Is there a problem with ESSO using CN=<username> to identify the LDAP / AD object whereas AD uses the same naming convention? (Doc ID 1366293.1)

Last updated on JULY 17, 2017

Applies to:

Oracle Enterprise Single Sign-On Suite - Version: 10.1.4.0.1 to 11.1.1.5.0 - Release: 10gR3 to 11g
Information in this document applies to any platform.

Goal

Why does ESSO use the LDAP object name CN=<username>, which is the same object name as the the user's Active Directory container?  This naming convention renders the container name non-unique and generates duplicate objects in an LDAP search for username.  Is this a design flaw on the part of ESSO?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms