My Oracle Support Banner

OUD 12c: Using the Library OVD (libOVD) to Search OUD Proxy Join Workflow Element Only Returns Objectclass(es) from Secondary Participant (Doc ID 2781698.1)

Last updated on AUGUST 18, 2021

Applies to:

Oracle Virtual Directory - Version and later
Oracle Unified Directory - Version and later
Oracle Access Manager - Version and later
Information in this document applies to any platform.
This issue is observed in Oracle Access Manager (OAM) authentication processes with specific configurations.


If a Join workflow element is configured in a proxy Oracle Unified Directory (OUD), library OVD (libOVD) cannot search objectclasses from joined entry correctly. LibOVD recognizes only objectclasses included in the secondary participant although the proxy OUD returns objectclasses included in both the primary participant and the secondary participant.

There are 3 OUD instances, 1 proxy and 2 backends;

- Proxy OUD (Base ou=<JOIN>)
- Backend OUD1 (Base ou=<OUD1>)
- Backend OUD2 (Base ou=<OUD2>)
- 2 LDAP workflow elements are configured in Proxy OUD to get each Backend OUDs data.
- 1 Join workflow elements is configured in Proxy OUD to join 2 LDAP workflow elements.
- Primary is OUD1, secondary is OUD2.

An entry in Primary OUD1 has objectclasses of person, organizationalPerson, inetOrgPerson and orclIDXIPFPerson;

Search to Backend OUD1 using OUD's ldapsearch:

2 OUDs are joined in this example case , but the issue also occurs with other types of backend data sources; For example, Oracle Internet Directory (OID) or Oracle Database with RDBMS workflow element.





To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.