This is a continuation to OVD 11g implementation experiences. Please refer to my previous post for LSA adapter implementation.
We are using AD adapters underneath LSA adapter. There are list of attributes that needs to be returned as part LDAP search query for both AD Users and Groups.
By default OVD will return all the user attributes (NOT NULL) that are part of LDAP entry. However our requirement is to allow only few attributes and forbid the rest.
There is a field in OVD Adapter that let’s you achieve this.
Run an ldap search to look for all the returning attributes, refer the below example.
./ldapsearch -h host -p port -D credential -w pwd -b “user search base” -s sub “cn=JDoe”
If you have a requirement to forbid few set of attributes from ldap search then you can specify those attributes in Unretrievable Attributes field.
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com