My Oracle Support Banner

OVD 11g Unable to Log into OAM with UID Where OVD is Configured with a LSA and 2 LDAP Adapters Containing the Same UID for User "OAMSSA-20023: Authentication Failure for user" "Entity not unique for the search filter" (Doc ID 2338894.1)

Last updated on AUGUST 30, 2023

Applies to:

Oracle Virtual Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

Unable to log into OAM with UID where OVD is configured with one LSA and 2 LDAP adapters containing the same UID for a user entry.

 

OAM logs show:

[2017-11-28T13:11:07.708-05:00] [<OAM>] [ERROR] [OAMSSA-20023] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: <ECID>] [APP: <OAM>] Authentication Failure for user : <USERNAME>, for idstore <IDSTORE_NAME> with exception oracle.igf.ids.EntityNotUniqueException: Entity not unique for the search filter (&(objectclass=person)(uid=<USERNAME>)). with primary error message {3}


Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20023: Authentication Failure for user : <USERNAME>, for idstore <IDSTORE_NAME> with exception oracle.igf.ids.EntityNotUniqueException: Entity not unique for the search filter (&(objectclass=person)(uid=<USERNAME>)). with primary error message {3}


OVD access logs shows 2 entries were found

[2017-11-28T13:11:31.575-05:00] [octetstring] [NOTIFICATION] [OVD-20043] [com.octetstring.accesslog] [tid: xx] [ecid: <ECID>] conn=62,671 op=3 SRCH base=dc=<COMPANY>,dc=com scope=2 filter=(&(objectclass=person)(uid=<USERNAME>)) requestedAttributes=[uid, mail, sn, cn, description, orclguid, givenname, telephonenumber, objectclass, displayname] sizelimit=0 timelimit=0 typesOnly=FALSE

[2017-11-28T13:11:33.336-05:00] [octetstring] [NOTIFICATION] [OVD-20044] [com.octetstring.accesslog] [tid: xx] [ecid: <ECID>] conn=62,671 op=3 RESULT err=0 tag=0 nentries=2 etime=1,761 dbtime=0 mem=86,860,840/258,146,304

Changes

 Configuration of OVD contains a LSA with root of dc=<COMPANY>,dc=com

and 2 LDAP adapters with Roots of dc=<AD_USERS>,dc=<COMPANY>,dc=com and dc=<OID_USERS>,dc=<COMPANY>,dc=com

There are only a small set of common users in both LDAP backend servers.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
 UniqueEntry Plug-In


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.