g UCM external authentication, authorization scheme, when adding Roles and Accounts to LDAP or Active Directory, they're added to separate Organization Units, OUs.

Example hierarchy:

OU=Oracle

OU=Roles
cn=contributor
cn=admin
cn=sysmanager
OU=Accounts
cn=Account1_RW
cn=Account1_R
cn=Account2_RW
cn=Account3_RW


However, there may be a configurations where all the roles and accounts are under the same OU, such as:

OU=Oracle

cn=UCM-contributor
cn=UCM-admin
cn=UCM-sysmanager
cn=UCM-Account1_RW
cn=UCM-Account1_R
cn=UCM-Account2_RW
cn=UCM-Account3_RW


In this situation the UCM won't be able to differentiate between what is a role and what is an account. In the user's profile they will all be listed as roles or the correct roles will be listed but not the accounts. And as such, the user won't have the proper account access.

This note will cover how they can be properly assigned using a credential map.


Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms