OID/OVD/OUD Integrated with EUS and AD; Searching for Users While Mapping User or Role in EM Cloud Control 12c/13c, the Usernames With Last Names Followed By Escaped Commas, then First Names, Are Only Partially Displayed, up to the Backslash
(Doc ID 1577097.1)
Last updated on NOVEMBER 14, 2023
Applies to:
Oracle Internet Directory - Version 11.1.1.9.0 and laterAdvanced Networking Option - Version 12.1.0.1 and later
Oracle Virtual Directory - Version 11.1.1.9.0 and later
Oracle Unified Directory - Version 11.1.2.3.0 and later
Information in this document applies to any platform.
Symptoms
Oracle Virtual Directory (OVD), Oracle Internet Directory (OID) or Oracle Unified Directory (OUD) 11g or 12c, integrated with Enterprise User Security (EUS) and MS Active Directory (AD).
The Database (DB) was successfully registered, the shared schema created and mapped, and global role created and mapped in OVD.
Able to log into a registered database with a user using his/her AD credentials.
Now trying to add the user to the mapped global role.
Issue #1:
When searching for users under Grantees in Oracle Enterprise Manager (OEM or EM) Cloud Control 12c/13c, the usernames are not displayed correctly, or are not showing up in a useful manner.
AD Users Distinguished Names (DN) RDN (typically the CN) values that include a backslash-escaped comma, i.e. in the form of <Last Name\, First name> , are displayed but only their last names are visible.
If there are several users with the same last name, there is no way to tell who is who. For example, several users with the last name of <LASTNAME> all display the same, as <LASTNAME>\.
Some users do not show up under Users, but show up under Groups. The following are all users DNs, but not all show up under Users, for example:
(Under Users) cn=<LASTNAME>\, <FIRSTNAME>,OU=<OU1>,OU=<OU2>,cn=UsersGroups,dc=<DOMAIN>,dc=com
(Under Users) cn=<ADMIN_USER>,OU=Users,OU=<OU3>,cn=UsersGroups,dc=<DOMAIN>,dc=com
(Under Groups) cn=<LASTNAME>\, <FIRSTNAME2>,OU=<OU1>,OU=<OU2>,cn=UsersGroups,dc=<DOMAIN>,dc=com
(Under Users) cn=<LASTNAME>\ <FIRSTNAME3>,cn=Users,cn=UsersGroups,dc=<DOMAIN>,dc=com
The issue can be reproduced with the following steps:
1. Login to EM Cloud Control and navigate to Administration menu > Security > Enterprise User Security > Manage Enterprise Domains > Databases > Enterprise Roles tab > Edit Enterprise Role > Grantees tab, and select the Add button.
2. Select and enter:
Select : Users or Groups
View: User
Search Base: cn=UsersGroups,dc=<DOMAIN>,dc=com
Name: <LASTNAME>
3. See, for example, four entries for users that have the same last name displayed in the exact the same way, making them indistinguishable:
Name: <LASTNAME>\
Name: <LASTNAME>\
Name: <LASTNAME>\
In addition, under EM Administration menu > Security > Enterprise User Security > Manage Enterprise Domain > Configure Domain > Create Mapping:
- Searching with no value just lists<LASTNAME>\ with no firstname. The same search in 11.2.0.3 EM DB Console does correctly show the firstname after the backslashed comma (\,).
- Searching on <LASTNAME> value returns all results including the firstnames. Searching for a <FIRSTNAME> value returns no results. These same results occur in 11.2.0.3 EM.
Issue #2:
Trying to map an AD virtualized user to a global database user in EM 12c/13c fails with:
Configure User : <LASTNAME> - Errors
From Enterprise User(s) - Invalid input value
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |