OID or OVD 11g Integrated with EUS and AD; Searching for Users While Mapping User or Role in EM Cloud Control 12c, the Usernames With Last Names Followed By Escaped Commas, then First Names, Are Only Partially Displayed, up to the Backslash (Doc ID 1577097.1)

Last updated on JUNE 20, 2016

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Advanced Networking Option - Version 12.1.0.1 and later
Oracle Virtual Directory - Version 11.1.1.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory (OVD) 11g or Oracle Internet Directory (OID) 11g, integrated with Enterprise User Security (EUS) and MS Active Directory (AD).

The Database (DB) was successfully registered, the shared schema created and mapped, and global role created and  mapped in OVD.
Able to log into a registered database with a user using his/her AD credentials.

Now trying to add the user to the mapped global role.

Issue #1:
When searching for users under Grantees in Oracle Enterprise Manager (OEM or EM) Cloud Control 12c, the usernames are not displayed correctly, or are not showing up in a useful manner.

AD Users Distinguished Names (DN) RDN (typically the CN) values that include a backslash-escaped comma, i.e. in the form of <Last Name\, First name> (for example, cn=Smith\, John), are displayed but only their last names are visible.

If there are several users with the same last name, there is no way to tell who is who.  For example, several users with the last name of MyLastName all display the same, as MyLastName\.

Some users do not show up under Users, but show up under Groups.  The following are all users DNs, but not all show up under Users, for example:
(Under Users) cn=MyLastName\, MyFirstName,OU=OU1,OU=OU2,cn=UsersGroups,dc=eusovd,dc=com
(Under Users) cn=Admin User,OU=Users,OU=OU3,cn=UsersGroups,dc=eusovd,dc=com
(Under Groups) cn=MyLastName\, OtherFirstName,OU=OU1,OU=OU2,cn=UsersGroups,dc=eusovd,dc=com
(Under Users) cn=MyLastName\,,cn=Users,cn=UsersGroups,dc=eusovd,dc=com

The issue can be reproduced with the following steps:

1. Login to EM Cloud Control and navigate to Administration menu > Security > Enterprise User Security > Manage Enterprise Domains > Databases > Enterprise Roles tab > Edit Enterprise Role > Grantees tab, and select the Add button.

2. Select and enter:
Select : Users or Groups
View: User
Search Base:  cn=UsersGroups,dc=eusovd,dc=com
Name: MyLastName

3.  See, for example, four entries for users that have the same last name displayed in the exact the same way, making them undistinguisheable:

Name: MyLastName\
Name: MyLastName\
Name: MyLastName\
Name: MyLastName\

 

In addition, under 12.1 EM Administration menu > Security > Enterprise User Security > Manage Enterprise Domain > Configure Domain > Create Mapping:
- Searching with no value just lists LastName\ with no firstname.  The same search in 11.2.0.3 EM DB Console does correctly show the firstname after the backslashed comma (\,).
- Searching on <LastName> value returns all results including the firstnames.  Searching for a <FirstName> value returns no results.  These same results occur in 11.2.0.3 EM.

 

Issue #2:
Trying to map an AD virtualized user to a global database user in EM 12c fails with:

Error

Configure User : LastName - Errors
From Enterprise User(s) - Invalid input value

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms