This discussion is archived
2 Replies Latest reply: Aug 22, 2012 4:38 AM by 936139 RSS

DPS schema view and bind problem

936139 Newbie
Currently Being Moderated
Currently we have a DSEE backend with the suffix "dc=example,dc=com" and a DPS LDAP view with the suffix "dc=sample,dc=com" for the DSEE backend.

We have an application, Oracle Access Manager (OAM), that is configured to bind to the DPS view and it needs to search "cn=schema". I have defined a view that presents "cn=schema" from DSEE but the problem is that when the following search is performed, it fails.

-----

$ ldapsearch -b cn=schema -h DPS -D uid=user,ou=people,dc=sample,dc=com cn=schema
ldap_search: No such object
ldap_search: additional info: Unable to process the search request. Reason: [Original error=32] Silent BIND failed: err=32, error message "", matched DN ""

-----

If I don't specify a bind user, then the ldapsearch works as expected.

In the DSEE error logs, it shows where it's trying to bind with the DN from the DPS view, i.e. uid=user,ou=people,dc=sample,dc=com. It should be remapped to uid=user,ou=people,dc=example,dc=com.

I understand what the problem is, I am just having a difficult time in figuring out where/how I can define the base-dn and dn-mapping-source-base-dn properties for this.

I have schema-check-enabled on the connection handler but that doesn't work either.

Anyone else solve this problem already?

I can't have OAM just bind to the DSEE instance.

Thanks!

Edited by: user10751400 on Aug 21, 2012 10:14 AM

Edited by: user10751400 on Aug 21, 2012 10:20 AM

Edited by: user10751400 on Aug 21, 2012 10:25 AM
  • 1. Re: DPS schema view and bind problem
    Sylvain Duloutre Pro
    Currently Being Moderated
    Hi,

    One easy way to address the problem is to configure the schema data view to always use the anonymous account instead of forwarding the original user credentials. To do so, you must first create a new data source that points to the backend server holding the schema,
    then execute the following command on that data source object:

    dpconf set-ldap-data-source-prop -h host -p port data-source-name \
    client-cred-mode:use-specific-identity bind-dn: bind-pwd-file:

    DPS restart might be required to take the new config into account

    HTH

    -Sylvain

    Edited by: Sylvain Duloutre on Aug 22, 2012 12:36 PM
  • 2. Re: DPS schema view and bind problem
    936139 Newbie
    Currently Being Moderated
    Hi Sylvain,

    What a great suggestion! That worked, thanks!

    -James

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points