Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Search Filter in AD for OIM recon

Preeti Batra-OracleApr 4 2011 — edited Apr 7 2011

Hi ,

We are able to synchronize AD users based on their membership to one group using this filter on the recon task:
(&(objectclass=user)(memberOf=CN=oimg1,OU=Users,DC=oracle,DC=com))

When we want to filter upon multiple groups so that only users from specific AD groups are synchronized to OIM it doesn't work, for example:

(&(objectclass=user)(| (memberOf=CN=oimg1,OU=Users,DC=oracle,DC=com)(memberOf=CN=oimg2,OU=Users,DC=oracle,DC=com)))

It reports that the string is too long!
We need to filter based on about 80 groups and maybe more in the future.
How could we do that? Is there any way to filter mutiple groups ?

NB: we tried the ldap search filter from JNDI and it works correctly.

Thanks & Regards,
Preeti

Locked Post

New comments cannot be posted to this locked post.

Locked on May 5 2011

Added on Apr 4 2011

#directory, #identity-management, #identity-manager, #oim

1 comment

315 views