OID or OVD 11g Integrated with EUS and AD; Searching for Users While Mapping User or Role in EM Cloud Control 12c, the Usernames With Last Names Followed By Escaped Commas, then First Names, Are Only Partially Displayed, up to the Backslash
(Doc ID 1577097.1)
Last updated on NOVEMBER 27, 2019
Applies to:Oracle Internet Directory - Version 11.1.1 and later
Advanced Networking Option - Version 22.214.171.124 and later
Oracle Virtual Directory - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
Oracle Virtual Directory (OVD) 11g or Oracle Internet Directory (OID) 11g, integrated with Enterprise User Security (EUS) and MS Active Directory (AD).
The Database (DB) was successfully registered, the shared schema created and mapped, and global role created and mapped in OVD.
Able to log into a registered database with a user using his/her AD credentials.
Now trying to add the user to the mapped global role.
When searching for users under Grantees in Oracle Enterprise Manager (OEM or EM) Cloud Control 12c, the usernames are not displayed correctly, or are not showing up in a useful manner.
AD Users Distinguished Names (DN) RDN (typically the CN) values that include a backslash-escaped comma, i.e. in the form of <Last Name\, First name> , are displayed but only their last names are visible.
If there are several users with the same last name, there is no way to tell who is who. For example, several users with the last name of <LASTNAME> all display the same, as <LASTNAME>\.
Some users do not show up under Users, but show up under Groups. The following are all users DNs, but not all show up under Users, for example:
(Under Users) cn=<LASTNAME>\, <FIRSTNAME>,OU=<OU1>,OU=<OU2>,cn=UsersGroups,dc=<DOMAIN>,dc=com
(Under Users) cn=<ADMIN_USER>,OU=Users,OU=<OU3>,cn=UsersGroups,dc=<DOMAIN>,dc=com
(Under Groups) cn=<LASTNAME>\, <FIRSTNAME2>,OU=<OU1>,OU=<OU2>,cn=UsersGroups,dc=<DOMAIN>,dc=com
(Under Users) cn=<LASTNAME>\ <FIRSTNAME3>,cn=Users,cn=UsersGroups,dc=<DOMAIN>,dc=com
The issue can be reproduced with the following steps:
1. Login to EM Cloud Control and navigate to Administration menu > Security > Enterprise User Security > Manage Enterprise Domains > Databases > Enterprise Roles tab > Edit Enterprise Role > Grantees tab, and select the Add button.
2. Select and enter:
Select : Users or Groups
Search Base: cn=UsersGroups,dc=<DOMAIN>,dc=com
3. See, for example, four entries for users that have the same last name displayed in the exact the same way, making them indistinguishable:
In addition, under 12.1 EM Administration menu > Security > Enterprise User Security > Manage Enterprise Domain > Configure Domain > Create Mapping:
- Searching with no value just lists<LASTNAME>\ with no firstname. The same search in 188.8.131.52 EM DB Console does correctly show the firstname after the backslashed comma (\,).
- Searching on <LASTNAME> value returns all results including the firstnames. Searching for a <FIRSTNAME> value returns no results. These same results occur in 184.108.40.206 EM.
Trying to map an AD virtualized user to a global database user in EM 12c fails with:
Configure User : <LASTNAME> - Errors
From Enterprise User(s) - Invalid input value
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document