Search For Manager In EM Go To Only Current Adapter
(Doc ID 2972285.1)
Last updated on SEPTEMBER 11, 2023
Applies to:
Oracle Virtual Directory - Version 12.2.1.2.0 and laterInformation in this document applies to any platform.
Symptoms
Customer use emcli create_user to create EM users
Customer have 2 AD authentication providers in weblogic
AD1 authentication provider, windows domain [DOMAIN1.EXAMPLE.COM]
AD1 authentication provider, windows domain [DOMAIN2.EXAMPLE.COM]
USERNAME1 from AD1, i.e. CN=[USERNAME1],cn=users,dc=DOMAIN1.dc=EXAMPLE.dc=COM have like manager
CN=[MANAGER1],cn=users,dc=DOMAIN2.dc=EXAMPLE.dc=COM from AD2
Failing user...
When try:
it get:
But when we check:
this show:
Observation: If user is in AD1 authentication provider and have manager from AD1 authentication provider, above emcli create_user is working fine
From weblogic server logs observed that:
- after successfully find user
CN=[USERNAME1],cn=users,dc=DOMAIN1.dc=EXAMPLE.dc=COM
- application EM, raise a new ldapsearch with filter: (&(CN=[MANAGER1])(objectClass=person))
theoretically, a ldapsearch as we have virtualization enabled, should check to each authenticator or libOVD adapter,
but from unknown reason it go only to the libOVD adapter where user is.
- it search only to AD1 authentication provider with:
Base: cn=users,dc=DOMAIN1.dc=EXAMPLE.dc=COM
Scope: 1
Attributes: [UserPrincipalName]
Filter: (&(CN=[MANAGER1])(objectClass=person))
and obviously it fail because [MANAGER1] is in AD1 authentication provider
Changes
There is no relevant changes, just user with problem is from one domain and have manager in other AD domain.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |