LibOVD 11g LDAP Adapter Does Not Honor Exclusion Filter - Filter is Ignored (Doc ID 2149463.1)

Last updated on JUNE 16, 2016

Applies to:

Oracle Virtual Directory - Version 11.1.1.1.0 and later
Information in this document applies to any platform.

Symptoms

- On an existing libOVD adapter define an exclusion search filter for example by editing the adapters.os_xml file like this:
(|(manager=*,dc=base_domain)(uniquemember=*,dc=base_domain))

- Run an ldapsearch against that adapter including one of the terms in the exclusion search filter, so me excerpt from logs:
a)
[14/Mar/2016:08:37:20 -0600] conn=169223 op=2 msgId=3 - SRCH base="ou=groups,dc=example,dc=com" scope=2
filter="(uniqueMember=uid=native1,ou=people,ou=myrealm,dc=base_domain)" attrs="mail sn cn description usernameattr givenName loginid objectClass displayName nsUniqueId uid"
[14/Mar/2016:08:37:20 -0600] conn=169223 op=2 msgId=3 - RESULT err=0 tag=101 nentries=0 etime=0

b)
[14/Mar/2016:08:37:20 -0600] conn=169217 op=6 msgId=7 - SRCH base="ou=people,dc=example,dc=com" scope=2 filter="(&(uid=ajensen)(objectClass=person))" attrs="mail sn cn description
usernameattr givenName loginid objectClass displayName usernameattrnsUniqueId uid"
[14/Mar/2016:08:37:20 -0600] conn=169217 op=6 msgId=7 - RESULT err=0 tag=101 nentries=1 etime=0

c)
[14/Mar/2016:08:37:20 -0600] conn=169223 op=3 msgId=4 - SRCH base="ou=groups,dc=example,dc=com" scope=2 filter="(uniqueMember=uid=ajensen,ou=people,dc=example,dc=com)" attrs="mail
sn cn description usernameattr givenName loginid objectClass displayNamensUniqueId uid"
[14/Mar/2016:08:37:20 -0600] conn=169223 op=3 msgId=4 - RESULT err=0 tag=101 nentries=0 etime=0

d)
[14/Mar/2016:08:37:20 -0600] conn=169217 op=7 msgId=8 - SRCH base="ou=people,dc=example,dc=com" scope=2 filter="(manager=uid=native1,ou=people,ou=myrealm,dc=base_domain)"
attrs="mail sn cn description usernameattr givenName loginid objectClass displayName nsUniqueId uid"
[14/Mar/2016:08:37:20 -0600] conn=169217 op=7 msgId=8 - RESULT err=0 tag=101 nentries=0 etime=0 notes=U

e)
[14/Mar/2016:08:37:20 -0600] conn=169218 op=2 msgId=3 - SRCH base="ou=people,dc=example,dc=com" scope=2 filter="(&(uid=native2)(objectClass=person))" attrs="mail sn cn description
usernameattr givenName loginid objectClass displayName usernameattr nsUniqueId uid"
[14/Mar/2016:08:37:20 -0600] conn=169218 op=2 msgId=3 - RESULT err=0 tag=101 nentries=0 etime=0

We see in case a), c) and d) filter including one of the terms from exclusion search filter
And thus the exclusion filter is ignored and libOVD sends it to the adapter, search is still sent to backend ldap

 

The question is why is this search being sent to backend ldap when exclusion filters have been set in the adapter?
Filter works when directly querying the backend ldap adapter.

Changes

 Trying to use exclusion search filter with LibOVD

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms