OES11g - retrieves all external Ldap attributes from a user
Last updated on DECEMBER 21, 2015
Applies to:Oracle Entitlements Server - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
The issue has the following business impact:
Due to this issue, users cannot retrieve from external Ldap only a specific attributes needed, instead of, retrieving all user attributes from Ldap
which could impact negatively the performance in the future when a big amount of users will be used
On OES 18.104.22.168.0 version, OES-Config (non-component), OPSS 22.214.171.124.0
After create a Ldap attribute retriever, for example, "mail", OES gets all attributes from the user, not only the desired one.
The expected behavior would be, after create a Ldap attribute retriever, OES should get only the attribute set for the user, for eample just retrieve the "mail"
The issue can be reproduced at will with the following steps:
1. In OES 11gr2, go to SM configuration, launching Security Module Configuration UI
2. Add a new Ldap attribute retriever, completing all settings
3. Making sure, have a successful Test Connection, save changes
4. Add the Attribute in a policy, in condition section, using APM
5. Observing in the Ldap logs all attributes retrieved, requested attribute filter is empty
[2015-12-11T08:48:00.876-05:00] [octetstring] [NOTIFICATION] [OVD-20043] [com.octetstring.accesslog] [tid: 48] [ecid: 0000L6HJ67gCSs^pxSDCiW1MOCJE0011Gd,0] conn=284,479 op=6 SRCH base=c=us scope=2 filter=entrydn=cn=Austin Edward F93P78AA,ou=Personnel,ou=NRO,ou=DoD,o=U.S. Government,c=US requestedAttributes= sizelimit=0 timelimit=0 typesOnly=FALSE
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms