My Oracle Support Banner

LibOVD Not Honoring Active Directory Nested Groups For Accounts. Application Log Error: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : Bad LDAP Filter. (Doc ID 2382911.1)

Last updated on AUGUST 30, 2023

Applies to:

Oracle Virtual Directory - Version 12.2.1.0.0 to 12.2.1.2.0 [Release 12c]
Information in this document applies to any platform.

Symptoms

Library OVD (libOVD) versions 12.2.1.0.0 through 12.2.1.2.0.

LibOVD is not honoring Microsoft (MS) Active Directory (AD) nested groups for Accounts.

After upgrading to 12c, security permissions for Accounts from Active Directory are not being returned. If the group nesting is more than two levels deep, the security is ignored.

The integrated application log may show, for example:

oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : Bad LDAP Filter.
at oracle.ods.virtualization.engine.util.ParseFilter.parse(ParseFilter.java:308)
at oracle.ods.virtualization.engine.chain.plugins.groupmembership.NestedGroupEntrySet.getNextMemberOfGroups(NestedGroupEntrySet.java:325)
at oracle.ods.virtualization.engine.chain.plugins.groupmembership.NestedGroupEntrySet.hasMore(NestedGroupEntrySet.java:411)
at oracle.ods.virtualization.operation.SearchResultCollection.hasNext(SearchResultCollection.java:98)
at com.oracle.ovd.arisid.OvdIdsResultSet.hasMore(OvdIdsResultSet.java:224)
at oracle.igf.ids.IDSResultSet.hasMore(IDSResultSet.java:118)
at idc.provider.jps.JpsUserProvider.loadSecurityInfo(JpsUserProvider.java:481)
at idc.provider.jps.JpsUserProvider.checkCredentials(JpsUserProvider.java:239)
at intradoc.server.UserStorageImplementor.checkExternalProvidersForUser(UserStorageImplementor.java:631)
at intradoc.server.UserStorageImplementor.retrieveUserDatabaseProfileDataImplement(UserStorageImplementor.java:341)
at intradoc.server.UserStorage.retrieveUserDatabaseProfileDataEx(UserStorage.java:163)
at intradoc.server.UserStorageUtils.loadUserData(UserStorageUtils.java:87)
at intradoc.server.ServiceSecurityImplementor.loadUserData(ServiceSecurityImplementor.java:675)
at intradoc.server.ServiceSecurityImplementor.globalSecurityCheck(ServiceSecurityImplementor.java:226)
at intradoc.upload.UploadSecurityImplementor.globalSecurityCheck(UploadSecurityImplementor.java:57)
at intradoc.server.Service.globalSecurityCheck(Service.java:2831)
at intradoc.server.ServiceRequestImplementor.doRequest(ServiceRequestImplementor.java:701)
at intradoc.server.Service.doRequest(Service.java:1991)
at intradoc.server.ServiceManager.processCommand(ServiceManager.java:520)
...<etc>...



Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.