To use Logon Manager with Oracle Virtual Directory, you must enable anonymous binding and disable the access control check feature in Oracle Virtual Directory as follows:
Map the user containers of all LDAP servers to the same subtree of the Oracle Virtual Directory directory information tree. For example, the following is the correct layout for DSEE and OID servers mapped to the same OVD instance:
ou=dsee,ou=users,dc=corp,dc=com (for Oracle DSEE user entries)
ou=oid,ou=users,dc=corp,dc=com (for OID users entries)
This ensures that the Logon Manager locator-based user lookup mechanism is able to locate users on different servers.
Ensure anonymous binding is enabled on the mapped LDAP server. Grant search permissions for user list entries to the anonymous user.
When configuring the LDAP synchronizer via the ESSO Suite Administrative Console, the repository type you select must match the type of repository for which the OVD instance has been configured.
Disable the "Enable Access Control Check" feature:
In the Oracle Enterprise Manager Fusion Middleware Control application, locate the target Oracle Virtual Directory instance.
From the Oracle Virtual Directory menu, select Administration > Server Properties.
On the Server Properties screen, disable the Enable Access Control Check option.
Click Apply.