In order to use the OU the user is in in LDAP as part of the OAM Authorization Policies, the Store Name must reference an IDS Profile and not a regular OAM ID Store.
In an Authorization Policy, add a Condition:
Type: Identity
Click Add->Search Filter
Store Name: IDSProfile-OID-Profile
Search Filter: ou:dn:=external
Click Test Filter and users should return if any are under that OU.
If you reference an Identity Store of Type OAM ID Store then you’ll get this error when clicking Test Filter:
Failure locating user with search base: null. filter: ou:dn:=external and arguments: OIMIDStore, for idstore oracle.igf.ids.IDSException: Operations error: entity=cn=Users,dc=ovd,dc=mycompany,dc=com op=search mesg= AdditionalInfo: LDAP Error 1 : [LDAP: error code 1 - Error during search:java.lang.NullPointerException] with exception {4}
Tuesday, March 14, 2017
Subscribe to:
Posts (Atom)