This is continuation to OVD 11g experience related posts. Please refer the earlier posts here.
Usually when you are searching an user/group in LDAP we would apply filters. Here are few examples:
- (objectclass=person)
- (&(objectclass=user)(objectclass=inetorgperson))
- (|(mail=*@myorg.com)(uid=*@myorg.com)(sn=*)(givenname=*)(cn=*))
- (&(|(uid=*)(cn=*))(sn=*))
While you’re creating an LDAP Adapter, OVD provides an easy option to add these filters. In the specific Adapter, goto Routing tab. Observe the fields Filters to Include and Filters to Exclude.
The Filters to Include and Filters to Exclude settings are essentially a filter and apply to the LDAP search filters specified by a client. If a client search filter fulfills the logical requirements defined in the Filters to Include setting, that adapter is selected for inclusion in the set of adapters used in the search. Similarly, for the Filters to Exclude setting, if the logical requirements are met, that adapter is deselected from the set of adapters used in the client search.
In my case, I’ve created AD adapters for users and groups containers. Unfortunately the Users and Groups Search base in AD is same. Therefore while searching for User under mapped OVD Users container, the results shows groups and vice-versa.
Hence, I’ve used the Filters to Exclude attribute to define (objectclass=group*) in AD Users adapter and (objectclass=user*) in AD Groups adapter.
About the Author Mahendra
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc.,
Look @ my blog: http://talkidentity.blogspot.com
