My Oracle Support Banner

OUD 11g / 12c - Deleting Users from LDAP Doesn't Delete the User Group Membership (Doc ID 2466098.1)

Last updated on DECEMBER 22, 2022

Applies to:

Oracle Unified Directory - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

After the deletion of entries in the branch ou=People,dc=SUFFIX_DN, their group membership isn't deleted

i.e. in the groups, the multi-valued attribute uniquemember still had values of the respective users' DN.

Example:

0. Created cn=TEST_USER

==========

./ldapsearch -h localhost -p LDAP_PORT -D "cn=DS_ADMIN" -j <PASSWORD> -b dc=SUFFIX_DN "(cn=TEST_USER)"
dn: cn=TEST_USER,ou=People,dc=SUFFIX_DN
givenName: Test
objectClass: orcluserV2
objectClass: oblixOrgPerson
objectClass: person
objectClass: organizationalPerson
objectClass: oblixPersonPwdPolicy
objectClass: inetOrgPerson
objectClass: orcluser
objectClass: orclIDXPerson
objectClass: top
uid: TEST_USER
cn: TEST_USER
sn: Testy
userPassword:{SSHA512}<HASHED_PASSWORD>
mail: username@example.domain
oblastfailedlogin: 2017-09-06T19:38:44Z
oblastsuccessfullogin: 2017-09-06T19:40:13Z
oblogintrycount: 0
employeeType: Professional
preferredLanguage: RU
employeeNumber: IIN_TEST_USER

 

1. Created group

===========================

./ldapsearch -h localhost -p LDAP_PORT -D "cn=DS_ADMIN" -j <PASSWORD> -b dc=SUFFIX_DN "(cn=OID_of_the_group)"
dn: cn=OID_of_the_group,ou=Groups,dc=SUFFIX_DN
objectClass: groupOfUniquenames
objectClass: top
description: TEST_GROUP
cn: OID_of_the_group

2. Added cn=TEST_USER,ou=People,dc=SUFFIX_DN to the group:

================================================

$ ./ldapsearch -h localhost -p LDAP_PORT -D "cn=DS_ADMIN" -j <PASSWORD> -b dc=SUFFIX_DN "(cn=TEST_USER)" +
dn: cn=TEST_USER,ou=People,dc=SUFFIX_DN
pwdPolicySubentry: cn=Default Password Policy,cn=Password Policies,cn=config
subschemaSubentry: cn=schema
isMemberOf: cn=OID_of_the_group,ou=Groups,dc=SUFFIX_DN <<====the user belongs to OID_of_the_group
createTimestamp: 20181009132801Z
pwdChangedTime: 20181009132801.159Z
numSubordinates: 0
hasSubordinates: false
entryDN: cn=TEST_USER,ou=people,dc=SUFFIX_DN
creatorsName: cn=DS_ADMIN
modifyTimestamp: 20181009132801Z
modifiersName: cn=DS_ADMIN

 

3. DELETION OF THE USER:

===================

$ ./ldapdelete -h localhost -p LDAP_PORT -D "cn=DS_ADMIN" -j <PASSWORD> cn=TEST_USER,ou=People,dc=SUFFIX_DN
Processing DELETE request for cn=TEST_USER,ou=People,dc=SUFFIX_DN
DELETE operation successful for DN cn=TEST_USER,ou=People,dc=SUFFIX_DN

4. SEARCH FOR THE USER

===============================================

./ldapsearch -h localhost -p LDAP_PORT -D "cn=DS_ADMIN" -j <PASSWORD> -b dc=SUFFIX_DN "(cn=TEST_USER)"
==> no row returned (user deleted)

5. SEARCH OF THE GROUP:

===================

$ ./ldapsearch -h localhost -p LDAP_PORT -D "cn=DS_ADMIN" -j <PASSWORD> -b dc=SUFFIX_DN "(cn=OID_of_the_group)"
dn: cn=OID_of_the_group,ou=Groups,dc=SUFFIX_DN
objectClass: groupOfUniquenames
objectClass: top
description: TEST_GROUP
cn: OID_of_the_group
uniquemember: cn=TEST_USER,ou=People,dc=SUFFIX_DN <<==== still showing deleted user

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.