Error in LDAP Search QPAC

Hi..
i am trying to use LDAP search qpac.I have the provider url and i gave the username as admin and password as password.when i drag the ldap search qpac into my workflow and refreshing for the baseDN, it is giving an error saying that "cannot instantiate class com.sun.jndi.ldap.LdapCtxFactory"
wht do the DC,CN mean?
plzz help me if there are any demos for understandin the ldap search qpac more.. have already read the topic given by marc szulc regarding ldap search qpac.
thanks..
Raghava Kumar V.S.S.

I started getting this error when I mistakenly changed a search filter from (&(uid=james)(objectclass=Staff)) to (uid=james)(objectclass=Staff)). It is complaining about the unbalanced parenthesis.

Similar Messages

LDAP error 53002 (LDAP search failre operations error)

Good day all,
When implementing LDAP authentication, I've received this error while configuring LDAP authentication. Here's how it happens:
A) I created LDAP servers in security settings - they test successfully with the settings that I put in ("LDAP server connected successfully")
B) Then I created a variable USER (with blank default initialization and LDAP variable user - (which I created in advanced LDAP server's settings) and Initialization Block - Authentication - after that I wasn't able to successfully test it - I would get the 53002 error.
C) If I check "Use bind parameters" box - I get 53002 error with "Bad Search Filter" message
Can anyone please advice me on which steps i could take to troubleshoot?
Thank you

Are you using OID or MSAD? If OID, check my blog entries here
http://oraclebizint.wordpress.com/2007/10/10/oracle-bi-ee-101332-using-ldapoid-authentication/
http://oraclebizint.wordpress.com/2007/10/12/oracle-bi-ee-101332-and-oid-user-and-group-phase-2/
I think your variable for the LDAP user is not correct.
Thanks,
Venkat
http://oraclebizint.wordpress.com

Error when performing search: getExtendedProperties [LDAP: error code 50

Hi there,
We are currently running OAS 10.1.2. We have an application which is running Oracle Forms. To get access to these forms, the authenication is a combination of the user logging on to their windows domain, (AD SSO) and having the correct username and groups within Oracle OID and DAS.
We have a major problem at the moment in Production where every so often a user will get rejected for having insufficient access rights, and the UserID in the logs being Null. Yet if they try again it works.
Does anyone know why this might be happening for?
Here is the Forms log :
09/07/31 06:59:32 Forms session <967> runtime process id = 10,780
09/07/31 07:02:27 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
ror code 50 - Insufficient Access Rights]
09/07/31 07:02:27 at oracle.ldap.util.User.getExtendedProperties(User.java:365)
09/07/31 07:02:27 at oracle.forms.servlet.FormsOIDContext.getUserCredentials(Unknown Source)
09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.getUserId(Unknown Source)
09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.doRequest(Unknown Source)
09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.doGet(Unknown Source)
09/07/31 07:02:27 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
09/07/31 07:02:27 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
09/07/31 07:02:27 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
09/07/31 07:02:27 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
09/07/31 07:02:27 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
09/07/31 07:02:27 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
09/07/31 07:02:27 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
09/07/31 07:02:27 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192
09/07/31 07:02:27 at java.lang.Thread.run(Thread.java:534)
09/07/31 07:02:27 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
ror code 50 - Insufficient Access Rights]
09/07/31 07:02:27 In getUserId method: caught oracle.ldap.util.AccessDeniedException: General Error when performing search: ge
tExtendedProperties [LDAP: error code 50 - Insufficient Access Rights]
09/07/31 07:02:27 In doRequest method in ue.isNamingException
09/07/31 07:02:27 Redirecting to DAS to update the resviewer list
09/07/31 07:02:27 UserID is NULL redirecting to DAS
09/07/31 07:02:27 Forms Group DNcn=Logical Application Group, orclApplicationCommonName=formsApp_dras03.workcover.qld.gov.au_63A
36930655911DBBF37F32F8ED7FD07, cn=forms, cn=Products, cn=OracleContext
09/07/31 07:02:27 The DAS URL generated: http://prinfds.workcover.qld.gov.au:7777/oiddas/ui/oracle/ldap/das/mypage/AppCreateReso
urceInfo?resKey=prcar_sso&resType=oracleDB&resViewer=cn%3DLogical+Application+Group%2C+orclApplicationCommonName%3DformsApp_dras
03.workcover.qld.gov.au_63A36930655911DBBF37F32F8ED7FD07%2C+cn%3Dforms%2C+cn%3DProducts%2C+cn%3DOracleContext&doneURL=http%3A%2F
%2Fdras03.workcover.qld.gov.au%3A7778%2Fforms%2Ffrmservlet%3Fconfig%3Dprcar_sso%26form%3DSY0001.fmx&cancelURL=
09/07/31 07:05:26 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
ror code 50 - Insufficient Access Rights]
09/07/31 07:05:26 at oracle.ldap.util.User.getExtendedProperties(User.java:365)
09/07/31 07:05:26 at oracle.forms.servlet.FormsOIDContext.getUserCredentials(Unknown Source)
09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.getUserId(Unknown Source)
09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.doRequest(Unknown Source)
09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.doGet(Unknown Source)
09/07/31 07:05:26 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
09/07/31 07:05:26 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
09/07/31 07:05:26 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
09/07/31 07:05:26 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
09/07/31 07:05:26 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
09/07/31 07:05:26 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
09/07/31 07:05:26 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
09/07/31 07:05:26 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192
09/07/31 07:05:26 at java.lang.Thread.run(Thread.java:534)
09/07/31 07:05:26 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
ror code 50 - Insufficient Access Rights]
09/07/31 07:05:26 In getUserId method: caught oracle.ldap.util.AccessDeniedException: General Error when performing search: ge
tExtendedProperties [LDAP: error code 50 - Insufficient Access Rights]
09/07/31 07:05:26 In doRequest method in ue.isNamingException

I fixed it in my environment.
formweb.cfg has oid_formsid and formsid_group_dn. Verify if these values are correct.
Also ensure that formsid_group_dn has no blank spaces after ',' (commas)
formsid_group_dn=cn=Logical Application Group,orclApplicationCommonName=formsApp_xyzhost_1224C3F0A73B11DBBFC783346A955D8F,cn=forms,cn=Products,cn=OracleContext

LDAP Search filter Jabber for Android

Hi,
I have this LDAP Filter which only shows me active users:
<BaseFilter>(&(objectclass=user)(objectcategory=person)(!UserAccountControl:1.2.840.113556.1.4.803:=2))</BaseFilter>
I have the same line for Jabber for Android, but it doesn't work.
<BDIBaseFilter>(&(objectclass=user)(objectcategory=person)(!UserAccountControl:1.2.840.113556.1.4.803:=2))</BDIBaseFilter>
I get 0 results for any search on Jabber Andorid. When I delete the "BDI" Line for the filter all together, then I get correct results - with photos and everything.
I also tried a simple filter e.g:
<BDIBaseFilter>(!UserAccountControl:1.2.840.113556.1.4.803:=2))</BDIBaseFilter>
No search results either.
Any ideas how to get Filter for Android working?
Versions:
Jabber for Android: 10.6
CUCM: 9.1.2

I think I found the coresponding messages in the log:
csf.person.ldap: [LdapSearchQueryHandler.cpp(51)] [start] - reqId = 2
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1482)] [sendSearchQuery] -
02-26 09:18:59.851 15477 15477 I csf.person.xmpp: [XMPPPersonRecordSource.cpp(268)] [fetchContacts] - Entering.
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1531)] [sendSearchQuery] - filter = (&(objectclass=user)(objectcategory=person)(!UserAccountControl:1.2.840.113556.1.4.803:=2)(|(sAMAccountName=at1sath))), baseDN=OU=Organization,DC=at,DC=customer,DC=net
02-26 09:18:59.851 15477 15477 D services-dispatcher: [ServicesDispatcher.cpp(147)] [pumpNext] - pumpNext.executed (ContactsAdapter::LoadContactsFromSource)
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1576)] [sendSearchQuery] - ldap search error. rc= -7 ,msg=Bad search filter
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1675)] [notifyListenersSearchRequestCompleted] - errorCode=-7
02-26 09:18:59.851 15477 15477 D services-dispatcher: [ServicesDispatcher.cpp(145)] [pumpNext] - pumpNext.executing (ContactsAdapter::LoadContactsFromSource)
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1258)] [mapErrorNo] - Code = -7, Msg=Bad search filter
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapSearchQueryHandler.cpp(84)] [onSearchRequestCompleted] - reqId = 1, errcode = 9
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1531)] [sendSearchQuery] - filter = (&(objectclass=user)(objectcategory=person)(!UserAccountControl:1.2.840.113556.1.4.803:=2)(|(sAMAccountName=at1hafr))), baseDN=OU=Organization,DC=at,DC=customer,DC=net
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1576)] [sendSearchQuery] - ldap search error. rc= -7 ,msg=Bad search filter
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1675)] [notifyListenersSearchRequestCompleted] - errorCode=-7
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapDirectoryImpl.cpp(1258)] [mapErrorNo] - Code = -7, Msg=Bad search filter
02-26 09:18:59.851 15477 15645 D csf.person.ldap: [LdapSearchQueryHandler.cpp(84)] [onSearchRequestCompleted] - reqId = 2, errcode = 9
The next question is now: Why is it a bad search filter? And what is the correct one? The same filter works on jabber for windows...
BR, Dave

Concurrent ldap search in the same thread

Hi,
I try to send in parallel several ldap search request to an iDS5.0 SP1 ldap server. The ldap client is java coded using LDAP SDK.
To emphasis my problem, I wrote a very simple ldap client:
A first request is sent to the ldap server. 200 entries matches the search criteria;
searchListener = _ld.search("ou=city0, ou=region0, ou=LoadTest, o=surpass.com",1,"(cn=*)",attrs,false,null, searchConstraints);
I read the 5 first messages sent back by the ldap server:
while (true) {
ldapMessage=searchListener.getResponse();
nbEntries++;
if (nbEntries>5) break;
Without waiting for the resultCode message, I send a new ldap search:
ldapSearchResults = _ld.search("ou=city1, ou=region1, ou=LoadTest, o=surpass.com",1,"(cn=*)",attrs,false,searchConstraints);
This search locks the java process. A timeout message is generated in the ldap server logs:
[27/Jan/2003:14:13:35 +0100] conn=60660 op=2 fd=48 closed error 11 (Resource temporarily unavailable) - B4
Is it a bug? Or is it mandatory, in a single thread process, to wait for the resultCode message before sending any other search request?
Yannick

Thank's for answering
You'r right, there are many ways to overcome the problem in my very simple ldap client:
- Send an abandon
- Wait for the resultCode message
- Use the search constraint BATCHSIZE=0
But my question is: is it possible to run several concurrent ldap requets in the same thread (like a pool of ldap search) and check their results in a asynchronous way?
Any idea?

Errors in LDAP configuration with Shared Services

Dear sirs,
we are getting errors in LDAP configuration with Shared Services.
Base DN is ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo East
The group cn is cn=AH
In LDAP log you can see the applications is searching the group:
"ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo"
When it should be:
“ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo East”
We think the problem is with space in Base DN "o=Grupo East", it is not properly considered.
Error Codes
EPMCSS-05145
Thanks in advance

Hi.
Could you try to define the Base DN as :
ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo\ East
I don't know if will work fine.. but you can use special characteres using with the "\"
Good luck.
Best regards!

Open Directory, third party LDAP search path problem on Snow Leopard

Happy new year folks,
I ran into an interesting problem this past week in regards to a third party LDAP directory in the Search path (which used to work on previous versions). The issue brings the server to its knees eventually. I'm still digging through the logs, but here's the general breakdown...
1. Add third-party LDAP to the OD node list. This has always worked on previous versions, and appears to still work at the most basic level. I can navigate the node with DSCL, read records, etc.
1. Add third-party LDAP to the OD search path.
2. Wait a few minutes....
3. The server begins to slow down. Apache, SSH, ServerAdmin service stop responding. I'm able to run "top" briefly, which shows an increase of threads.
4. Restart the server and quickly remove the directory from the OD search path
5. Server goes back to being rock solid with very nice response times for Apache, SSH, ServerAdmin, etc.
If anyone has any debugging suggestions, or has seen this before, let me know.
Jaime
--- Below is some console output leading up to the chaos. Before adding to search path, everything looks good --------------------
bash-3.2# dscl
Entering interactive mode... (type "help" for commands)
read /LDAPv3/ldap.itd.umich.edu/Users/jaimelm cn
dsAttrTypeNative:cn:
Jaime Magiera
Jaime L Magiera 1
Jaime L Magiera
--- Add to Search Path, which hangs ------------------------------------------------------------------------------
bash-3.2# dscl /Search -append / CSPSearchPath /LDAPv3/ldap.itd.umich.edu
--- DSCL in debug mode contains the following ----------------------------------------------
2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Client: ipfw, PID: 1097, API: libinfo, Server Used : libinfomig DAR : Procedure = getprotobynumber (13) : Result code = 0
2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Client: sso_util, PID: 1103, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779669 : Requested nodename = /Search
2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Plug-in call "dsDoPlugInCustomCall()" failed with error = -14292.
2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Port: 27151 Call: dsDoPlugInCustomCall() == -14292
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779
707 : Requested nodename = /LDAPv3/ldap.itd.umich.edu
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16779707 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAC : Dir Ref 167797072010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAR : Dir Ref 16779707
: Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAC : Dir Ref 16779707 :
Data buffer size = 1282010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779
707 : Requested nodename = ConfigNode2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16779
707 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: Requesting dsOpenDirNode with PID = 1114, UID = 0, and EUID = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsOpenDirNode(), Configure Used : DAC : Dir Ref = 16779707 : Node Name = /Configure
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsOpenDirNode(), Configure Used : DAR : Dir Ref = 1677970
7 : Node Ref = 33556926 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAC : Dir Ref 16779707
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAR : Dir Ref 16779707 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Configure Used : DAC : Node Ref = 33556926 : Requested Attrs = dsAttrTypeStandard:OperatingSystemVersion : Attr Type Only Flag = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Configure Used : DAR : Node Ref = 33556926 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Search Used : DAC : Node Ref = 33556924 : Requested Attrs = dsAttrTypeStandard:LSPSearchPath : Attr Type Only Flag = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Search Used : DAR : Node Ref = 33556924 : Result code = 0
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsDoPlugInCustomCall(), Search Used : DAC : Node Ref = 33556924 : Request Code = 444
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Checking for Search Node XML config file:
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - /Library/Preferences/DirectoryService/SearchNodeConfig.plist
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Have written the Search Node XML config file:
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - /Library/Preferences/DirectoryService/SearchNodeConfigBackup.plist
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Setting search policy to Custom search
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - CSearchPlugin::SwitchSearchPolicy: switch - reachability of node </LDAPv3/127.0.0.1> retained as <true>
2010-01-01 19:26:36 EST - T[0x000000010070A000] - CSearchPlugin::CheckNodes: checking network node reachability on search policy 0x0000000000002201
2010-01-01 19:26:36 EST - T[0x00000001037A5000] - CCachePlugin::EmptyCacheEntryType - Request to empty all types - Flushing the cache
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Client: Requesting dsOpenDirNode with PID = 0, UID = 0, and EUID = 0
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAC : Dir Ref = 16777216 : Node Name = /LDAPv3/127.0.0.1
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAR : Dir Ref = 16777216 : Node Ref = 33556929 : Result code = 0
2010-01-01 19:26:36 EST - T[0x000000010070A000] - CSearchPlugin::CheckNodes: calling dsOpenDirNode succeeded on node </LDAPv3/127.0.0.1>
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsCloseDirNode(), LDAPv3 Used : DAC : Node Ref = 33556929
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsCloseDirNode(), LDAPv3 Used : DAR : Node Ref = 33556929 : Result code = 0
2010-01-01 19:26:36 EST - T[0x0000000103181000] - mbr_mig - dsFlushMembershipCache - force cache flush (internally initiated)
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Client: Requesting dsOpenDirNode with PID = 0, UID = 0, and EUID = 0
2010-01-01 19:26:36 EST - T[0x0000000103181000] - Membership - dsNodeStateChangeOccurred - flagging all entries as expired
2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAC : Dir Ref = 16777216 : Node Name = /LDAPv3/ldap.itd.umich.edu
2010-01-01 19:26:36 EST - T[0x000000010070A000] - CLDAPNodeConfig::InternalEstablishConnection - Node ldap.itd.umich.edu - Connection requested for read
2010-01-01 19:26:36 EST - T[0x000000010070A000] - CLDAPNodeConfig::FindSuitableReplica - Node ldap.itd.umich.edu - Attempting Replica connect to 141.211.93.133 for read
2010-01-01 19:26:36 EST - T[0x0000000102481000] - CCachePlugin::SearchPolicyChange - search policy change notification, looking for NIS
2010-01-01 19:26:36 EST - T[0x0000000102481000] - Internal Dispatch, API: dsGetDirNodeInfo(), Search Used : DAC : Node Ref = 33554436 : Requested Attrs = dsAttrTypeStandard:SearchPath : Attr Type Only Flag = 0
------- From another screen, I do "id jaimelm", which hangs ------------------------------------------------------------------------
: Requested Rec Names = jaimelm : Rec Name Pattern Match:8449 = eDSiExact : Requested Rec Types = dsRecTypeStandard:Users
2010-01-01 19:36:55 EST - T[0x00000001082A2000] - Internal Dispatch, API: dsGetRecordList(), Search Used : DAC : 2 : Node Ref = 33554436 : Requested Attrs = dsAttrTypeStandard:AppleMetaNodeLocation;dsAttrTypeStandard:RecordName;dsAttrTy peStandard:Password;dsAttrTypeStandard:UniqueID;dsAttrTypeStandard:GeneratedUID; dsAttrTypeStandard:PrimaryGroupID;dsAttrTypeStandard:NFSHomeDirectory;dsAttrType Standard:UserShell;dsAttrTypeStandard:RealName;dsAttrTypeStandard:Keywords : Attr Type Only Flag = 0 : Record Count Limit = 1 : Continue Data = 0
2010-01-01 19:37:03 EST - T[0x0000000108325000] - Client: httpd, PID: 157, API: mbr_syscall, Server Used : process kauth result 0x0000000102022B30
2010-01-01 19:37:03 EST - T[0x00000001083A8000] - Client: httpd, PID: 151, API: mbr_syscall, Server Used : process kauth result 0x0000000102022C50
2010-01-01 19:37:05 EST - T[0x000000010842B000] - Client: httpd, PID: 203, API: mbr_syscall, Server Used : process kauth result 0x0000000102022D70
2010-01-01 19:37:15 EST - T[0x00000001084AE000] - Client: httpd, PID: 994, API: mbr_syscall, Server Used : process kauth result 0x0000000102023890
2010-01-01 19:37:26 EST - T[0x0000000108531000] - Client: httpd, PID: 198, API: mbr_syscall, Server Used : process kauth result 0x0000000102023980
2010-01-01 19:37:31 EST - T[0x00000001085B4000] - Client: httpd, PID: 161, API: mbr_syscall, Server Used : process kauth result 0x0000000~

Hi
I'm in agreement with harry here but what I'm struggling to understand is why you are seeing this as a problem? I'm also struggling to see this as being a possibility in a single server environment if I understand your post correctly?
Promotion to OD Master with all that entails absolutely rests on a properly configured and tested internal DNS Service. The Kerberos Realm's foundation (and with that the ability of the server to perform its function as KDC and offer LDAP services) entirely depends on what is configured in the DNS Service. This will include the server name, domain name and tld. The Kerberos Realm automatically configures itself using that information. Likewise the searchbase.
Its more than possible to change the Realm name and with it the LDAP search base (in certain circumstances) and have an OD Master, however Kerberos won't start it won't need to as the KDC will be elsewhere. You generally see this when augmenting Windows AD with MCX. In that situation Realm name and search base will reflect what is set on the Active Directory. Client computers will use what is set there for contact and authentication information before looking at the OD Master for anything else.
Does this help? Tony

How can I perform LDAP searches in BPEL?

Hello,
I'm trying to search an LDAP directory from a BPEL process.
There is a "ldap:search" XPath extension which appears to do this, but how do I specify which server to use. Just calling this function in an Assign produces an error message referring to a file called "directories.xml". Can anyone tell me what format this file should have (or how I automatically generate it)? I can't see it mentioned anywhere in the documentation.
Thanks for your help.

Did you ever get to know the location of this file?-directories.xml?

Paged LDAP Search Results Question

Greetings,
I have some code that does a dbms_ldap.search_s to create a view of all users. Everything was working fine until last week when got an error and I realized the results return exceeded the LDAPS MaxPageSizeLimit (was set to 2000, we now have 2000+ users). I was able to get the sys admins to increase the size temporarily until I can modify my code to page the search results. I've been doing some research on Page LDAP Search Results and am not finding much for dbms_ldap. Perhaps my research skills are not up to snuff. In any case, I found on oracle docs (http://docs.oracle.com/cd/E17904_01/oid.1111/e10186/ext_ldap.htm#CEGJJIAF) where it references:
"As of Oracle Internet Directory 10g (10.1.4.0.1), you can obtain paged results from an LDAP search, as described by IETF RFC 2696. You request sorted results by passing a control of type 1.2.840.113556.1.4.319 to the search function. Details are described in RFC 2696."
However, I'm not finding much on how to implement this using dbms_ldap.
Can anyone point me somewhere that I can found how to implement returning pagedResults using ldap with Oracle 11g?
Best,
Nat
Edited by: 899806 on Jan 10, 2012 10:23 AM

Yes, I did read that but I don't see in that file where it references anything about dbms. I see the section on:
RFC 2696 LDAP Control Ext. for Simple Paged Results September 1999
pagedResultsControl ::= SEQUENCE {
controlType 1.2.840.113556.1.4.319,
criticality BOOLEAN DEFAULT FALSE,
controlValue searchControlValue
However, when I look at oracle docs, I don't see where in dbms_ldap you can specify this config. any pointers?

LDAP Search/Bind function

I'm trying to create an authentication function that can perform a search/bind.
The algorithm for this is as follows:
1) Bind to the LDAP server as the application (ie: admin username and password)
2) Search the LDAP directory for the sign-in username %userid%
3) Get the DN of that entry
4) Unbind as the application
5) Bind as the sign-in username %userid% with the DN from above
I'm pretty sure that this is possible with the DBMS_LDAP and DBMS_LDAP_UTL packages, but I'm not sure how to put it all together. Does anyone out there know if a function such as this already exists?
Thanks,
Logan

Well, I figured it out.
create or replace FUNCTION F_Authenticate (p_username in varchar2, p_password in varchar2)
      RETURN BOOLEAN
   IS
      CURSOR ldap_param_cur
      IS
         SELECT *
           FROM ldap_parameters;
      ldap_param_rec   ldap_param_cur%ROWTYPE;
      l_session        DBMS_LDAP.SESSION;
      l_srch_attr      DBMS_LDAP.STRING_COLLECTION;
      l_attr_values    DBMS_LDAP.STRING_COLLECTION;
      l_result         DBMS_LDAP.MESSAGE;
      l_entry          DBMS_LDAP.MESSAGE;
      l_dn             VARCHAR2 (200);
      l_retval         PLS_INTEGER;
      multiple_uid     EXCEPTION;
      no_ldap_entry    EXCEPTION;
   BEGIN
      -- get parameters from uvic_ldap_parameters table
      OPEN ldap_param_cur;
      FETCH ldap_param_cur
       INTO ldap_param_rec;
      -- if the cursor returns no records display error message and exit
      IF ldap_param_cur%NOTFOUND
      THEN
         DBMS_OUTPUT.PUT_LINE
             ( 'LDAP Parameters not configured in UVIC_LDAP_PARAMETERS table'
         CLOSE ldap_param_cur;
         RETURN FALSE;
      END IF;
      CLOSE ldap_param_cur;
      DBMS_LDAP.use_exception := TRUE;
      BEGIN
         -- open session to ldap server
         l_session :=
            DBMS_LDAP.init (ldap_param_rec.ldap_host,
                            ldap_param_rec.ldap_port
         -- bind with credentials from cursor
         l_retval :=
            DBMS_LDAP.simple_bind_s (l_session,
                                     ldap_param_rec.search_credential,
                                     ldap_param_rec.search_passwd
         -- run ldap search
         l_retval :=
            DBMS_LDAP.search_s (l_session,
                                ldap_param_rec.search_base,
                                DBMS_LDAP.SCOPE_SUBTREE,
                                ldap_param_rec.search_filter || p_username,
                                l_srch_attr,
                                0,
                                l_result
         -- count the search result records
         l_retval := DBMS_LDAP.count_entries (l_session, l_result);
         -- if multiple search result records raise exception
         -- the userid should be unique and only return 1 search record
         IF l_retval > 1
         THEN
            RAISE multiple_uid;
         ELSIF NVL (l_retval, 0) = 0
         THEN
            RAISE no_ldap_entry;
         END IF;
         -- select first entry from ldap search record
         l_entry := DBMS_LDAP.first_entry (l_session, l_result);
         -- get the distinguished name from the ldap record
         l_dn := DBMS_LDAP.get_dn (l_session, l_entry);
         -- close ldap session used to retrieve search results
         l_retval := DBMS_LDAP.unbind_s (l_session);
         -- open session to ldap server
         l_session :=
            DBMS_LDAP.init (ldap_param_rec.ldap_host,
                            ldap_param_rec.ldap_port);
         -- bind using ldap search results distinguished name and password
         -- if the bind is successful the user can login
         l_retval := DBMS_LDAP.simple_bind_s (l_session, l_dn, p_password);
         -- close ldap session
         l_retval := DBMS_LDAP.unbind_s (l_session);
         RETURN TRUE;
      EXCEPTION
         WHEN multiple_uid
         THEN
            l_retval := DBMS_LDAP.unbind_s (l_session);
            DBMS_OUTPUT.PUT_LINE('Multiple LDAP entries found.'
            RETURN FALSE;
         WHEN no_ldap_entry
         THEN
            l_retval := DBMS_LDAP.unbind_s (l_session);
            DBMS_OUTPUT.PUT_LINE ('No LDAP records found.'
            RETURN FALSE;
         WHEN OTHERS
         THEN
            l_retval := DBMS_LDAP.unbind_s (l_session);
            DBMS_OUTPUT.PUT_LINE ('LDAP Error. Unknown type.');
            RETURN FALSE;
      END;
   EXCEPTION
      WHEN OTHERS
      THEN
         l_retval := DBMS_LDAP.unbind_s (l_session);
         DBMS_OUTPUT.PUT_LINE ('LDAP Error. Unknown type.');
         RETURN FALSE;
   END F_Authenticate;

Private Key Not Found Error in Ldaps

Hi,
I am facing "Private Key Not Found" Error in ldaps. The key and the SSL certificate is stored under the same location. The certificate is self signed certificate and in .pem format. When I am trying to install the certifcate through SUN ONE Console it throws the following error
"Either this certificate is for another server, or this certificate was not requested using this server".
can any one help me in this regard.
Regards
Senthil
Edited by: senlog80 on Dec 30, 2008 3:18 AM

Or even better, check the note <a href="https://websmp110.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=924320&_NLANG=E">924320</a>.
Symptom:
When you execute a query with virtual characteristics or key figures, the system issues the following error message:
Object FIELD I_S_DATA-<key figure> not found
Other terms
RSR00002, RSR_OLAP_BADI
Reason and Prerequisites
This problem is caused by a program error.
Solution
If the virtual characteristics or key figures are implemented using the enhancement RSR00002 (CMOD), implement the corrections.
If the virtual characteristics or key figures were created directly as implementations of the RSR_OLAP_BADI BAdI, compare the source code of the INITIALIZE method with the corresponding source code example. During the call of GET_FIELD_POSITIION_D, <L_S_SK>-VALUE_RETURNNM must be transferred instead of <L_S_SFK>-KYFNM.
Import Support Package 08 for SAP NetWeaver 2004s BI (BI Patch 08 or SAPKW70008) into your BI system. The Support Package is available when Note 0872280"SAPBINews BI 7.0 Support Package 08", which describes this Support Package in more detail, is released for customers.
In urgent cases, you can use the correction instructions.
To provide advance information, the note mentioned above may be available before the Support Package is released. In this case, the short text of the note still contains the words "Preliminary version".
Assign pts if helpful.

How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird?

How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird? We have a super awesome contacts server that works great for our Mac users. About 30% of our company are on PCs, and I would like to use the Mozilla Thunderbird mail client for them. I see that in Thunderbird I can set up LDAP searching, and would like to have this feature point to our contacts server. I've tried several different settings, and looked all over the web, but could not find the proper way to configure this. Does anyone know if this can be done, or if not, would have a better suggestion? Thank you for your time!!

try double clicking keychain acces should launch and ask if you want to install login, system, System roots
A dialog box will launch asking where to install the cert since your configuring a vpn I would put the certificate it in system.

Error occurred during search

Hello,
I'm getting the following error when I use the search in the Portal:
Error occurred during search: com.sapportals.wcm.WcmException: error: communication with preprocessor failed;index=teste,location=cdphl815:30203 (Errorcode 42)
That's probably an indexing error:
Indexing document failed. Preprocessor: failed (Errorcode 6800)
But I don't know what to do to fix this.
Please... help me!!
Thanks
Luisa

Hi Luisa,
It might help:
Trex Administration Tool:
http://help.sap.com/saphelp_erp2004/helpdata/en/23/92bd4016c0cc38e10000000a155106/frameset.htm
General TREX Configuration :
http://help.sap.com/saphelp_erp2004/helpdata/en/c2/d81e40777cdd5fe10000000a155106/frameset.htm
Post-Installation Activities :
http://help.sap.com/saphelp_erp2004/helpdata/en/8b/1cc83edf72e16be10000000a114084/frameset.htm
Hope it helps,
Yoav

Sun idm LDAP Search Filter, logical operations.

Hi
Can any body please give me the solution on LDAP Search Filter
I need to get all the users from a LDAP
Whose attribute1 contains any of the values like (abc, bbc)
OR
Whose attribute2 contains any of the values like (xyz, yxz)

we got the solution
(|(|(attr1=abc)(attr1=bbc))(|(attr2=xyz)(attr2=yxz)))
finally this worked.

Lots of errors in LDAP Logs

We are having some issues with some user accounts, and I went into the logs to see what I could find. I am getting tons of errors in LDAP alone. Here is from the last 30 minutes. Not sure what is means exactly... Can anybody shed some light on this
Feb 8 12:00:38 server slapd[46]: SASL [conn=86077] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:00:39 server slapd[46]: <= bdbequalitycandidates: (sambaSID) index_param failed (18)\n
Feb 8 12:00:39 server slapd[46]: <= bdbequalitycandidates: (sambaSID) index_param failed (18)\n
Feb 8 12:00:56 server slapd[46]: SASL [conn=86083] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:00:57 server slapd[46]: SASL [conn=86087] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:00:58 server slapd[46]: SASL [conn=86091] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:03:48 server slapd[46]: SASL [conn=86106] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:18 server slapd[46]: SASL [conn=86131] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:19 server slapd[46]: SASL [conn=86135] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:19 server slapd[46]: SASL [conn=86139] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:20 server slapd[46]: SASL [conn=86143] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:32 server slapd[46]: <= bdbequalitycandidates: (apple-computers) index_param failed (18)\n
Feb 8 12:08:32 server slapd[46]: <= bdbequalitycandidates: (apple-computers) index_param failed (18)\n
Feb 8 12:08:53 server slapd[46]: SASL [conn=86150] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:54 server slapd[46]: SASL [conn=86154] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:54 server slapd[46]: SASL [conn=86156] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:11:38 server slapd[46]: SASL [conn=86175] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:11:39 server slapd[46]: SASL [conn=86179] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:13:08 server slapd[46]: connection_read(22): no connection!\n
Feb 8 12:15:32 server slapd[46]: connection_read(28): no connection!\n
Feb 8 12:23:32 server slapd[46]: SASL [conn=86249] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:23:33 server slapd[46]: SASL [conn=86253] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:23:35 server slapd[46]: SASL [conn=86257] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:30:37 server slapd[46]: connection_read(28): no connection!\n

This article fixed my problem
http://support.apple.com/kb/TS2915

Error in LDAP Search QPAC

Similar Messages

Maybe you are looking for