Last updated on MARCH 08, 2017
Applies to:Oracle WebCenter Portal - Version 188.8.131.52.1 and later
Information in this document applies to any platform.
Custom WCP application.
An ldap provider was configured with a connection to an AD LDS instance in weblogic. For this the settings needed to change (groupofuniquenames needed to be groups). It is working in weblogic and the users and groups can be seen in the overview.
When deploying a site which has an identity provider set using ldap the admin page does not show the users or groups but gives the following error:
ADF_FACES-60098:Faces levensduur ontvangt niet-afgehandelde uitzonderingen in fase RENDER_RESPONSE 6.
javax.el.ELException: java.lang.RuntimeException: oracle.security.jps.service.idstore.IdentityStoreException: Requested Object Class (groupofuniquenames)not found in cache.
It looks like it is still searching in ldap for 'groupofuniquenames' where in fact it must search for 'groups'. After modifying the jps-config.xml and setting the 'group.object.classes' to 'group' the error still remains.
When wls:active-directory-authenticatorType is used instead of wls:open-ldap-authenticatorType it seems to work.
AD LDS is more like open ldap then active directory; where AD has sAMAccountName as login id, LDS has userPrincipalName.
The main issue is that if 'group' is configured to be the objectClass of ldap groups, WebCenter is still searching for 'groupofuniquenames' (which is openldap default). The same goes for the objectClass 'person' for users where webcenter is still looking for 'inetorgperson' .
The problem comes when I want to access the user store in WebCenter portal application; there it fails because configuration is reverted back to default and ignoring object class settings (it searches for 'groupofuniquenames' instead of the configured value 'group').
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms