How To Use a NOT Operator in an LDAP Search Query
(Doc ID 2467022.1)
Last updated on SEPTEMBER 18, 2023
Applies to:Oracle WebCenter Content - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
Desire user authentication or group membership authorization be based on a user or group that does not have a specified LDAP attribute.
As an example:
In Active Directory a user and a computer can have the same CN.
This is the AD user attributes:
This is the computer:
The standard User From Name Filter is set as:
- In the WebLogic AD provider, because they have the same CN and the same objectclass=user, if the user and computer are under the User Base DN, both will be listed under myrealm --> Users and Groups because they have the same CN.
- The API used for user authorization may attempt to make the group membership query against the computer and not the user, preventing the actual user from getting their expected roles and accounts.
- However, note that the computer has the objectclass=computer, the user does not have that objectclass.
The LDAP search query can return the user and not the computer by using an LDAP search NOT operator.
The NOT operator is in the syntax:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document