My Oracle Support Banner

OAM Base Search To OVD 11g Requesting "1.1" Attribute Returns [LDAP: error code 16 - No Such Attribute] When It Should Return Just 0 Matches / No Entries (Doc ID 1449182.1)

Last updated on OCTOBER 31, 2019

Applies to:

Oracle Virtual Directory - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory (OVD) 11g, i.e., 11.1.1.5, integrated with Oracle Access Manager (OAM).

A query run by OAM 10g to OVD 11g, to determine whether a user is a member of a dynamic group, is not working.

When trying the same query via command line directly against OVD 11g, on an object where the filter attribute (businessCategory for example) is empty, should get an empty result set.  Instead, OVD returns LDAP error 16:


Looking at the backend LDAP directory log, OVD is sending an ldapcompare request, instead of an ldapsearch as requested by the client.  An ldapcompare in this scenario will indeed return an error, whereas the ldapsearch will not.

Verified that the attribute, i.e. businessCategory, is a retrievable attribute on the adapter, although it is not populated for the user.

The issue is specific to the search with base scope and the 1.1 return attribute.  If changing the scope to something other than base, or if requesting return attribute(s) other than 1.1, then the ldapsearch returns zero matches and no error, as expected / desired.  The behavior of ldapcompare is consistent with these results.

Tested with both a local store and an LDAP adapter to an external directory; get the same results for both.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.