LibOVD Not Honoring Active Directory Nested Groups For Accounts. Application Log Error: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : Bad LDAP Filter.
(Doc ID 2382911.1)
Last updated on AUGUST 30, 2023
Applies to:
Oracle Virtual Directory - Version 12.2.1.0.0 to 12.2.1.2.0 [Release 12c]Information in this document applies to any platform.
Symptoms
Library OVD (libOVD) versions 12.2.1.0.0 through 12.2.1.2.0.
LibOVD is not honoring Microsoft (MS) Active Directory (AD) nested groups for Accounts.
After upgrading to 12c, security permissions for Accounts from Active Directory are not being returned. If the group nesting is more than two levels deep, the security is ignored.
The integrated application log may show, for example:
oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : Bad LDAP Filter.
at oracle.ods.virtualization.engine.util.ParseFilter.parse(ParseFilter.java:308)
at oracle.ods.virtualization.engine.chain.plugins.groupmembership.NestedGroupEntrySet.getNextMemberOfGroups(NestedGroupEntrySet.java:325)
at oracle.ods.virtualization.engine.chain.plugins.groupmembership.NestedGroupEntrySet.hasMore(NestedGroupEntrySet.java:411)
at oracle.ods.virtualization.operation.SearchResultCollection.hasNext(SearchResultCollection.java:98)
at com.oracle.ovd.arisid.OvdIdsResultSet.hasMore(OvdIdsResultSet.java:224)
at oracle.igf.ids.IDSResultSet.hasMore(IDSResultSet.java:118)
at idc.provider.jps.JpsUserProvider.loadSecurityInfo(JpsUserProvider.java:481)
at idc.provider.jps.JpsUserProvider.checkCredentials(JpsUserProvider.java:239)
at intradoc.server.UserStorageImplementor.checkExternalProvidersForUser(UserStorageImplementor.java:631)
at intradoc.server.UserStorageImplementor.retrieveUserDatabaseProfileDataImplement(UserStorageImplementor.java:341)
at intradoc.server.UserStorage.retrieveUserDatabaseProfileDataEx(UserStorage.java:163)
at intradoc.server.UserStorageUtils.loadUserData(UserStorageUtils.java:87)
at intradoc.server.ServiceSecurityImplementor.loadUserData(ServiceSecurityImplementor.java:675)
at intradoc.server.ServiceSecurityImplementor.globalSecurityCheck(ServiceSecurityImplementor.java:226)
at intradoc.upload.UploadSecurityImplementor.globalSecurityCheck(UploadSecurityImplementor.java:57)
at intradoc.server.Service.globalSecurityCheck(Service.java:2831)
at intradoc.server.ServiceRequestImplementor.doRequest(ServiceRequestImplementor.java:701)
at intradoc.server.Service.doRequest(Service.java:1991)
at intradoc.server.ServiceManager.processCommand(ServiceManager.java:520)
...<etc>...
at oracle.ods.virtualization.engine.util.ParseFilter.parse(ParseFilter.java:308)
at oracle.ods.virtualization.engine.chain.plugins.groupmembership.NestedGroupEntrySet.getNextMemberOfGroups(NestedGroupEntrySet.java:325)
at oracle.ods.virtualization.engine.chain.plugins.groupmembership.NestedGroupEntrySet.hasMore(NestedGroupEntrySet.java:411)
at oracle.ods.virtualization.operation.SearchResultCollection.hasNext(SearchResultCollection.java:98)
at com.oracle.ovd.arisid.OvdIdsResultSet.hasMore(OvdIdsResultSet.java:224)
at oracle.igf.ids.IDSResultSet.hasMore(IDSResultSet.java:118)
at idc.provider.jps.JpsUserProvider.loadSecurityInfo(JpsUserProvider.java:481)
at idc.provider.jps.JpsUserProvider.checkCredentials(JpsUserProvider.java:239)
at intradoc.server.UserStorageImplementor.checkExternalProvidersForUser(UserStorageImplementor.java:631)
at intradoc.server.UserStorageImplementor.retrieveUserDatabaseProfileDataImplement(UserStorageImplementor.java:341)
at intradoc.server.UserStorage.retrieveUserDatabaseProfileDataEx(UserStorage.java:163)
at intradoc.server.UserStorageUtils.loadUserData(UserStorageUtils.java:87)
at intradoc.server.ServiceSecurityImplementor.loadUserData(ServiceSecurityImplementor.java:675)
at intradoc.server.ServiceSecurityImplementor.globalSecurityCheck(ServiceSecurityImplementor.java:226)
at intradoc.upload.UploadSecurityImplementor.globalSecurityCheck(UploadSecurityImplementor.java:57)
at intradoc.server.Service.globalSecurityCheck(Service.java:2831)
at intradoc.server.ServiceRequestImplementor.doRequest(ServiceRequestImplementor.java:701)
at intradoc.server.Service.doRequest(Service.java:1991)
at intradoc.server.ServiceManager.processCommand(ServiceManager.java:520)
...<etc>...
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |