CR 7002787: OpenSSO 8.0 Update 2 is not working with Active Directory Data Store (Oracle OpenSSO 8.0 Update 2 Release Notes)

Oracle OpenSSO 8.0 Update 2 Release Notes

Previous: CR 6978018: Running OpenSSO 8.0 in GlassFish 2.1.x using LDAPS with JDK 1.6.x
Next: CR 6897101: After a login to a non-default realm, user experiences multiple logins after a timeout

CR 7002787: OpenSSO 8.0 Update 2 is not working with Active Directory Data Store

This problem occurs for both OpenSSO 8.0 Update 2 and OpenSSO 8.0 Update 2 patch 1. If you create an Active Directory data store and then log in to the OpenSSO administration console using the Active Directory authentication module, OpenSSO returns the error message “User has no profile in this organization” to your browser.

Workaround. To use the Active Directory data store and authentication module with OpenSSO 8.0 Update 2 or OpenSSO 8.0 Update 2 patch 1, perform these steps:

Log in to the OpenSSO Administration Console.
Under the Active Directory data store configuration, make these changes:
1. For the LDAPv3 Plug-in Supported Types and Operations, change:
  
  user=read,create,edit,delete
  
  to
  
  user=read,create,edit,delete,service
2. In Attribute Name Mapping, add the following attribute mappings:
  - iplanet-am-user-alias-list=objectGUID
  - employeeNumber=distinguishedName
  - mail=userPrincipalName
  - portalAddress=sAMAccountName
  - telephonenumber=displayName
  - uid=sAMAccountName
3. Click Save and log out of the console.
Restart the OpenSSO web container.