OVD 11g Unable to Log into OAM with UID Where OVD is Configured with a LSA and 2 LDAP Adapters Containing the Same UID for User "OAMSSA-20023: Authentication Failure for user" "Entity not unique for the search filter"
(Doc ID 2338894.1)
Last updated on AUGUST 30, 2023
Applies to:
Oracle Virtual Directory - Version 11.1.1.9.0 and laterInformation in this document applies to any platform.
Symptoms
Unable to log into OAM with UID where OVD is configured with one LSA and 2 LDAP adapters containing the same UID for a user entry.
OAM logs show:
[2017-11-28T13:11:07.708-05:00] [<OAM>] [ERROR] [OAMSSA-20023] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: <ECID>] [APP: <OAM>] Authentication Failure for user : <USERNAME>, for idstore <IDSTORE_NAME> with exception oracle.igf.ids.EntityNotUniqueException: Entity not unique for the search filter (&(objectclass=person)(uid=<USERNAME>)). with primary error message {3}
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20023: Authentication Failure for user : <USERNAME>, for idstore <IDSTORE_NAME> with exception oracle.igf.ids.EntityNotUniqueException: Entity not unique for the search filter (&(objectclass=person)(uid=<USERNAME>)). with primary error message {3}
OVD access logs shows 2 entries were found
[2017-11-28T13:11:31.575-05:00] [octetstring] [NOTIFICATION] [OVD-20043] [com.octetstring.accesslog] [tid: xx] [ecid: <ECID>] conn=62,671 op=3 SRCH base=dc=<COMPANY>,dc=com scope=2 filter=(&(objectclass=person)(uid=<USERNAME>)) requestedAttributes=[uid, mail, sn, cn, description, orclguid, givenname, telephonenumber, objectclass, displayname] sizelimit=0 timelimit=0 typesOnly=FALSE
[2017-11-28T13:11:33.336-05:00] [octetstring] [NOTIFICATION] [OVD-20044] [com.octetstring.accesslog] [tid: xx] [ecid: <ECID>] conn=62,671 op=3 RESULT err=0 tag=0 nentries=2 etime=1,761 dbtime=0 mem=86,860,840/258,146,304
Changes
Configuration of OVD contains a LSA with root of dc=<COMPANY>,dc=com
and 2 LDAP adapters with Roots of dc=<AD_USERS>,dc=<COMPANY>,dc=com and dc=<OID_USERS>,dc=<COMPANY>,dc=com
There are only a small set of common users in both LDAP backend servers.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
UniqueEntry Plug-In |