Mapping EUS Users Sync'd to OID from AD, the Users Container is not Displayed / Mapping the AD Sync'd Username in EM Cloud Control Fails with: Unexpected error occurred.
(Doc ID 1612937.1)
Last updated on APRIL 12, 2022
Applies to:
Advanced Networking Option - Version 11.0 and laterOracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.
Symptoms
Configuring a Database user (globally) and mapping Enterprise User Security (EUS) to authenticate via Oracle Internet Directory (OID) 11g or 12c.
The OID Directory Information Tree (DIT) looks as follows, for example:
+ cn=Calendar Server,dc=<company>,dc=com
+ cn=Groups,dc=<company>,dc=com
+ cn=Groups,dc=<company>,dc=com
+ cn=Users,dc=<company>,dc=com
+ o=myorg,dc=<company>,dc=com
+ o=myadorg,dc=<company>,dc=com
All the users desired for EUS integration have been synchronized from Microsoft Active Directory (MS AD) into OID and are stored under "o=myadorg,dc=<company>,dc=com".
When trying to map those users on Enterprise User Directory, only the users under the default User container of "cn=Users,dc=<company>,dc=com" are displayed. The container where the AD users are sync'd is not displayed.
In Enterprise Manager (EM) Cloud Control 12c, navigating to Oracle Internet Directory Login > Enterprise User Security > Manage Enterprise Domains > Configure Domain: OracleDefaultDomain > From:
And entering a username/DN for the user in the desired OID DIT tree, for example:
And the schema under > To:
The following error is returned:
Unexpected error occurred. Please contact Oracle Support with these files.
- <EM_INSTANCE_BASE>/user_projects/domains/<domain_name>/servers/<SERVER_NAME>/logs/access.log
- <EM_INSTANCE_BASE>/user_projects/domains/<domain_name>/servers/<SERVER_NAME>/logs/<SERVER_NAME>-diagnostic.log
- <EM_INSTANCE_BASE>/em/<OMS_NAME>/sysman/log/emoms.trc
Note: Cannot reconfigure the base search of the realm as there are also other applications using that configuration and it cannot be changed.
How to configure EUS and be able to search users below "o=myadorg,dc=<company>,dc=com"? Can Oracle Directory Services Manager (ODSM) be used?
And in EM, Enterprise User Security > User - Schema Mapping, how to map each desired user in OID to a corresponding user on the Database?
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |