Oracle Access Manager (OAM) 10g Identity Console Selector Cannot Find Any Users From Active Directory (AD) Via Oracle Virtual Directory (OVD) 10g (Doc ID 731144.1)

Last updated on OCTOBER 28, 2019

Applies to:

Symptoms

Scenario:

• Oracle Virtual Directory (OVD) 10.1.4.2.0 used as the Oracle Access Manager (OAM) User Data Store. Root DN is defined as, for example, dc=<COMPANY>,dc=com.
• Oracle Internet Directory 10.1.4 used as well.
• One supplying Directory is Active Directory (AD) with a configured namespace of, for example, o=<AD_CONTAINER>,dc=<COMPANY>,dc=com.
• The other supplying Directory is OpenLDAP and is configured as o=<OPENLDAP_CONTAINER>,dc=<COMPANY>,dc=com as OAM Config & Policy DataStore, and the root DN is defined as dc=<COMPANY>,dc=net.
• Everything Open Mode.

Problem:

• Followed the documentation (Oracle Access Manager Installation Guide 10g > Chapter 10 Setting Up Oracle Access Manager with Oracle Virtual Directory) and/or an Oracle By Example/OBE) to setup OAM with OVD (and AD adapter).
• Configured as per instructions for OAM to use a person objectclass of inetorgperson, under the section for Identity Server System Console setup process > Product Setup > Person Objectclass = inetOrgPerson.
• However, OAM is unable to retrieve any AD user when searching with the configured inetorgperson objectclass as filter.
• Able to search and retrieve usernames from the backend OpenLdap server, but from underlying AD backend directory.
• OVD access.log shows following error when searching for user "<CN_VALUE>" in as the OAM/IdM Console Administrator:
  

• Via command line, able to search and retrieve AD users with filter of objectclass=* instead, so how to change OAM configuration for inetorgperson to *, i.e., any objectclass?

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.