OUD 11g / 12c - Deleting Users from LDAP Doesn't Delete the User Group Membership
(Doc ID 2466098.1)
Last updated on DECEMBER 22, 2022
Applies to:
Oracle Unified Directory - Version 11.1.2.3.0 and laterInformation in this document applies to any platform.
Symptoms
After the deletion of entries in the branch ou=People,dc=SUFFIX_DN, their group membership isn't deleted
i.e. in the groups, the multi-valued attribute uniquemember still had values of the respective users' DN.
Example:
0. Created cn=TEST_USER
==========
./ldapsearch -h localhost -p LDAP_PORT -D "cn=DS_ADMIN" -j <PASSWORD> -b dc=SUFFIX_DN "(cn=TEST_USER)"
dn: cn=TEST_USER,ou=People,dc=SUFFIX_DN
givenName: Test
objectClass: orcluserV2
objectClass: oblixOrgPerson
objectClass: person
objectClass: organizationalPerson
objectClass: oblixPersonPwdPolicy
objectClass: inetOrgPerson
objectClass: orcluser
objectClass: orclIDXPerson
objectClass: top
uid: TEST_USER
cn: TEST_USER
sn: Testy
userPassword:{SSHA512}<HASHED_PASSWORD>
mail: username@example.domain
oblastfailedlogin: 2017-09-06T19:38:44Z
oblastsuccessfullogin: 2017-09-06T19:40:13Z
oblogintrycount: 0
employeeType: Professional
preferredLanguage: RU
employeeNumber: IIN_TEST_USER
1. Created group
===========================
./ldapsearch -h localhost -p LDAP_PORT -D "cn=DS_ADMIN" -j <PASSWORD> -b dc=SUFFIX_DN "(cn=OID_of_the_group)"
dn: cn=OID_of_the_group,ou=Groups,dc=SUFFIX_DN
objectClass: groupOfUniquenames
objectClass: top
description: TEST_GROUP
cn: OID_of_the_group
2. Added cn=TEST_USER,ou=People,dc=SUFFIX_DN to the group:
================================================
$ ./ldapsearch -h localhost -p LDAP_PORT -D "cn=DS_ADMIN" -j <PASSWORD> -b dc=SUFFIX_DN "(cn=TEST_USER)" +
dn: cn=TEST_USER,ou=People,dc=SUFFIX_DN
pwdPolicySubentry: cn=Default Password Policy,cn=Password Policies,cn=config
subschemaSubentry: cn=schema
isMemberOf: cn=OID_of_the_group,ou=Groups,dc=SUFFIX_DN <<====the user belongs to OID_of_the_group
createTimestamp: 20181009132801Z
pwdChangedTime: 20181009132801.159Z
numSubordinates: 0
hasSubordinates: false
entryDN: cn=TEST_USER,ou=people,dc=SUFFIX_DN
creatorsName: cn=DS_ADMIN
modifyTimestamp: 20181009132801Z
modifiersName: cn=DS_ADMIN
3. DELETION OF THE USER:
===================
$ ./ldapdelete -h localhost -p LDAP_PORT -D "cn=DS_ADMIN" -j <PASSWORD> cn=TEST_USER,ou=People,dc=SUFFIX_DN
Processing DELETE request for cn=TEST_USER,ou=People,dc=SUFFIX_DN
DELETE operation successful for DN cn=TEST_USER,ou=People,dc=SUFFIX_DN
4. SEARCH FOR THE USER
===============================================
./ldapsearch -h localhost -p LDAP_PORT -D "cn=DS_ADMIN" -j <PASSWORD> -b dc=SUFFIX_DN "(cn=TEST_USER)"
==> no row returned (user deleted)
5. SEARCH OF THE GROUP:
===================
$ ./ldapsearch -h localhost -p LDAP_PORT -D "cn=DS_ADMIN" -j <PASSWORD> -b dc=SUFFIX_DN "(cn=OID_of_the_group)"
dn: cn=OID_of_the_group,ou=Groups,dc=SUFFIX_DN
objectClass: groupOfUniquenames
objectClass: top
description: TEST_GROUP
cn: OID_of_the_group
uniquemember: cn=TEST_USER,ou=People,dc=SUFFIX_DN <<==== still showing deleted user
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |