Recursive LDAP Groups and Web Studio User Group Profiles (Doc ID 1042305.1)

Last updated on OCTOBER 12, 2015

Applies to:

Oracle Commerce Guided Search / Oracle Commerce Experience Manager - Version 5.1.0 and later
Information in this document applies to any platform.


You have nested/recursive LDAP groups with implicit membership of their parent LDAP groups but your Web Studio Groups members in these implicitly mapped groups are not able to access web studio. 

You have two LDAP groups G1 and G2, such that G2 is an implicit member (or subgroup) of G1. 

Now, a user U1 is a member of G2, but *not* a explicit member of G1. So: 

U1 is a member of G2 
G2 is a member of G1 
U1 is not an *explicit* member of G1. 

If you create a Web Studio profile based on G1, U1 cannot login. If you create a WS profile based on G2 it works as expected. 


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms