Not getting search results after upgrading to Oracle Unified Directory
search cancel

Not getting search results after upgrading to Oracle Unified Directory

book

Article ID: 241908

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

After upgrading from Oracle Directory Server Enterprise Edition(ODSEE) to Oracle Unified Directory(OUD) user searches are not returning results. 

There are no errors, but when doing a search for a user that we can confirm exists in the directory no results are returned. 

 

 

Environment

Identity Manager

Cause

This is due to Oracle changing the behavior around the entrydn attribute.

With ODSEE, entryDN is an operational attribute that is maintained internally and is indexed as needed, in OUD entryDN is a virtual attribute that is only designed for equality matches and does not allow for substring searches. 

 

Resolution

There is nothing we can do from a Broadcom Software standpoint to resolve this.
Oracle has changed the functionality around the entrydn attribute that IDM environment used to build the environment.    As the IDM environment was built against ODSEE it is going to continue to rely on, and attempt to utilize this attribute even though you are now pointing to OUD.


This is an issue with Oracle and their upgrade from the older Directory.

You have the following choices at this point:
1.  Remain on the older ODSEE until Oracle resolves this issue. 

2.  Build a new IDM environment from the ground up in the new OUD without using entryDN;

3.  Attempt to point USER_DN at a new attribute in OUD by pointing the entryDN value in the domain.xml file to an unused attribute in the directory, and adding a new attribute mapped to USER_DN in the directory.xml file and then copying all information from entryDN into 'newattribute':

<ImsManagedObjectAttr physicalname="entrydn" description="UnUsed_Attribute" displayname="UnUsed_Attribute" valuetype="String" required="false" wellknown="UnUsed_Attribute" maxlength="0"/>
<ImsManagedObjectAttr physicalname="newattribute" description="user_DN" displayname="User DN" valuetype="String" required="true" wellknown="%USER_DN%" maxlength="0"/>

Option 3 is provided 'as is' and should work, but may not as you may be referencing entryDN in other places such as pxpolicies, bulk load feeder files, workflows etc.     
This is provided as an option to help clients who are attempting to upgrade to OUD.

If you need assistance with option 3 please reach out to your account team and discuss a services engagement. 

Powered by Wolken Software