My Oracle Support Banner

OUD 11g / 12c - Using the Get Effective Rights Control to Troubleshoot Why an Attribute is not Returned by a Non-Directory Manager User (Doc ID 2513332.1)

Last updated on JULY 16, 2019

Applies to:

Oracle Unified Directory - Version and later
Information in this document applies to any platform.


LDAPSEARCH as non-admin users returns INCORRECT RESULTS -

ldapsearch -D {dn:user.1} -b {dn:user.1 } -s base '(objectclass=*)' -> NO rows

ldapsearch -D {dn:user.1} -b {dn:user.1 } -s base '(uid=user.1)' -> NO rows

ldapsearch -D {dn:user.1} -b {dn:user.1 } -s base '(orclguid={actualGuid})' -> user.1 record


In contrast, the same searches as Directory Manager consistently returns results -

ldapsearch -D "cn=Directory Manager" -b {dn:user.1 } -s base '(objectclass=*)' -> user1.record

ldapsearch -D "cn=Directory Manager" -b {dn:user.1 } -s base '(uid=user.1)' -> user1.record

ldapsearch -D {dn:user.1} -b {dn:user.1 } -s base '(orclguid={actualGuid})' -> user.1 record

This document goes over issues where an ldapsearch by the Directory Manager returns different results compared to the same search authenticating as a non-Directory Manager user.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.