My Oracle Support Banner

How To Map OpenLDAP Group Custom Attribute To CN Attribute In BPM (Doc ID 3005007.1)

Last updated on FEBRUARY 20, 2024

Applies to:

Oracle Business Process Management Suite - Version and later
Information in this document applies to any platform.


The customer needs to use external OpenLDAP server as Identity Provider in BPM.

They are using the following custom object classes and attributes in their OpenLDAP:

- custom object class for users, let's call it XClassPerson

- custom object class for groups, let's call it XClassGroup

- custom attribute for group name, let's call it XCustomGroupName

Based on the above they have configured this Identity Provider in Weblogic admin console:

With this configuration, they are able to see in Weblogic console all the users and groups from OpenLDAP and also the groups membership. However, running Identity Service with getGrantedRolesToUser operation does not return the groups based on XCustomGroupName for the group name and this results in the users being prevented to perform some actions because of their membership being incorrectly evaluated.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.