Adding a custom attribute is almost a requirement in all OID implementation and if you application is trying to perform search on custom attribute (for eg: in my case role) , it can fail with below error message.
ldapsearch -h oid.oraworld.co.uk -p 389 -D "cn=orcladmin" -w welcome1 -b "cn=users,ou=oraworld,dc=com"–s sub "role=manager" ldap_search: DSA is unwilling to perform ldap_search: additional info: LDAP Error 53 : [LDAP: error code 53 - Function Not Implemented, search filter attribute role is not indexed/cataloged]
The root cause of above issue is that the custom attribute is not indexed.
An attribute is only searchable in OID if it is indexed. This might not be the case for our custom attributes.
Now to index custom attributes, below conditions needs to be fulfilled.
- An equality matching rule
- Matching rules supported by Oracle Internet Directory
- Less than 128 characters in their names
Matching rules are the rules for matching two attribute values that comply with the same attribute syntax. Oracle Internet Directory recognizes these matching rule definitions in the schema.
In my next article, I will cover HOWTO index custom attributes?
If you encounter any issues or need any help with OID or Identity Management, feel free to contact me on Sumit@OraWorld.co.uk
If you want to know when I have shared new blog posts, you can Subscribe to Blog.