OUD11g - ACI targetattr Not Working as Expected
Last updated on MARCH 01, 2018
Applies to:Oracle Unified Directory - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
OUD 126.96.36.199.0 version
Create a custom ACI to restrict an account to read only certain attributes of the users in ODSM. But it doesn't return the entry as expected.
The issue can be reproduced at will with the following steps:
1. Go to ODSM
2. Select Security Tab
3. Expand the Directory ACLs element.
4. Click on create new ACI icon
Set the fields as follow
Type Operator Target
Target Attribute = (Equals) mail
Allow: Read, Search
userdn="ldap:///uid=user.0, ou=People, dc=example, dc=com"
Be able to restrict a particular account to read only certain attributes of the users
1-Reviewing ACI with ldapsearch
aci: (targetattr = "mail") (version 3.0; acl "testACI"; allow (read,search) userdn = "ldap:///uid=user.0,ou=People,dc=example,dc=com";)
2-Testing and getting no results using "user.0"
3-Changing to admin user "cn=directory manager" getting results
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms