Group Members Added Incorrectly In OIDDAS If Not In The Search Base

(Doc ID 977203.1)

Last updated on SEPTEMBER 14, 2016

Applies to:

Oracle Internet Directory - Version 10.1.4.0.1 to 10.1.4.2 [Release 10gR3]
Information in this document applies to any platform.

Symptoms

If user accounts or groups are created in a location other that the default user or group search base, for example in a sub-container under the search base, then adding one of these users or groups as a member of another group result in the group membership not displaying correctly.

When viewed in DAS on the "View Group" page the member is not displayed at all, the "Manage Group" page displays the member as type "other" and the information is not displayed correctly - blank.

If the group is viewed using Oracle Directory Manager or other LDAP tools it will be seen that the uniquemember attribute of the group contains an incorrect DN for the newly added members.

This group would also not be able to be used to assign privileges because the DN shown in the group membership does not exist.

Also, if one of the groups is added as a role in OIDDAS user configuration, the role is not available in the list of roles to add to a user account. Also not visible in the list of roles when returning to the user configuration.

Changes

Users or groups are created in a container other than the default user search base.

For example:
DAS Configuration tab shows:
User Search Base: cn=Users,dc=au,dc=oracle,dc=com
User Create Base: cn=Internal,cn=Users,dc=au,dc=oracle,dc=com

Group Search Base: cn=Groups,dc=au,dc=oracle,dc=com
Group Create Base: cn=Roles,cn=Groups,dc=au,dc=oracle,dc=com

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms