Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Config for PTA (U) OUD to (A) AD; Operation 'SEARCH' failed in participant

3241824Jun 17 2016 — edited Jun 24 2016

I am having difficulty getting Pass-through Authentication to work, in what I think is a simple configuration.

I have followed the documentation (I believe) quite religiously, and trying to figure out what is wrong.  Logs are not providing any information that I find helpful

Here is the config

LDAP Extensions:

OUD      (OUD LDAP instance; shows as Reachable)

AD        (AD Domain Server; shows as Reachable)  

Wrkflw Elmnts:

OUD-Proxy (configured with the extension mentioned above)

AD-Proxy   (configured with the extension mentioned above)

Join_PTA  (Join WFE)

AD-PTA  (User provider is the OU-Proxy wfe; Auth provider is the AD-Proxy wfe)

               The PTA Suffix is the OUD OU suffix defined in the OUD-Proxy wfe

               The User Suffix is the OUD OU suffix defined in the OUD-Proxy wfe

               The Auth Suffix is the AD suffix defined in the AD-Proxy wfe

Workflows:

OUD

AD

Join_PTA_Wf1 (the configured wfe is the AD-PTA mentioned above)

Network Group

OUD

AD

Join_PTA_Wf1


When I config the network-group with just the OUD and AD Workflows, all is Ok, and I can see the specified LDAP DN suffixes in an LDAP browser and ODSM data browser

When I add the Join_PTA_Wf1 to the network group, I get this error:


result: 80 Other (e.g., implementation specific) error text: Operation 'SEARCH' failed in participant 'ou=People,o=team.xyz.com' for entry 'null'  Operation 'SEARCH' failed in participant 'ou=People,o=team.xyz.com' for entry 'null'

My Join_PTA workflow element has a virtual root defined of 'dc=v-xyz,dc=com'

The Primary Participant is configured with the OUD-Proxy mentioned in the list of the 3 above.  The Participant DN is an OU that is a child of the root defined in this OUD-Proxy wfe.  The join condition is (uid=*)

The Secondary Participant is configured with the AD-Proxy mentioned in the list of the 3 above.  The Participant DN is the same as the root defined in this AD-Proxy wfe defined above.  Joiner Type is "One to One"

*All other config options are set to the defaults / nothing additional defined.

What is the relationship supposed to be for the "Join" wfe to the rest of the wfe's?

How do I relate the PTA wfe to the Workflows needing to be defined?  Is there someway that I need to create a relationship between the Join wfe and the PTA wfe for this to work?

Thanks for any help in advance!!

-Jim
This post has been answered by 3241824 on Jun 24 2016
Jump to Answer
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jul 22 2016
Added on Jun 17 2016
#identity-management, #oracle-unified-directory-oud-oracle-directory-server-enterprise-edition-sun-dsee
2 comments
1,034 views