Unable to View Documents in Group Spaces with Privileges Assigned through Active Directory Groups (Doc ID 1312215.1)

Last updated on DECEMBER 15, 2016

Applies to:

Oracle WebCenter Portal - Version 11.1.1.3.0 and later
Information in this document applies to any platform.
Checked for relevance on 30-Jan-2013

Symptoms


When attempting to view Documents in Group Spaces with privileges assigned through Active Directory Groups, the following error occurs:

Contact the administrator to ensure that the configuration is correct and that the directory exists and is accessible.



The WLS_Spaces-diagnostic.log shows the following errors:

<Mar 18, 2011 12:20:37 PM CDT> <Info> <oracle.jcr.impl.OracleRepositoryImpl> <BEA-000000> <Session Session-11 connected for user id testuser1>
<Mar 18, 2011 12:20:38 PM CDT> <Warning> <oracle.webcenter.doclib.view> <WCS-07006> <run-time error obtaining content repository
oracle.webcenter.doclib.internal.view.DoclibJCRException: Repository error
at oracle.webcenter.doclib.internal.view.JCRRepositoryLogic.getItem(JCRRepositoryLogic.java:855)
at oracle.webcenter.doclib.internal.view.CISRepositoryLogic.getDefaultFolder(CISRepositoryLogic.java:315)
...

Caused By: javax.jcr.ItemNotFoundException: Unable to get folder info for dCollectionID = 13
at oracle.jcr.impl.ExceptionFactory.itemNotFound(ExceptionFactory.java:587)
at oracle.stellent.jcr.IdcPersistenceManager.getResourceByUUID(IdcPersistenceManager.java:433)
at oracle.jcr.impl.TransientLayer.getResourceByUUID(TransientLayer.java:323)
at oracle.jcr.impl.OracleSessionImpl.getNodeByUUID(OracleSessionImpl.java:279)
...

Caused By: oracle.stellent.ridc.protocol.ServiceException: Unable to display virtual folder information. Cannot read folder.
at oracle.stellent.ridc.protocol.ServiceResponse.getResponseAsBinder(ServiceResponse.java:116)
at oracle.stellent.ridc.protocol.ServiceResponse.getResponseAsBinder(ServiceResponse.java:92)
at oracle.stellent.jcr.IdcPersistenceManager.getResourceByUUID(IdcPersistenceManager.java:421)
...




The issue can be reproduced at will with the following steps:

  1. Configure WebCenter and UCM to use Active Directory LDAP store.

  2. Give grants in a group space to an Active Directory Group.

  3. Create a New User and add that user to the Active Directory Group so he can see the Group Space from previous step.

  4. Sign into Spaces as the New User and confirm the user can see the Group Space.

  5. Navigate to the Documents Page in the Group Space.
    It will show the following error:

    Contact the administrator to ensure that the configuration is correct and that the directory exists and is accessible.

  6. Sign into Spaces as an administrator user and give grants to the User as a direct member of the group space.

  7. Log back into Spaces as the New User.

  8. Navigate to the Documents Page in the Group Space.
    The user is able to see the documents when given direct grants.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms