LibOVD 11g LDAP Adapter Does Not Honor Exclusion Filter - Filter is Ignored
(Doc ID 2149463.1)
Last updated on NOVEMBER 27, 2019
Applies to:
Oracle Virtual Directory - Version 11.1.1.1.0 and laterInformation in this document applies to any platform.
Symptoms
- On an existing libOVD adapter define an exclusion search filter for example by editing the adapters.os_xml file like this:
(|(manager=*,dc=<BASE_DOMAIN>)(uniquemember=*,dc=<BASE_DOMAIN>))
- Run an ldapsearch against that adapter including one of the terms in the exclusion search filter, so me excerpt from logs:
a)
[14/Mar/2016:08:37:20 -0600] conn=169223 op=2 msgId=3 - SRCH base="ou=groups,dc=<COMPANY>,dc=com" scope=2
filter="(uniqueMember=uid=<UID1>,ou=people,ou=<OU>,dc=<BASE_DOMAIN>)" attrs="mail sn cn description usernameattr givenName loginid objectClass displayName nsUniqueId uid"
[14/Mar/2016:08:37:20 -0600] conn=169223 op=2 msgId=3 - RESULT err=0 tag=101 nentries=0 etime=0
b)
[14/Mar/2016:08:37:20 -0600] conn=169217 op=6 msgId=7 - SRCH base="ou=people,dc=<COMPANY>,dc=com" scope=2 filter="(&(uid=<UID2>)(objectClass=person))" attrs="mail sn cn description
usernameattr givenName loginid objectClass displayName usernameattrnsUniqueId uid"
[14/Mar/2016:08:37:20 -0600] conn=169217 op=6 msgId=7 - RESULT err=0 tag=101 nentries=1 etime=0
c)
[14/Mar/2016:08:37:20 -0600] conn=169223 op=3 msgId=4 - SRCH base="ou=groups,dc=<COMPANY>,dc=com" scope=2 filter="(uniqueMember=uid=<UID2>,ou=people,dc=<COMPANY>,dc=com)" attrs="mail
sn cn description usernameattr givenName loginid objectClass displayNamensUniqueId uid"
[14/Mar/2016:08:37:20 -0600] conn=169223 op=3 msgId=4 - RESULT err=0 tag=101 nentries=0 etime=0
d)
[14/Mar/2016:08:37:20 -0600] conn=169217 op=7 msgId=8 - SRCH base="ou=people,dc=<COMPANY>,dc=com" scope=2 filter="(manager=uid=<UID1>,ou=people,ou=<OU>,dc=<BASE_DOMAIN>)"
attrs="mail sn cn description usernameattr givenName loginid objectClass displayName nsUniqueId uid"
[14/Mar/2016:08:37:20 -0600] conn=169217 op=7 msgId=8 - RESULT err=0 tag=101 nentries=0 etime=0 notes=U
e)
[14/Mar/2016:08:37:20 -0600] conn=169218 op=2 msgId=3 - SRCH base="ou=people,dc=<COMPANY>,dc=com" scope=2 filter="(&(uid=<UID3>)(objectClass=person))" attrs="mail sn cn description
usernameattr givenName loginid objectClass displayName usernameattr nsUniqueId uid"
[14/Mar/2016:08:37:20 -0600] conn=169218 op=2 msgId=3 - RESULT err=0 tag=101 nentries=0 etime=0
We see in case a), c) and d) filter including one of the terms from exclusion search filter
And thus the exclusion filter is ignored and libOVD sends it to the adapter, search is still sent to backend ldap
The question is why is this search being sent to backend ldap when exclusion filters have been set in the adapter?
Filter works when directly querying the backend ldap adapter.
Changes
Trying to use exclusion search filter with LibOVD
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |