ODI LDAP Driver Does Not Bring All Members of a Microsoft AD Group into the GROUP_MEMBEROF Table
(Doc ID 2785409.1)
Last updated on JULY 14, 2021
Applies to:Oracle Data Integrator - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
The Oracle Data Integrator (ODI) LDAP driver does not retrieve all the members of a Microsoft Active Directory (MSAD) group to insert them into the GROUP_MEMBEROF table if the group contains over 1500 members. In addition, instead of using the table GROUP_MEMBEROF for the members of the big group, it creates table GROUP_MEMBEROF_RANGE_0_1499, containing just the first 1500 members from the LDAP search.
As per the ODI documentation, the LDAP driver should bring in each of the results when page_size is used with a positive value, and this value is set to the LDAP limit size. However, in practice it makes no difference which value is used, as it does not bring all of the members.
The issue can be reproduced with the following steps:
- Create over 2000 users on the LDAP server, ie Active Directory.
- Add these users within a single LDAP group.
- Log in to ODI Studio and go to the Topologies tab.
- Create a new Data Server for the LDAP Technology.
- Create a new Data Server for Oracle Technology.
- Create models for both technologies.
- Create a mapping using GROUP_MEMBEROF from the LDAP model and to a table on the database side.
- Execute the mapping.
- Observe that the data in the GROUP_MEMBEROF table only contains a subset of the members of groups.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document