OID - Attribute "uid" is having domain info while populating User data from Microsoft AD

If configure the DIP profile to load the user records from Microsoft AD, the uid attribute is mapping with “userprincipalname” in AD level.

EX: userprincipalname filed in AD is testuser@companydomain.com [For given user]

We can verify profile from command line or GUI level.

Command line:

./ldapsearch -h oidHost.com -p 3060 -D "cn=orcladmin" -w welcome1  -b "cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory"  -s sub "objectclass=*" 

GUI level:

Connect to EM, goto DIP profiles section and verify the same from Domain Attributes section.

The entry for uid, looks like this.

 userprincipalname:: :user:uid: :inetorgperson:userPrincipalName 

We need to change it as shown below. Once we change this, @Damaininfo will be truncated from userprincipalname field.

userprincipalname:: :user:uid: :inetorgperson:userPrincipalName:trunc(userPrincipalName,'@') 

Then we can test the  same by creating a new entry in Microsoft AD and verify the uid attribute.

This is one way of making the changes. i.e. The mapping for uid is “userprincipalname". If not, we can have uid mapping to “SamAccountName”. In this case, we do not need to truncate any anything. Directly we can map and use "SamAccountName" for “uid” attribute.

OID - LDAP Search queries

Below are the different ldap queries for general OID tasks.

To run any of the ldap commands, make sure to export below set of commands based on your installation path.

export ORACLE_HOME=/u01/app/oracle/fmw/Oracle_IDM1
export ORACLE_INSTANCE=/u01/app/oracle/fmw/oid_inst1
export PATH=$ORACLE_HOME/bin:$ORACLE_HOME/ldap/bin:$ORACLE_INSTANCE/bin:$PATH


1. To get the list of attributes for specific user.

./ldapsearch -h oidHost.com -p 3060 -D "cn=orcladmin" -w welcome1 -s sub -b "cn=testuser,cn=users,dc=oracle,dc=com" "objectclass=*"

2. To get all the users.

./ldapsearch -h oidHost.com -p 3060 -D "cn=orcladmin" -w welcome1 -s one -b "cn=users,dc=oracle,dc=com" "(objectclass=orcluserv2)" "cn=*"

In this query, will get only top level users under the given container. However if we need to have sub records as well from the given container, use "-s sub" option instead of "-s one"

i..e.
./ldapsearch -h oidHost.com -p 3060 -D "cn=orcladmin" -w welcome1 -s sub -b "cn=users,dc=oracle,dc=com" "(objectclass=orcluserv2)" "cn=*"

3. To delete any set of users, use below query. Make sure to put all users entries in txt file.

In this case,
my "users-oid.txt" file contains below sample records and then will execute ldapdelete command.

<<
cn=weblogic1,cn=Users,dc=oracle,dc=com
cn=idmtest,cn=Users,dc=oracle,dc=com
>>

./ldapdelete -h oidHost.com -p 3060 -D "cn=orcladmin" -w welcome1 -c -v -f users-oid.txt