Some attributes don't appear to be returned on oracle ldap search

Question

For some reason my LDAP search doesn't seem to be returning all the attributes available for a given DN.

Using the folling code:

DirContext ctx = new InitialDirContext(mEnv);
DirContext obj = (DirContext)ctx.lookup(dn);
Attributes attrs = obj.getAttributes(new CompositeName(""));

(Where mEnv is a valid Properties class, and dn is a valid DN)

I'm getting back just 7 attributes ("cn", "orclpassword", "objectclass", "mail", "authpassword;orclcommonpwd", "userpassword", "sn"), whereas I can see in Oracle Directory Manager that there are many more (including "orclIsEnabled" and "pwdaccountlockedtime")

Is anyone able to shed any light on the "missing" attributes.

(Note: my experience with LDAP is pretty limited)

Thanks :-)

Answer 1

There are 2 basic possibilities why an LDAP search will not return attributes you know are there:

1. You don't have permission to see them (check access control information, or bind as a more privileged user)

2. They are defined as "operational" (internal) attributes that are not returned by default, but will be present if you ask for them by name (by using the version of getAttributes() that takes an array of attribute names).

Answer 2

Came across this:

"oracle doesn't expose the needed attributes via the OID LDAP interface."

http://blog.mikesidoti.com/2007/05/how-to-query-oid-to-find-expired.html

Answer 3

pwdaccountlockedtime is definitely an operational attribute according to the documentation.

Querying the underlying database (as in your link) should be a last resort.