LDAP Import Filter Does Not Work Correctly (Doc ID 951323.1)

Last updated on FEBRUARY 27, 2019

Applies to:

Goal

In LDAP Import window, after a user searched by a user: user1, it returned 3 groups. After they clicked the synchronization button, it imported all available groups from LDAP instead of the 3 groups that user1 belonged to.

What is happening is that distinguishedName is being used in the search filter to link the groups to the user. distinguishedName isn't actually an attribute of the schema so the substitution of "member=%distinguishedName%" is being replaced with "member=*" so it ends up returning all groups that meet the other criteria and have at least one member.
Previously in the other bugs, we fixed this in the online front end (XAI) by synthesizing a disinguishedName attribute as the distinguishedName is quite easily obtained from the LDAP search results.
MPL does not use the exact same code to query the linked results so it was missing the synthesized distinguishedName attribute. That is why the results looked correct in the LDAP Import page but different results were obtained by MPL when it processed the import request.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.