Group Members Added Incorrectly In OIDDAS If Not In The Search Base (Doc ID 977203.1)

Last updated on MARCH 08, 2019

Applies to:

Symptoms

If user accounts or groups are created in a location other that the default user or group search base, for example in a sub-container under the search base, then adding one of these users or groups as a member of another group result in the group membership not displaying correctly.

When viewed in DAS on the "View Group" page the member is not displayed at all, the "Manage Group" page displays the member as type "other" and the information is not displayed correctly - blank.

If the group is viewed using Oracle Directory Manager or other LDAP tools it will be seen that the uniquemember attribute of the group contains an incorrect DN for the newly added members.

This group would also not be able to be used to assign privileges because the DN shown in the group membership does not exist.

Also, if one of the groups is added as a role in OIDDAS user configuration, the role is not available in the list of roles to add to a user account. Also not visible in the list of roles when returning to the user configuration.

Changes

Users or groups are created in a container other than the default user search base.

For example:
DAS Configuration tab shows:
User Search Base: cn=Users,dc=company,dc=com
User Create Base: cn=Internal,cn=Users,dc=company,dc=com

Group Search Base: cn=Groups,dc=company,dc=com
Group Create Base: cn=Roles,cn=Groups,dc=company,dc=com

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.