My Oracle Support Banner

OUD 11g / 12c - Deleting Users From LDAP Doesn't Delete Their Group Membership (Doc ID 2466098.1)

Last updated on MARCH 01, 2019

Applies to:

Oracle Unified Directory - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

After deletion of entries in the branch ou=People,dc=example,dc=domain, their group membership isn't deleted

i.e. in the groups the multi-valued attribute uniquemember still had values of the respective users DN.

Example:

0. Created cn=testUser

==========

./ldapsearch -h localhost -p 8389 -D "cn=Directory Manager" -j <PASSWORD> -b dc=example,dc=domain "(cn=testUser)"
dn: cn=testUser,ou=People,dc=example,dc=domain
givenName: Test
objectClass: orcluserV2
objectClass: oblixOrgPerson
objectClass: person
objectClass: organizationalPerson
objectClass: oblixPersonPwdPolicy
objectClass: inetOrgPerson
objectClass: orcluser
objectClass: orclIDXPerson
objectClass: top
uid: testUser
cn: testUser
sn: Testy
userPassword:{SSHA512}<HASHED_PASSWORD>
mail: username@example.domain
oblastfailedlogin: 2017-09-06T19:38:44Z
oblastsuccessfullogin: 2017-09-06T19:40:13Z
oblogintrycount: 0
employeeType: Professional
preferredLanguage: RU
employeeNumber: IIN_testUser

 

1. Created group

===========================

./ldapsearch -h localhost -p 8389 -D "cn=Directory Manager" -j <PASSWORD> -b dc=example,dc=domain "(cn=OID_of_the_group)"
dn: cn=OID_of_the_group,ou=Groups,dc=example,dc=domain
objectClass: groupOfUniquenames
objectClass: top
description: TestGroup
cn: OID_of_the_group

2. Added cn=testUser,ou=People,dc=example,dc=domain to the group:

================================================

$ ./ldapsearch -h localhost -p 8389 -D "cn=Directory Manager" -j <PASSWORD> -b dc=example,dc=domain "(cn=testUser)" +
dn: cn=testUser,ou=People,dc=example,dc=domain
orclGUID: 2b14c31d072e4919862f70648f466887
pwdPolicySubentry: cn=Default Password Policy,cn=Password Policies,cn=config
subschemaSubentry: cn=schema
isMemberOf: cn=OID_of_the_group,ou=Groups,dc=example,dc=domain <<====the user belongs to OID_of_the_group
createTimestamp: 20181009132801Z
pwdChangedTime: 20181009132801.159Z
numSubordinates: 0
structuralObjectClass: orclIDXPerson
nsUniqueId: 2b14c31d-072e4919-862f7064-8f466887
hasSubordinates: false
entryDN: cn=testuser,ou=people,dc=example,dc=domain
entryUUID: 2b14c31d-072e-4919-862f-70648f466887
creatorsName: cn=Directory Manager
modifyTimestamp: 20181009132801Z
modifiersName: cn=Directory Manager

 

3. DELETION OF THE USER:

===================

$ ./ldapdelete -h localhost -p 8389 -D "cn=Directory Manager" -j <PASSWORD> cn=testUser,ou=People,dc=example,dc=domain
Processing DELETE request for cn=testUser,ou=People,dc=example,dc=domain
DELETE operation successful for DN cn=testUser,ou=People,dc=example,dc=domain

4. SEARCH OF THE USER

===============================================

./ldapsearch -h localhost -p 8389 -D "cn=Directory Manager" -j <PASSWORD> -b dc=example,dc=domain "(cn=testUser)"
==> no row returned (user deleted)

5. SEARCH OF THE GROUP:

===================

$ ./ldapsearch -h localhost -p 8389 -D "cn=Directory Manager" -j <PASSWORD> -b dc=example,dc=domain "(cn=OID_of_the_group)"
dn: cn=OID_of_the_group,ou=Groups,dc=example,dc=domain
objectClass: groupOfUniquenames
objectClass: top
description: TestGroup
cn: OID_of_the_group
uniquemember: cn=testUser,ou=People,dc=example,dc=domain <<==== still showing deleted user

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.