My Oracle Support Banner

Pre-12.2 DB DBMS_LDAP and OID LDAP Client ldapearch Return No Results from an Extensible Search Filter LDAP_MATCHING_RULE_IN_CHAIN ( 1.2.840.113556.1.4.1941 ) Operation Against AD (Doc ID 2432494.1)

Last updated on AUGUST 30, 2023

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.


Microsoft (MS) Active Directory (AD) supports a matching operator LDAP_MATCHING_RULE_IN_CHAIN or 1.2.840.113556.1.4.1941 extensible search filter (RFC 2254), to perform server-based search for an AD user's nested group membership.

Oracle Internet Directory (OID) LDAP client (ldapsearch) and DBMS_LDAP embedded with Oracle Database (DB) versions lower than 12.2 do not pass the operator to the AD server, so it does not retrieve all the AD groups of which the user is a member.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.