Active Directory LDAP Provider - Cannot Remove All Groups Filter

(Doc ID 2310285.1)

Last updated on DECEMBER 11, 2017

Applies to:

Oracle WebLogic Server - Version 10.3.6 to 12.2.1.3.0
Information in this document applies to any platform.

Symptoms

On : 12.2.1.2.0 version, WLS Security

When configuring an ActiveDirectoryAuthenticator in Weblogic, once a value has been added and saved to the All Groups Filter, it cannot be removed, only changed. When you change it to an empty value and click save, a message is displayed saying "All changes have been activated. No restarts are necessary." If you change it to any other value, a restart is necessary.

NOTE: This document was written based on the confirmation of the solution when using the ActiveDirectoryAuthenticator. It is possible that the same issue can occur for other authentication types such as Open LDAP.
Therefore the solution may be applicable in those cases, but are outside the scope of this document as written at this time.


It is expected to be able to remove the value of the All Groups Filter.


The issue can be reproduced at will with the following steps:


1. Create new Active Directory provider.

2. Once the provider is created, enter a value for "All Users Filter" or "All
Groups Filter" in the Provider Specific page.

3. Save and activate the changes, restart the AdminServer.

4. Open the console and try to remove the text specified for "All Users
Filter" or "All Groups Filter".

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms