Mapping EUS Users Sync'd to OID 11g from AD, the Users Container is not Displayed / Mapping the AD Sync'd Username in EM Cloud Control 12c Fails with: Unexpected error occurred.

(Doc ID 1612937.1)

Last updated on AUGUST 11, 2017

Applies to:

Advanced Networking Option - Version 11.0 and later
Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.

Symptoms

Configuring a Database user (globally) and mapping Enterprise User Security (EUS) to authenticate via Oracle Internet Directory (OID) 11g.

The OID Directory Information Tree (DIT) looks as follows, for example:

- dc=mycompany,dc=com
   + cn=Calendar Server,dc=mycompany,dc=com
   + cn=Groups,dc=mycompany,dc=com
   + cn=Groups,dc=mycompany,dc=com
   + cn=Users,dc=mycompany,dc=com
   + o=myorg,dc=mycompany,dc=com
   + o=myadorg,dc=mycompany,dc=com

All the users desired for EUS integration have been synchronized from Microsoft Active Directory (MS AD) into OID and are stored under "o=myadorg,dc=mycompany,dc=com".

When trying to map those users on Enterprise User Directory, only the users under the default User container of "cn=Users,dc=mycompany,dc=com" are displayed.  The container where the AD users are sync'd is not displayed.


In Enterprise Manager (EM) Cloud Control 12c, navigating to Oracle Internet Directory Login > Enterprise User Security > Manage Enterprise Domains > Configure Domain: OracleDefaultDomain > From:

And entering a username/DN for the user in the desired OID DIT tree, for example:

(o) User name: cn=user1,cn=Users,o=myadorg,dc=mycompany,dc=com

And the schema under > To:

Schema: user1

The following error is returned:

(x) Error
Unexpected error occurred. Please contact Oracle Support with these files.

- <EM_INSTANCE_BASE>/user_projects/domains/<domain_name>/servers/<SERVER_NAME>/logs/access.log
- <EM_INSTANCE_BASE>/user_projects/domains/<domain_name>/servers/<SERVER_NAME>/logs/<SERVER_NAME>-diagnostic.log
- <EM_INSTANCE_BASE>/em/<OMS_NAME>/sysman/log/emoms.trc


Note: Cannot reconfigure the base search of the realm as there are also other applications using that configuration and it cannot be changed.

How to configure EUS and be able to search users below "o=myadorg,dc=mycompany,dc=com"? Can Oracle Directory Services Manager (ODSM) be used?

And in EM, Enterprise User Security > User - Schema Mapping, how to map each desired user in OID to a corresponding user on the Database?

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms