My Oracle Support Banner

OUD 12c - The "member" Attribute is not Renamed if Users and Groups are in Separate Workflows (Doc ID 2931900.1)

Last updated on MARCH 03, 2023

Applies to:

Oracle Unified Directory - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Symptoms

In a typical scenario, the DN Renaming Workflow Element also renames the attributes containing DNs such as uniquemember, as per: DN Renaming Workflow

In this use case, there is a need to have users and groups in separate workflows, each with DN renaming.

To clarify further;
1) there are two workflows, 1 for users and 1 for groups
2) there are two DNRenamingWFE for each of the above (users and groups)

Workflow-1 route:

AD_GROUP_WF (Workflow) —> PAGING_GROUP-1 (AdPagingWorkflowElement) —>AD_GROUP_TRANS (Transformation WFE) —> AD_GROUPS (DNRenaming WFE) -> AD_WFE-1 (ProxyLdap WFE)
Workflow-1 "is converting" OU=groups,<AD_REALM_DN> to OU=groups,<OUD_REALM_DN>

Observation: DNRenaming WFE named AD_GROUPS have something like:
ds-cfg-client-base-dn: OU=groups,<OUD_REALM_DN>
ds-cfg-source-base-dn: OU=groups,<AD_REALM_DN>

Workflow-2 route:

AD_USERS_WF (Workflow) —> TRANS_WFE (Transformation WFE) —>AD_USERS (DNRenaming WFE) —> AD_WFE-1 (ProxyLdap WFE)
Workflow-2 "is converting" OU=users,<AD_REALM_DN> to OU=users,<OUD_REALM_DN>

Observation: DNRenaming WFE named AD_USERS have something like:
ds-cfg-client-base-dn: OU=users,<OUD_REALM_DN>
ds-cfg-source-base-dn: OU=users,<AD_REALM_DN>

With this setup, however, the uniquemember attribute does not get renamed -
it keeps its value from the source directory (AD), for example:

./ldapsearch -h <OUD_HOST> -p <OUD_PORT> -D "<SUPERUSER_DN>" -j ~/pwd -b <OUD_REALM_DN> cn=group1 uniquemember
dn: CN=group1,OU=groups,<OUD_REALM_DN>
uniquemember: CN=user1,OU=users,<AD_REALM_DN>
uniquemember: CN=user2,OU=users,<AD_REALM_DN>
➜ uniquemember attribute keeping its source value

 

 

Changes

In the case when a single workflow is used containing both users and groups, the DN renaming works as documented.

In this use case, there is a need to have users and groups in separate workflows each with DN renaming.

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.