LibOVD Not Honoring Active Directory Nested Groups For Accounts. Application Log Error: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : Bad LDAP Filter.

(Doc ID 2382911.1)

Last updated on APRIL 05, 2018

Applies to:

Oracle Virtual Directory - Version 12.2.1.0.0 to 12.2.1.2.0 [Release 12c]
Information in this document applies to any platform.

Symptoms

Library OVD (libOVD) versions 12.2.1.0.0 through 12.2.1.2.0.

LibOVD is not honoring Microsoft (MS) Active Directory (AD) nested groups for Accounts.

After upgrading to 12c, security permissions for Accounts from Active Directory are not being returned. If the group nesting is more than two levels deep, the security is ignored.

The integrated application log may show, for example:

oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : Bad LDAP Filter.
at oracle.ods.virtualization.engine.util.ParseFilter.parse(ParseFilter.java:308)
at oracle.ods.virtualization.engine.chain.plugins.groupmembership.NestedGroupEntrySet.getNextMemberOfGroups(NestedGroupEntrySet.java:325)
at oracle.ods.virtualization.engine.chain.plugins.groupmembership.NestedGroupEntrySet.hasMore(NestedGroupEntrySet.java:411)
at oracle.ods.virtualization.operation.SearchResultCollection.hasNext(SearchResultCollection.java:98)
at com.oracle.ovd.arisid.OvdIdsResultSet.hasMore(OvdIdsResultSet.java:224)
at oracle.igf.ids.IDSResultSet.hasMore(IDSResultSet.java:118)
at idc.provider.jps.JpsUserProvider.loadSecurityInfo(JpsUserProvider.java:481)
at idc.provider.jps.JpsUserProvider.checkCredentials(JpsUserProvider.java:239)
at intradoc.server.UserStorageImplementor.checkExternalProvidersForUser(UserStorageImplementor.java:631)
at intradoc.server.UserStorageImplementor.retrieveUserDatabaseProfileDataImplement(UserStorageImplementor.java:341)
at intradoc.server.UserStorage.retrieveUserDatabaseProfileDataEx(UserStorage.java:163)
at intradoc.server.UserStorageUtils.loadUserData(UserStorageUtils.java:87)
at intradoc.server.ServiceSecurityImplementor.loadUserData(ServiceSecurityImplementor.java:675)
at intradoc.server.ServiceSecurityImplementor.globalSecurityCheck(ServiceSecurityImplementor.java:226)
at intradoc.upload.UploadSecurityImplementor.globalSecurityCheck(UploadSecurityImplementor.java:57)
at intradoc.server.Service.globalSecurityCheck(Service.java:2831)
at intradoc.server.ServiceRequestImplementor.doRequest(ServiceRequestImplementor.java:701)
at intradoc.server.Service.doRequest(Service.java:1991)
at intradoc.server.ServiceManager.processCommand(ServiceManager.java:520)
...<etc>...



Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms