Pre-12.2 DB DBMS_LDAP and OID LDAP Client ldapearch Return No Results from an Extensible Search Filter LDAP_MATCHING_RULE_IN_CHAIN ( 1.2.840.113522.214.171.1241 ) Operation Against AD
(Doc ID 2432494.1)
Last updated on MARCH 06, 2019
Applies to:Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.
Microsoft (MS) Active Directory (AD) supports a matching operator LDAP_MATCHING_RULE_IN_CHAIN or 1.2.840.1135126.96.36.1991 extensible search filter (RFC 2254), to perform server-based search for an AD user's nested group membership.
Oracle Internet Directory (OID) LDAP client (ldapsearch) and DBMS_LDAP embedded with Oracle Database (DB) versions lower than 12.2 do not pass the operator to the AD server, so it does not retrieve all the AD groups of which the user is a member.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document