OUD 11g / 12c - Complex Search Filter that Incorporates the "IsMemberOf" Virtual Attribute May Incorrectly Return Zero Entries
(Doc ID 2441702.1)
Last updated on DECEMBER 14, 2022
Applies to:
Oracle Unified Directory - Version 11.1.2.3.0 and laterInformation in this document applies to any platform.
Symptoms
Under certain circumstances where the total number of entries exceeds the default index entry limit of 4000, OUD may incorrectly return no entries for complex search filters that include the isMemberOf virtual attribute.
Take for example a nested static group named "cn=all groups,ou=Groups,dc=SUFFIX_DN" that contains other static groups...
cn=Accounting Managers,ou=groups,dc=SUFFIX_DN
cn=Directory Administrators,ou=Groups,dc=SUFFIX_DN
cn=HR Managers,ou=groups,dc=SUFFIX_DN
cn=PD Managers,ou=groups,dc=SUFFIX_DN
cn=QA Managers,ou=groups,dc=SUFFIX_DN
The following search is successfully executed to find all inetorgperson members who belong to "cn=all groups,ou=Groups,dc=SUFFIX_DN" and the nested static groups within it...
$ ./ldapsearch -p LDAP_PORT -D "cn=DS_ADMIN" -w <PASSWORD> -b "dc=SUFFIX_DN" "(&(objectclass=inetorgperson)(ismemberof=cn=all groups,ou=Groups,dc=SUFFIX_DN))" dn
dn: uid=USER.1,ou=People,dc=SUFFIX_DN
dn: uid=USER.2,ou=People,dc=SUFFIX_DN
dn: uid=USER.3,ou=People,dc=SUFFIX_DN
dn: uid=USER.4,ou=People,dc=SUFFIX_DN
dn: uid=USER.5,ou=People,dc=SUFFIX_DN
dn: uid=USER.6,ou=People,dc=SUFFIX_DN
dn: uid=USER.7,ou=People,dc=SUFFIX_DN
dn: uid=USER.8,ou=People,dc=SUFFIX_DN
$
However, if the total number of entries within the OUD instance grows beyond the default index entry limit of 4000, the same search may incorrectly return zero entries (note that the "cn=all groups,ou=Groups,dc=SUFFIX_DN" nested static group and its members remain unchanged)...
$
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |