Retrievable attributes in OVD 11g

This is a continuation to OVD 11g implementation experiences. Please refer to my previous post for LSA adapter implementation.

We are using AD adapters underneath LSA adapter. There are list of attributes that needs to be returned as part LDAP search query for both AD Users and Groups.

By default OVD will return all  the user attributes (NOT NULL) that are part of LDAP entry. However our requirement is to allow only few attributes and forbid the rest.

There is a field in OVD Adapter that let’s you achieve this.

  1. Login to ODSM Console.
  2. Goto Adapters tab.
  3. Click on Adapter.
  4. Click on Routing tab.
  5. In the Retrieval attributes field, click Add to select the attributes that you want to return. It is not mandatory to click Add to add all those attributes. It may be time consuming to add say 40 attributes. Therefore the easiest approach is to write all attributes in a notepad with each attribute separated by line and copy it to the Retrievable Attributes text box. Please refer the below screenshot.
  6. Click Apply.
  7. Observe that the order of the attributes may get changed.

Run an ldap search to look for all the returning attributes, refer the below example.

./ldapsearch -h host -p port -D credential -w pwd -b “user search base” -s sub “cn=JDoe”

If you have a requirement to forbid few set of attributes from ldap search then you can specify those attributes in Unretrievable Attributes field.

 

Share This Post with Your Friends over Social Media!

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

2 comments
navheen says February 21, 2014

in Retrievable attributes the memberof attribute is missing how to add that attribute ? any action plan

Reply
Mahendra says February 21, 2014

When you add memberoff in retrievable attribute parameter, are you not getting attribute value in OVD ?

Reply
Add Your Reply