OUD12c - The "filters-to-include" Property Causes the Search to Fail with Result Code:50 (Insufficient Access Rights) (Doc ID 2931688.1)

Last updated on MARCH 19, 2024

Applies to:

Symptoms

     For this use case OUD proxy is being configured to multiple AD domains and each request needs to go to a specific AD by using a filter.
     In a previous setup, OVD was utilizing the inclusionFilter for the same scenario.

      STEPS:
     ======
     Created two Workflow elements for both the LDAP server extensions.
     Created a LBR workflow element using the two LDAP workflow elements.
     Created a DN renaming workflow element based on the LBR work element.
     Created a workflow based on the DN rename workflow element and added it to the Network group.

   After creating the workflows we noticed that the search is returning the expected result, but it also throws the following error:SEARCH operation failed

     So even if user is return correctly, the login is failing in other applications such as Oracle Access Manager.

Changes

       To do this, we have configured separate workflows with filters-to-include property corresponding to each AD domain, e.g.
 filters-to-include  (|(uid=*@DOMAIN.COM)(userPrincipalName=*@DOMAIN.COM))

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.