LDAP Queries Are Done On Root DN LDAP Level Despite Setting Base DN to a Different Container DN in the libOVD LDAP Adapter
(Doc ID 3076567.1)
Last updated on MARCH 14, 2025
Applies to:
Oracle Virtual Directory - Version 12.2.1.4.0 and laterInformation in this document applies to any platform.
Symptoms
Initially an authentication provider was configured with "User Base DN" and "Group Base DN" set to dc=[DOMAIN],dc=[COM]. Thus the corresponding Library OVD (libOVD) LDAP adapter "root dn" was set to dc=[DOMAIN],dc=[COM] at that time.
In order to change this configuration to use a smaller/narrower or more targeted search base, the following change was done in authentication provider:
"User Base DN" changed from dc=[DOMAIN],dc=[COM] to ou=People,dc=[DOMAIN],dc=[COM]
"Group Base DN" changed from dc=[DOMAIN],dc=[COM] to ou=Groups,dc=[DOMAIN],dc=[COM]
However, after this change, the ldap searches for users from the application are still coming through with the same previous base DN value of: -b dc=[DOMAIN],dc=[COM].
The expectation is to have the searches done with the newly configured base DN of: -b ou=People,dc=[DOMAIN],dc=[COM].
Changes
Modified the authentication provider's "User Base DN" and "Group Base DN" in WebLogic to use a different searchbase DN.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |