X

OUD and Referral Management with AD

Oracle Unified Directory(OUD) can be configured as a proxy to Active Directory (AD).
For instance, it is possible to define a Remote LDAP Extension in OUD pointging to Root Catalog of AD 2008.

Searches to AD would return referrals, so the appropriate OUD Network group can to be modified to  follow referrals automatically with the command below:

/dsconfig -h localhost -p 4444 -D "cn=directory
manager" -j ~/.pwd  -X -n set-network-group-qos-policy-prop --group-name
network-group --policy-type referral --set referral-policy:follow

In some cases, a ldapsearch with a basedn which is not local to the root
catalog still returns referrals to another AD Server. 
OUD reports the following error: 

SEARCH operation failed
Result Code:  1 (Operations Error)
Additional Information:  Unable to process the operation because a
referral leading to an unknown or disabled ldap-server
example.com:389 was received

This error is specific to AD because AD builds referrals as follow: ldap://example.com/CN=Configuration,DC=example,DC=com.  Example.com does not systematically correspond to a LDAP host declared in the OUD proxy configuration. For security reasons, OUD follows referrals to hosts explicitely declared as LDAP server extensions in the OUD proxy configuration.

To make sure OUD is able to chase referrals, define a new ldap-server-extension with remote-ldap-server-address property set to example.com and remote-ldap-server-port set to 389. In this case, creation of a proxy workflow element is not required for this ldap-server-extension. More on ldap-server extensions at http://docs.oracle.com/cd/E29407_01/admin.111200/e22648/proxy_config.htm#solCREATING-AN-LDAP-SERVER-EXTENSION

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha
Oracle

Integrated Cloud Applications & Platform Services