My Oracle Support Banner

Unable to Manage Users or Groups in Portal/DAS 10.1.2.0.0 With Specific Users (Doc ID 339077.1)

Last updated on APRIL 28, 2021

Applies to:

Oracle Internet Directory - Version 10.1.2 and later
Information in this document applies to any platform.

Symptoms

Unable to manage users or groups in Portal/DAS pages with users synchronized to OID from Active Directory. Local OID users can administer without problem.

When trying to manage groups via Portal the following error occurs:
    Group Management Error!
    No Privileges to Edit Group.

When accessing /oiddas directly, after login as a synchronized user with DAS administration group (OralceDASAdminGroup) membership there is no Create button displayed under the Directory tab and only the User and Group subtabs are displayed.
    
In Active Directory the users are created with name structure <surname>,<firstname> i.e. with a comma in the CN. DIP synchronization creates the users in OID with DN cn=<surname>\,<firstname>,<parenttree>. This is the expected and correct mapping.
    
With setting DEBUG_LEVEL|true in <IM_home>/ldap/das/das.properties, the <IM_home>/ldap/log/das.log shows that DAS is not registering group membership e.g.
   
       [10/20/05 2:36:07 AM] oiddas: Release 10.1.2.0.0 Production Started
        .....
        [10/24/05 12:32:09 PM] ssologin event: ssoUserID is null
        [10/24/05 12:32:09 PM] ssologin event: ssoUserDN is CN=Username,OU=Information Technology,cn=xxx users,cn=users, dc=<COMPANY_NAME>,dc=com
        .....
        [10/24/05 12:32:26 PM] getTopicId():  pagename is company/ldap/das/directory/DASUserMgmtDir confset is default
        [10/24/05 12:32:26 PM]  topic id is das_cs_search_for_users_window_html
        [10/24/05 12:32:26 PM] MyData::getMyData(): mydata is not null
        [10/24/05 12:32:26 PM] getTabData():   confSet is default
        [10/24/05 12:32:26 PM] MyData::isMemberOfGroup(): passed in groupdn is cn=companydasserviceadmingroup,cn=groups,cn=companycontext,dc=<COMPANY_NAME>,dc=com
        [10/24/05 12:32:26 PM] MyData::isMemberOfGroup():  NO.
        [10/24/05 12:32:26 PM] MyData::isMemberOfGroup(): passed in groupdn  is cn=companydasaccountadmingroup,cn=groups,cn=companycontext,dc=<COMPANY_NAME>,dc=com
        [10/24/05 12:32:26 PM] MyData::isMemberOfGroup():  NO.
        [10/24/05 12:32:26 PM] MyData::isMemberOfGroup(): passed in groupdn  is cn=companydasconfiguration,cn=groups,cn=companycontext,dc=<COMPANY_NAME>,dc=net
       .........
    
ldapsearch confirms the user is a member of the necessary groups e.g.
          ldapsearch -h <HOSTNAME> -p 3060 -D cn=orcladmin -w password -b "" -s sub "uniquemember=CN=Username,OU=Information Technology,cn=xxx users,cn=users,dc=<COMPANY_NAME>,dc=com" dn
   
        cn=companyDASEditUser, cn=Groups,cn=companyContext,dc=<COMPANY_NAME>,dc=com
        cn=companyDASAdminGroup, cn=Groups,cn=companyContext,dc=<COMPANY_NAME>,dc=com
        cn=companyDASEditGroup, cn=Groups,cn=companyContext,dc=<COMPANY_NAME>,dc=com
        cn=dba,cn=portal.050602.044833.035803000,cn=groups,dc=<COMPANY_NAME>,dc=com
        cn=authenticated_users,cn=portal.050602.044833.035803000,cn=groups,dc=<COMPANY_NAME>,dc=com
        cn=portal_administrators,cn=portal.050602.044833.035803000,cn=groups,dc=<COMPANY_NAME>,dc=com
        cn=USERS_GROUPS,cn=portal.050602.044833.035803000,cn=groups,dc=<COMPANY_NAME>,dc=com

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.