OVD AD Ranged Attribute Plugin
I have been working on OVD 11.1.1.7 environment having AD adapters for users and groups, no special configuration here.
Some of the AD groups contains member attribute values ranging till 1000+. So for AD group containing member values say 150, the attribute name appears as member with values translated for DN automatically.
Attributes in Active Directory with more then 1000 values are returned 1000 at a time with a name that includes the range of values that were returned (or 1500 for Windows 2003). The range is returned to the client in the following format:
member;1-1000 (somevalue)
To get the next thousand entries, the client application must know to repeat the query and request the attribute member;1001-2000. This requires applications to handle Active Directory in a unique method when compared to other directory products.
The Active Directory Ranged Attributes plug-in detects attributes that Active Directory or ADAM has “ranged” and automatically retrieves all values. If the Active Directory Ranged Attributes plug-in is not enabled, the LDAP adapter’s dn-attribute configuration option is not applied because the range of values are appended to the attribute name.
Hence, I have applied the Active Directory Ranged Attributes plug-in to AD adapter and noticed that member attribute values were changed with DN automatically.
References:
About the Author Mahendra
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com