OVD 11g Unable to Log into OAM with UID Where OVD is Configured with a LSA and 2 LDAP Adapters Containing the Same UID for User "OAMSSA-20023: Authentication Failure for user" "Entity not unique for the search filter"

(Doc ID 2338894.1)

Last updated on DECEMBER 13, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

Unable to log into OAM with UID where OVD is configured with one LSA and 2 LDAP adapters containing the same UID for a user entry.

 

OAM logs show:

[2017-11-28T13:11:07.708-05:00] [oam_server1] [ERROR] [OAMSSA-20023] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: %ecidnumber] [APP: oam_server#11.1.2.0.0] Authentication Failure for user : test.user1, for idstore OVDSTORE with exception oracle.igf.ids.EntityNotUniqueException: Entity not unique for the search filter (&(objectclass=person)(uid=test.user1)). with primary error message {3}


Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20023: Authentication Failure for user : test.user1, for idstore OVDSTORE with exception oracle.igf.ids.EntityNotUniqueException: Entity not unique for the search filter (&(objectclass=person)(uid=test.user1)). with primary error message {3}


OVD access logs shows 2 entries were found

[2017-11-28T13:11:31.575-05:00] [octetstring] [NOTIFICATION] [OVD-20043] [com.octetstring.accesslog] [tid: 23] [ecid: %ecidnumber] conn=62,671 op=3 SRCH base=dc=ovd,dc=com scope=2 filter=(&(objectclass=person)(uid=test.user1)) requestedAttributes=[uid, mail, sn, cn, description, orclguid, givenname, telephonenumber, objectclass, displayname] sizelimit=0 timelimit=0 typesOnly=FALSE

[2017-11-28T13:11:33.336-05:00] [octetstring] [NOTIFICATION] [OVD-20044] [com.octetstring.accesslog] [tid: 23] [ecid:%ecidnumber] conn=62,671 op=3 RESULT err=0 tag=0 nentries=2 etime=1,761 dbtime=0 mem=86,860,840/258,146,304

Changes

 Configuration of OVD contains a LSA with root of dc=ovd,dc=com

and 2 LDAP adapters with Roots of dc=adusers,dc=ovd,dc=com and dc=oidusers,dc=ovd,dc=com

There are only a small set of common users in both LDAP backend servers.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms