Last updated on JUNE 20, 2016
Applies to:Oracle Internet Directory - Version 11.1.1 and later
Advanced Networking Option - Version 188.8.131.52 and later
Oracle Virtual Directory - Version 184.108.40.206 and later
Information in this document applies to any platform.
Oracle Virtual Directory (OVD) 11g or Oracle Internet Directory (OID) 11g, integrated with Enterprise User Security (EUS) and MS Active Directory (AD).
The Database (DB) was successfully registered, the shared schema created and mapped, and global role created and mapped in OVD.
Able to log into a registered database with a user using his/her AD credentials.
Now trying to add the user to the mapped global role.
When searching for users under Grantees in Oracle Enterprise Manager (OEM or EM) Cloud Control 12c, the usernames are not displayed correctly, or are not showing up in a useful manner.
AD Users Distinguished Names (DN) RDN (typically the CN) values that include a backslash-escaped comma, i.e. in the form of <Last Name\, First name> (for example, cn=Smith\, John), are displayed but only their last names are visible.
If there are several users with the same last name, there is no way to tell who is who. For example, several users with the last name of MyLastName all display the same, as MyLastName\.
Some users do not show up under Users, but show up under Groups. The following are all users DNs, but not all show up under Users, for example:
(Under Users) cn=MyLastName\, MyFirstName,OU=OU1,OU=OU2,cn=UsersGroups,dc=eusovd,dc=com
(Under Users) cn=Admin User,OU=Users,OU=OU3,cn=UsersGroups,dc=eusovd,dc=com
(Under Groups) cn=MyLastName\, OtherFirstName,OU=OU1,OU=OU2,cn=UsersGroups,dc=eusovd,dc=com
(Under Users) cn=MyLastName\,,cn=Users,cn=UsersGroups,dc=eusovd,dc=com
The issue can be reproduced with the following steps:
1. Login to EM Cloud Control and navigate to Administration menu > Security > Enterprise User Security > Manage Enterprise Domains > Databases > Enterprise Roles tab > Edit Enterprise Role > Grantees tab, and select the Add button.
2. Select and enter:
Select : Users or Groups
Search Base: cn=UsersGroups,dc=eusovd,dc=com
3. See, for example, four entries for users that have the same last name displayed in the exact the same way, making them undistinguisheable:
In addition, under 12.1 EM Administration menu > Security > Enterprise User Security > Manage Enterprise Domain > Configure Domain > Create Mapping:
- Searching with no value just lists LastName\ with no firstname. The same search in 220.127.116.11 EM DB Console does correctly show the firstname after the backslashed comma (\,).
- Searching on <LastName> value returns all results including the firstnames. Searching for a <FirstName> value returns no results. These same results occur in 18.104.22.168 EM.
Trying to map an AD virtualized user to a global database user in EM 12c fails with:
Configure User : LastName - Errors
From Enterprise User(s) - Invalid input value
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms