LDAP: error code 48 - Server is Configured to Deny Anonymous Binds

Is it possible to authenticate user from java code when Anonymous binds in Oracle Internet Directory is disabled? I have been trying to make direct LDAP calls for authentication but it gives me error as below:
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - Server is Configured to Deny Anonymous Binds];
Appreciate help from fellow members.
Thanks,
Shivam

You create a user entry in OID specifically to be used by your java application. Some folks refer to this type of user entry as a proxy or service or utility account. You may not want this service account to be located in your cn=users,dc=acme,dc=com container with the reset of your normal user entries. You may want to create a cn=serviceAccount,dc=acme,dc=com container (as an example) for all of these types of accounts. Or you can put it in your cn=users container, that's fine as well.
cn=java-app-01,cn=serviceAccount,dc=acme,dc=com
or
cn=java-app-01,cn=users,dc=acme,dc=com
Then your java app gets configured to use this account to perform an authenticated bind/search (in lieu of the anonymous bind/search) to find the full DN of the user logging into your java app. Most ldap enabled applications ask the user to provide only the common name (cn) or unixID (uid) and password at the application login prompt.
1. The app then performs an anonymous bind/search for the full user entry DN of the user attempting to authenticate into the application.
or
2. The app then performs an authenticated bind/search (using the service account) for the full user entry DN of the user attempting to authenticate into the application.
...once the app receives back the full user entry DN, the app takes that full DN (dn: cn=gatesb,cn=users,dc=acme,dc=com) and the password provided by the user and attempts the user authentication.
Hope this helps.....

Similar Messages

Invalid ID store configuration LDAP : Error code 32- No Such object

Followed note : Integrating Oracle E-Business Suite Release 12.1.3 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate [ID 1484024.1
Completed all these steps:
Integrate Oracle Internet Directory with Oracle E-Business Suite
Configure Oracle Internet Directory to return operational attributes
Install Oracle Access Manager
Install and Configure WebGate on the WebTier
Register the WebGate Agent with Oracle Access Manager
Test your WebGate.
we stuck at the stage of Configure Identity Store .
section 4.3.2.1: Create User Identity Store
In the OAM Console, navigate to System Configuration > Common Configuration > Data Sources > User Identity Stores.
Highlight the User Identity Stores node, and click the "*" (Create) icon.
In the window that opens, enter the attributes for your new identity store, for example:
•Store Name = EBSIdStore
•Store Type = OID: Oracle Internet Directory
•Location = oraoidprd1.guc.loc:3060
•Bind DN = cn=orcladmin
•Password =
•User Name Attribute = uid
•User Search Base = cn=users,dc=us,dc=oraoidprd1,dc=com,dc=guc,dc=loc
•Group Search Base = cn=groups,dc=us,dc=oraoidprd1,dc=com,dc=guc,dc=loc
when we click test conenction it fails with
Invalid ID store configuration. User search base specified is invalid
LDAP : Error code 32- No Such object
Any help is greatly appreciated.
Thanks!

Yes.. i am passign the correct values..
Here are the registration steps we did.. as a pre-requisite:
1. Register instance:
[apdevebs@oraebsdev1 bin]$ $FND_TOP/bin/txkrun.pl -script=SetSSOReg -registerinstance=yes
You are registering ORACLE HOME only.
Enter the host name where Oracle iAS Infrastructure database is installed ? oraoidprd1
Enter the LDAP Port on Oracle Internet Directory server ? 3060
Enter SSL LDAP Port on Oracle Internet Directory server ? 3131
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ?
Enter Oracle E-Business apps database user password ?
2. Register OID:
Register OID
2. [apdevebs@oraebsdev1 bin]$ $FND_TOP/bin/txkrun.pl -script=SetSSOReg -registeroid=yes
You are registering this instance with OID Server.
Enter LDAP Host name ? oraoidprd1
Enter the LDAP Port on Oracle Internet Directory server ? 3060
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ?
Enter the instance password that you would like to register this application instance with ? test123
Enter Oracle E-Business apps database user password ?
3.. Configure Oracle Internet Directory to return operational attributes
cd /mnt/oidprd_app/app/middleware/Oracle_IDM1/bin
[apprdoid@oraoidprd1 bin]$ cat change_attrs.ldif
dn: cn=dsaconfig, cn=configsets,cn=oracle internet directory
changetype: modify
add: orclallattrstodn
orclallattrstodn:cn=orcladmin
[apprdoid@oraoidprd1 bin]$ export ORACLE_HOME=/mnt/oidprd_app/app/middleware/Oracle_IDM1
[apprdoid@oraoidprd1 bin]$ export PATH=$ORACLE_HOME/bin:$PATH
[apprdoid@oraoidprd1 bin]$ echo $ORACLE_HOME
/mnt/oidprd_app/app/middleware/Oracle_IDM1
[apprdoid@oraoidprd1 bin]$ $ORACLE_HOME/bin/ldapmodify -h oraoidprd1.guc.loc -p 3060 -D cn=orcladmin -w orcladminguprd0id -v -f change_attrs.ldif
add orclallattrstodn:
cn=orcladmin
modifying entry cn=dsaconfig, cn=configsets,cn=oracle internet directory
modify complete
All these pre-req steps compelted successfully.

OID - OperationalNotSupportedException: [LDAP: error code 53 - Server ... ]

Hi,
I'm using JNDI (Java Native Directory Interface) accessing OID, and I received a javax.naming.OperationalNotSupportedException: [LDAP: error code 53 - Server currently in read only mode. Update operations not allowed];
I am not sure what's wrong.
I tried the following command
"./ldapsearch -b "" -s base "objectclass=*" orclservermode" The returned result is "orclservermode=rw"
So it is in read-write mode. I'm not sure what's wrong.
This started happen after I apply the 10.1.4.2.0 patch.

Unfortunately I am not an OID expert so I can't really comment on the OID server part of the problem.
What I actually have plenty of experience of is the JNDI package and there has been a number of times when the error messages produced by JNDI have been cryptic or simply wrong. I would recommend sniffing the LDAP connection and check what error messages are actually created by the OID server.
Good luck!
/M

LDAP: error code 65

i am trying to connect to the LDAP using the JNDI
and i am getting the following error i was unable to solve it
here i am posting my sample slapd.cof file as well as my source program and the error
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class MakeRoot {
final static String ldapServerName = "localhost";
final static String rootdn = "cn=Manager, o=jndiTest";
final static String rootpass = "secret";
final static String subContext = "o=jndiTest";
public static void main( String[] args ) {
// set up environment to access the server
Properties env = new Properties();
env.put( Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory" );
env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" );
env.put( Context.SECURITY_PRINCIPAL, rootdn );
env.put( Context.SECURITY_CREDENTIALS, rootpass );
try {
// obtain initial directory context using the environment
DirContext ctx = new InitialDirContext( env );
// now, create the root context, which is just a subcontext
// of this initial directory context.
ctx.createSubcontext( subContext );
} catch ( NameAlreadyBoundException nabe ) {
System.err.println( subContext + " has already been bound!" );
} catch ( Exception e ) {
System.err.println( e );
slapd.cof
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
ucdata-path     ./ucdata
include          ./schema/core.schema
include          ./schema/cosine.schema
include          ./schema/inetorgperson.schema
include          ./schema/java.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral     ldap:/root.openldap.org
pidfile          ./run/slapd.pid
argsfile     ./run/slapd.args
# Load dynamic backend modules:
# modulepath     ./libexec/openldap
# moduleload     back_bdb.la
# moduleload     back_ldap.la
# moduleload     back_ldbm.la
# moduleload     back_passwd.la
# moduleload     back_shell.la
# Sample security restrictions
#     Require integrity protection (prevent hijacking)
#     Require 112-bit (3DES or better) encryption for updates
#     Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
#     Root DSE: allow anyone to read it
#     Subschema (sub)entry DSE: allow anyone to read it
#     Other DSEs:
#          Allow self write access
#          Allow authenticated users read access
#          Allow anonymous users to authenticate
#     Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#     by self write
#     by users read
#     by anonymous auth
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
# rootdn can always read and write EVERYTHING!
# BDB database definitions
#database     bdb
#suffix          "o=jndiTest"
#rootdn          "cn=Manager,o=jndiTest"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw          secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
#directory     ./data
# Indices to maintain
#index     objectClass     eq
database bdb
#suffix "dc=stooges,dc=org"
suffix "o=jndiTest"
rootdn "cn=Manager,o=jndiTest"
rootpw secret
directory ./data
defaultaccess read
schemacheck off
lastmod on
error:
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - object class 'javaContainer' requires attribute 'cn']; remaining name 'o=jndiTest'

I have updated the ldap java.schema with below entries, it is working fine
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
     NAME 'javaContainer'
     DESC 'Container for a Java object'
     SUP top
     STRUCTURAL
     MAY ( o $ cn))

DPS7: LDAP error code 52

env: DPS7 on RH5. we are running into many types of connection issues...the following 3 are frequent..
1. LDAP: error code 52 - Unable to read BIND response from server
2. LDAP: error code 52 - Unable to read SEARCH response from backend server : Connection reset by peer
3. LDAP: error code 52 - Unable to read SEARCH response from backend server : Timeout when waiting to read from input stream
Appreciate someone helping me understand under what circumstances the above errors occur and what needs to be tweaked to limit them.
Also, is there a way to configure DPS not to use connection pools and instead open fresh connections for each client operation. Why would I do that. I believe DPS needs a lot of timeout and monitoring times tweaking to make sure that the connections in the pool are monitored properly and kept active. Any suggestions here.

Hi,
Looks like the connections between DPS and DS are invalid. This gives rise to a great variety of error message depending on when the error is detected (read, write, timeout etc).
In most cases, this is related to aggressive idle-timeout set on the DS side or HW LB that impacts DPS connection pooling.
The dpconf property "monitoring-inactivity-timeout" , defaulted to 120s may be used to keep pooled connection alive.
Hope this helps
-Sylvain

LDAP: error code 49

Hi,
I am testing a single sign-on with spnego configuration. When I run diagtool spnego.conf, I always get this error.
Error connecting to the LDAP server
[EXCEPTION]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece�]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at com.sap.engine.config.diagtool.lib.ldap.LDAPServer.connect(LDAPServer.java:99)
at com.sap.engine.config.diagtool.tests.authentication.krb.MSActiveDirectoryKrbTest.checkServiceUser(MSActiveDirectoryKrbTest.java:153)
at com.sap.engine.config.diagtool.tests.authentication.krb.MSActiveDirectoryKrbTest.execute(MSActiveDirectoryKrbTest.java:127)
at com.sap.engine.config.diagtool.Task.execute(Task.java:55)
at com.sap.engine.config.diagtool.Launcher.run(Launcher.java:343)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.engine.config.diagtool.Launcher.main(Launcher.java:394)
Please help me to figure out what's wrong, and I would greatly appreciate that.
Regards,
-Napadol

Hello,
You have implemented a trusted domain tree configured with a cross-referrals in order to forward the DNs to another LDAP within the domain. Most probably you login onto an LDAP server that forwards the search request (aka the logon request). As the LDAP connection is not configured against referrals, the authentication to LDAP fails.
for more details, see http://support.microsoft.com/kb/241737
This is a known issue on the DiagTool that the SAP NW Security Developers currently investigate.
Please use the WebDiagtool for root cause analysis. It provides the same functionality. If you'd like to collect the user data from the LDAP server (as the DiagTool does it automatically), please use ldifde command directly on the MS host.
Cheers,
Tsvetomir

LDAP Error code 65 - givenName

I have tried dozens of things and reviewed many metalink documents, but none of them seem to zero in on my exact issue. Can someone please tell me why it is unable to map the givenName attribute. I have verified that inetOrgPerson is the correct objectclass to map this attribute, so I really don't understand.
My mapping is as follows:
givenName: : :person:givenName: :inetorgperson
Here is the details from my import.trc file.
Command exec succesful
LDAP URL : (server.mycompanyenergy.com:port : 389cn=AdminOID,cn=users,dc=mycompanyenergy,dc=com
LDAP Connection success
LDAP URL : (server.mycompanyenergy.com:389 cn=AdminOID,cn=users,dc=mycompanyenergy,dc=com
Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
LDAP Connection success
Last Cookie:TVNEUwMAAAAZWAkygJLLAQAAAAAAAAAAGAEAAMxcJgAAAAAAAAAAAAAAAADMXCYAAAAAAIYe+wZstEBBmZS0D5tgsHIBAAAAAAAAAAsAAAAAAAAAhh77Bmy0QEGZlLQPm2CwctRcJgAAAAAAyXc5FZpI0EKT2vApaqLf0QbybAAAAAAAxQ7dMLsVXEORsgFd1HJd4/OvhAAAAAAAEX6EMgTxVk+GUsZbGZvEYEyIgwAAAAAAUt0eQY/5c0+YwrHTuSWj6oi+iwMAAAAA8fdCZEQBBUS7GM7m8LxW3eFvqwEAAAAADFg9fo0Mhk6gjY+SsJSaYh4NLgAAAAAArLDumHJ2NEyD4z8FAKGRU4p0AAAAAAAAC+CWoJbJsk2lkF9r8XwUKGZ+bwAAAAAA5ABDre7ZDU+vzdZhaHJCR8EsAQAAAAAAVUA8umstpEaHIpGN0a8S124iCAAAAAAA
Last IgnoreCnt:0
Reader Initialised !!
LDAP URL : (drsnt17.mycompanyenergy.com:389 cn=odisrv+orclhostname=DRSNT17,cn=registered instances,cn=directory comegration platform,cn=products,cn=oraclecontext
Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
LDAP Connection success
Writer Initialised!!
Writer proxy connection initialised!!
MapEngine Initialised!!
Filter Initialised!!
searchF : (|(objectclass=organizationalunit)(&(objectclass=user)(userprincipalname=*)(!(objectclass=computer)))(isDeleted=TRUE))
searchF : (|(objectclass=organizationalunit)(&(objectclass=user)(userprincipalname=*)(!(objectclass=computer)))(isDeleted=TRUE))
Search Time 63
Search Changes Done
Value of mIgnoreCnt: 0
ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: CN=AdminGEL,CN=Users,DC=mycompanyenergy,DC=com
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [top, person, organizationalPerson, user]
Class: null Name: objectguid Type: null ChgType: REPLACE Value: [[B@39443f]
Source ChangeRecord Created
MAPPING : Source Change Record : ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: CN=AdminGEL,CN=Users,DC=mycompanyenergy,DC=com
Attributes:
Class: null Name: CN Type: null ChgType: Value: [AdminGEL]
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [top, person, organizationalPerson, user]
Class: null Name: objectguid Type: null ChgType: REPLACE Value: [[B@39443f]
MAPPING: Attributes - Start
MAPPING: Processing Map Rule : 7
MAPPING: Processing Map Rule : 7
Value is empty after evaluation of mapping rule
MAPPING: Processing Map Rule : 8
MAPPING: Processing Map Rule : 8
MAPPING: Processing Map Rule : 7
MAPPING: DstChangeRecord after Attribute Mapping : ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: CN=AdminGEL,CN=Users,DC=mycompanyenergy,DC=com
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [orcladuser, orcluserv2]
Class: null Name: orclSAMAccountName Type: null ChgType: NOCHANGE Value: [$ ]
Class: null Name: krbPrincipalName Type: null ChgType: NOCHANGE Value: [@ ]
Class: null Name: orclObjectGUID Type: null ChgType: REPLACE Value: [s+86AiXo4EW5VplAtIXjkQ==]
Not able to construct DN
MAPPING : Dst Change Record : ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: *
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [orcladuser, orcluserv2]
Class: null Name: orclSAMAccountName Type: null ChgType: NOCHANGE Value: [$ ]
Class: null Name: krbPrincipalName Type: null ChgType: NOCHANGE Value: [@ ]
Class: null Name: orclObjectGUID Type: null ChgType: REPLACE Value: [s+86AiXo4EW5VplAtIXjkQ==]
Output ChangeRecord ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: *
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [orcladuser, orcluserv2]
Class: null Name: orclSAMAccountName Type: null ChgType: NOCHANGE Value: [$ ]
Class: null Name: krbPrincipalName Type: null ChgType: NOCHANGE Value: [@ ]
Class: null Name: orclObjectGUID Type: null ChgType: REPLACE Value: [s+86AiXo4EW5VplAtIXjkQ==]
DN : *
Normalized DN : cn=admingel,ou=oidusers,cn=users,dc=mycompanyenergy,dc=com
Changetype is 5
Processing modifyRadd Operation ..
Proceeding with checkNReplace..
Performing checkNReplace..
Naming attribute: cn
Naming attribute value: orclObjectGUID
Naming attribute value: objectclass
Total # of Mod Items : 1
Exception Modifying Entry : javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find givenname in mandatory or optional attribute list.]; remaining name 'cn=admingel,ou=oidusers,cn=users,dc=mycompanyenergy,dc=com'
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find givenname in mandatory or optional attribute list.]; remaining name 'cn=admingel,ou=oidusers,cn=users,dc=mycompanyenergy,dc=com'
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
     at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1440)
     at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
     at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:146)
     at oracle.ldap.odip.gsi.LDAPWriter.checkNReplace(LDAPWriter.java:862)
     at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:740)
     at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:335)
     at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:581)
     at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
     at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
[LDAP: error code 65 - Failed to find givenname in mandatory or optional attribute list.]
Entry Not Found. Converting to an ADD op..
Processing Insert Operation ..
Performing createEntry..
Exception creating Entry : javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find cn in mandatory or optional attribute list.]; remaining name 'cn=admingel,ou=oidusers,cn=users,dc=mycompanyenergy,dc=com'
[LDAP: error code 65 - Failed to find cn in mandatory or optional attribute list.]
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find cn in mandatory or optional attribute list.]; remaining name 'cn=admingel,ou=oidusers,cn=users,dc=mycompanyenergy,dc=com'
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
     at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:777)
     at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
     at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:176)
     at oracle.ldap.odip.gsi.LDAPWriter.createEntry(LDAPWriter.java:1054)
     at oracle.ldap.odip.gsi.LDAPWriter.insert(LDAPWriter.java:409)
     at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:748)
     at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:335)
     at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:581)
     at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
     at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
DIP_LDAPWRITER_ERROR_CREATE
Error in executing mapping DIP_LDAPWRITER_ERROR_CREATE
DIP_LDAPWRITER_ERROR_CREATE
     at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:722)
     at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
     at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
DIP_LDAPWRITER_ERROR_CREATE
Last chg key: TVNEUwMAAAAZWAkygJLLAQAAAAAAAAAAGAEAAMxcJgAAAAAAAAAAAAAAAADMXCYAAAAAAIYe+wZstEBBmZS0D5tgsHIBAAAAAAAAAAsAAAAAAAAAhh77Bmy0QEGZlLQPm2CwctRcJgAAAAAAyXc5FZpI0EKT2vApaqLf0QbybAAAAAAAxQ7dMLsVXEORsgFd1HJd4/OvhAAAAAAAEX6EMgTxVk+GUsZbGZvEYEyIgwAAAAAAUt0eQY/5c0+YwrHTuSWj6oi+iwMAAAAA8fdCZEQBBUS7GM7m8LxW3eFvqwEAAAAADFg9fo0Mhk6gjY+SsJSaYh4NLgAAAAAArLDumHJ2NEyD4z8FAKGRU4p0AAAAAAAAC+CWoJbJsk2lkF9r8XwUKGZ+bwAAAAAA5ABDre7ZDU+vzdZhaHJCR8EsAQAAAAAAVUA8umstpEaHIpGN0a8S124iCAAAAAAA
ActiveImport:Error in Mapping EngineDIP_LDAPWRITER_ERROR_CREATE
DIP_LDAPWRITER_ERROR_CREATE
     at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:741)
     at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
     at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
ActiveImport:about to Update exec status
Updated Attributes
orclodipLastExecutionTime: 20101208201740
orclodipConDirLastAppliedChgNum: TVNEUwMAAAAZWAkygJLLAQAAAAAAAAAAGAEAAMxcJgAAAAAAAAAAAAAAAADMXCYAAAAAAIYe+wZstEBBmZS0D5tgsHIBAAAAAAAAAAsAAAAAAAAAhh77Bmy0QEGZlLQPm2CwctRcJgAAAAAAyXc5FZpI0EKT2vApaqLf0QbybAAAAAAAxQ7dMLsVXEORsgFd1HJd4/OvhAAAAAAAEX6EMgTxVk+GUsZbGZvEYEyIgwAAAAAAUt0eQY/5c0+YwrHTuSWj6oi+iwMAAAAA8fdCZEQBBUS7GM7m8LxW3eFvqwEAAAAADFg9fo0Mhk6gjY+SsJSaYh4NLgAAAAAArLDumHJ2NEyD4z8FAKGRU4p0AAAAAAAAC+CWoJbJsk2lkF9r8XwUKGZ+bwAAAAAA5ABDre7ZDU+vzdZhaHJCR8EsAQAAAAAAVUA8umstpEaHIpGN0a8S124iCAAAAAAA
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors:
Sleeping for 1secs

Is there anyone who can help? I am getting the error on krbprincipalname now. Here is the mapping of the change record, I can't determine where the problem is.
ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: CN=AdminGEL,CN=Users,DC=mycompany,DC=com
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [top, person, organizationalPerson, user]
Class: null Name: objectguid Type: null ChgType: REPLACE Value: [[B@edc3a2]
Source ChangeRecord Created
MAPPING : Source Change Record : ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: CN=AdminGEL,CN=Users,DC=mycompany,DC=com
Attributes:
Class: null Name: CN Type: null ChgType: Value: [AdminGEL]
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [top, person, organizationalPerson, user]
Class: null Name: objectguid Type: null ChgType: REPLACE Value: [[B@edc3a2]
MAPPING: Attributes - Start
MAPPING: Processing Map Rule : 7
MAPPING: Processing Map Rule : 7
Value is empty after evaluation of mapping rule
MAPPING: Processing Map Rule : 8
MAPPING: Processing Map Rule : 7
MAPPING: DstChangeRecord after Attribute Mapping : ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: CN=AdminGEL,CN=Users,DC=mycompany,DC=com
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [orcladuser]
Class: null Name: orclSAMAccountName Type: null ChgType: NOCHANGE Value: [$ ]
Class: null Name: orclObjectGUID Type: null ChgType: REPLACE Value: [s+86AiXo4EW5VplAtIXjkQ==]
Not able to construct DN
MAPPING : Dst Change Record : ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: *
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [orcladuser]
Class: null Name: orclSAMAccountName Type: null ChgType: NOCHANGE Value: [$ ]
Class: null Name: orclObjectGUID Type: null ChgType: REPLACE Value: [s+86AiXo4EW5VplAtIXjkQ==]
Output ChangeRecord ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: *
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [orcladuser]
Class: null Name: orclSAMAccountName Type: null ChgType: NOCHANGE Value: [$ ]
Class: null Name: orclObjectGUID Type: null ChgType: REPLACE Value: [s+86AiXo4EW5VplAtIXjkQ==]
DN : *
Normalized DN : cn=admingel,ou=oidusers,cn=users,dc=mycompany,dc=com
Changetype is 5
Processing modifyRadd Operation ..
Proceeding with checkNReplace..
Performing checkNReplace..
Naming attribute: cn
Naming attribute value: orclObjectGUID
Naming attribute value: objectclass
Total # of Mod Items : 1
Exception Modifying Entry : javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find krbprincipalname in mandatory or optional attribute list.]; remaining name 'cn=admingel,ou=oidusers,cn=users,dc=mycompany,dc=com'
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find krbprincipalname in mandatory or optional attribute list.]; remaining name 'cn=admingel,ou=oidusers,cn=users,dc=mycompany,dc=com'
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
     at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1440)
     at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
     at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:146)
     at oracle.ldap.odip.gsi.LDAPWriter.checkNReplace(LDAPWriter.java:862)
     at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:740)
     at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:335)
     at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:581)
     at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
     at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
[LDAP: error code 65 - Failed to find krbprincipalname in mandatory or optional attribute list.]
Based on the objects attributes list, the krbprincipalname is part of the orcluserv2 object class, so the mapping should be fine.
objectclasses: ( 2.16.840.1.113894.1.2.52 NAME 'orclUserV2' SUP 'top' AUXILIAR
Y MAY ( orclHireDate $ orclDateOfBirth $ orclMaidenName $ orclIsVisible $ or
clDisplayPersonalInfo $ middleName $ orclDefaultProfileGroup $ c $ orclTimeZ
one $ orclIsEnabled $ orclPasswordHintAnswer $ orclPasswordHint $ orclWorkfl
owNotificationPref $ orclTimeZone $ c $ orclActiveStartDate $ orclActiveEndD
ate $ orclGender $ userPKCS12 $ orclPKCS12Hint $ orclPassword $ authPassword
$ orclPasswordVerifier $ orclSecondaryUID $ krbPrincipalName $ orclWireless
AccountNumber $ orclUIAccessibilityMode $ assistant $ orclSAMAccountName $ o
rclUserProvMode ) )

Hitting error LDAP: error code 20 - mail attribute has duplicate value.

Hi ,
Anyone faced this issue before LDAP: error code 20 - mail attribute has duplicate value. We are getting this error intermittently in oid logs and
and due to that provisioning stuck . I know that the issue due to the object class mismatch in attributes. But map profile looks fine . Anything else need to check ?
SSO verion 10.4.1.3 and DB version 10g .
javax.naming.directory.AttributeInUseException: [LDAP: error code 20 - mail attribute has duplicate value.]; remaining name 'uid=abc,cn=users,dc=xyz ,dc=com'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2972)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
        at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1440)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
        at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:146)
        at oracle.ldap.odip.gsi.LDAPWriter.modify(LDAPWriter.java:479)
        at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:318)
        at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:656)
        at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
        at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
DIP_LDAPWRITER_ERROR_MODIFY
Error in executing mapping DIP_LDAPWRITER_ERROR_MODIFY
DIP_LDAPWRITER_ERROR_MODIFY
        at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:830)
        at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
        at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
DIP_LDAPWRITER_ERROR_MODIFY
Setting Change Success Count : 27682
Setting Change Failure Count : 11004
CDSImportProfile:Error in Mapping EngineDIP_LDAPWRITER_ERROR_MODIFY
DIP_LDAPWRITER_ERROR_MODIFY
        at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:851)
        at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
        at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
CDSImportProfile:about to Update exec status

did you search the LDAP server to see whether the email value you try to use already exist ? typically LDAP server do not care whether email is duplicated or not, but by default OIM server do not allow duplicated email

LDAP: error code 53 - Function Not Implemented

Hi All,
While doing search on Oracle internet directory server(oracle ldap server),
we are getting following exception.
Exception
in thread "main" javax.naming.OperationNotSupportedException: [LDAP:
error code 53 - Function Not Implemented]; remaining name
'ou=people,dc=test,dc=com'
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3058)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
     at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
     at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
     at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
     at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
     at DifferentSearches.doFilterSearch(DifferentSearches.java:99)
     at DifferentSearches.main(DifferentSearches.java:23)
Following is the code -
code:
     DirContext ctx= getDirContext();
     SearchControls ctls = new SearchControls();
     ctls. setReturningObjFlag (true);
     ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
     String filter = "(displayname=chandra)";
     NamingEnumeration answer = ctx.search("ou=people,dc=test,dc=com", filter, ctls);
     formatResults(answer);
     ctx.close();
When we search on the added attributes (like currentsession count) it works
fine. For this we had to enable index in OID on this field. But this is
not possible for the default attributes. OID does not provide a way to
enable indexing on these attributes. Could someone please let us know
how we can search on default attributes ?
Regards
Rahul
Edited by: Rahul_Sonawale on Oct 17, 2008 4:26 AM

Thanks Rajiv for reply.
I had read that thread before posting this. However, this is lightly different.
From other sites I can see that if it's caused by indexing, the error msg would say so and also tell you which attribute it is.
Some one suggested it's OID dropping the database connections intermittantly and should check both CRS ORACLE_HOME and RDBMS ORACLE_HOME have SQLNET.EXPIRE_TIME set and check the TNS and alert logs on the DB side for any other possible connection failure.
From some OID log we do see it has lost database connection:
OID logs in /u01/oid/oid_inst/diagnostics/logs/OID/oid1 :
ConnID:76 mesgID:2 OpID:1 OpName:search ConnIP:10.244.87.239 ConnDN:cn=policyrwuser,cn=users,dc=us,dc=oracle,dc=com
[gsldecfsFetchEntries] ORA error 3135: ORA-03135: connection lost contact
Process ID: 29973
Session ID: 164 Serial number: 3
I should post another thread for oid lost db connection.

Javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21

I have collected the following code from "http://www.concentric.net/~adhawan/tutorial/"
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.*;
import java.util.*;
public class MakeRoot {
        final static String ldapServerName = "localhost";
        final static String rootdn = "cn=Manager, o=jndiTest";
        final static String rootpass = "secret";
        final static String rootContext = "o=jndiTest";
        public static void main( String[] args ) {
                // set up environment to access the server
                Properties env = new Properties();
                env.put( Context.INITIAL_CONTEXT_FACTORY,
                         "com.sun.jndi.ldap.LdapCtxFactory" );
                env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" );
                env.put( Context.SECURITY_PRINCIPAL, rootdn );
                env.put( Context.SECURITY_CREDENTIALS, rootpass );
                try {
                        // obtain initial directory context using the environment
                        DirContext ctx = new InitialDirContext( env );
                        // now, create the root context, which is just a subcontext
                        // of this initial directory context.
                        ctx.createSubcontext( rootContext );
                } catch ( NameAlreadyBoundException nabe ) {
                        System.err.println( rootContext + " has already been bound!" );
                } catch ( Exception e ) {
                        System.err.println( e );
}I am using the ldap server at here:
http://download.bergmans.us/openldap/openldap-2.2.29/openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe
My slap.conf is:database     bdb
suffix          "dc=jndiTest"
rootdn          "cn=Manager,dc=jndiTest"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory     ./data
# Indices to maintain
index     objectClass     eqWhile running this code:
ldap://localhost:389/
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - ob
jectClass: value #0 invalid per syntax]; remaining name 'dc=jndiTest'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
        at com.sun.jndi.toolkit.ctx.ComponentContext.p_createSubcontext(Unknown
Source)
        at com.sun.jndi.toolkit.ctx.PartialCompositeContext.createSubcontext(Unk
nown Source)
        at com.sun.jndi.toolkit.ctx.PartialCompositeContext.createSubcontext(Unk
nown Source)
        at javax.naming.InitialContext.createSubcontext(Unknown Source)
        at MakeRoot.main(MakeRoot.java:35)It's obviously connecting with the given credentials and provider url. But then why is it not working?
Any help would highly appreciated. Thanks in advance.

That is right I agree. And I guess that happened because I was trying to doing different permutation-combination with the naming scheme and I forgot to update slapd.conf. And even after made that change it was showing the same error. The poster forgot to mention to include java.schema. That change made it work finally.
Thanks for your reply.

Javax.naming.NameAlreadyBoundException [LDAP: error code 68

I am getting the below Error when I am trying to add the entry into the LPAD Server.
javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry Already Exists]; remaining name 'ou=People,dc=company,dc=co,dc=in'
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
     at com.sun.jndi.ldap.LdapCtx.c_bind(Unknown Source)
     at com.sun.jndi.ldap.LdapCtx.c_bind(Unknown Source)
     at com.sun.jndi.toolkit.ctx.ComponentContext.p_bind(Unknown Source)
     at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(Unknown Source)
     at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(Unknown Source)
     at javax.naming.InitialContext.bind(Unknown Source)
     at com.test.CreateUser.main(CreateUser.java:54)
I am using the following sample program to test this.
public class CreateUser {
public static void main(String[] args) {
     java.util.Hashtable env = new java.util.Hashtable();
     env.put( javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
     env.put( javax.naming.Context.PROVIDER_URL, "ldap://c-4966:62260");
     env.put( javax.naming.Context.SECURITY_AUTHENTICATION, "simple");
     env.put( javax.naming.Context.SECURITY_PRINCIPAL, "cn=Directory Manager");
     env.put( javax.naming.Context.SECURITY_CREDENTIALS, "test");
     String dn = "ou=People,dc=company,dc=co,dc=in";
     try {
     // create DirContext
     DirContext ctx = new InitialDirContext(env);
     // Attributes for new entry
     Attributes attrs = new BasicAttributes();
     Attribute attr = new BasicAttribute("objectclass");
     attr.add( 0, "top" );
     attr.add( 1, "person" );
     attr.add( 2, "organizationalPerson" );
     attr.add( 3, "inetorgperson" );
     attrs.put(attr);
     System.out.println("1...........");
     attrs.put("cn", "Sai Krishna");
     attrs.put("sn", "Potluri");
     attrs.put("givenName","Sia Potluri");
     attrs.put("uid","saipotluri");
     attrs.put("userPassword", "balaji");
     /*attr = new javax.naming.directory.BasicAttribute("mail");
     attr.add( 0, "[email protected]" );
     attr.add( 1, "[email protected]" );
     attrs.put( attr );
     attrs.put( "telephonenumber", "111-1111-3333" );*/
     System.out.println("2...........");
     ctx.bind(dn, attrs);
     } catch ( javax.naming.NamingException ex ) {
     System.err.println("Fail to Add Entry\n");
     ex.printStackTrace();
Any help is highly appreciated.
Thanks in Advance
DARMA

You're adding the entry "ou=people,dc=company,dc=co,dc=in" and not an entry under "ou=people,dc=company,dc=co,dc=in".
The dn of the new entry should be something like "cn=Sai Krishna,ou=people,dc=company,dc=co,dc=in" when you call ctx.bind(dn,...)

Error when performing search: getExtendedProperties [LDAP: error code 50

Hi there,
We are currently running OAS 10.1.2. We have an application which is running Oracle Forms. To get access to these forms, the authenication is a combination of the user logging on to their windows domain, (AD SSO) and having the correct username and groups within Oracle OID and DAS.
We have a major problem at the moment in Production where every so often a user will get rejected for having insufficient access rights, and the UserID in the logs being Null. Yet if they try again it works.
Does anyone know why this might be happening for?
Here is the Forms log :
09/07/31 06:59:32 Forms session <967> runtime process id = 10,780
09/07/31 07:02:27 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
ror code 50 - Insufficient Access Rights]
09/07/31 07:02:27 at oracle.ldap.util.User.getExtendedProperties(User.java:365)
09/07/31 07:02:27 at oracle.forms.servlet.FormsOIDContext.getUserCredentials(Unknown Source)
09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.getUserId(Unknown Source)
09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.doRequest(Unknown Source)
09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.doGet(Unknown Source)
09/07/31 07:02:27 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
09/07/31 07:02:27 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
09/07/31 07:02:27 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
09/07/31 07:02:27 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
09/07/31 07:02:27 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
09/07/31 07:02:27 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
09/07/31 07:02:27 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
09/07/31 07:02:27 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192
09/07/31 07:02:27 at java.lang.Thread.run(Thread.java:534)
09/07/31 07:02:27 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
ror code 50 - Insufficient Access Rights]
09/07/31 07:02:27 In getUserId method: caught oracle.ldap.util.AccessDeniedException: General Error when performing search: ge
tExtendedProperties [LDAP: error code 50 - Insufficient Access Rights]
09/07/31 07:02:27 In doRequest method in ue.isNamingException
09/07/31 07:02:27 Redirecting to DAS to update the resviewer list
09/07/31 07:02:27 UserID is NULL redirecting to DAS
09/07/31 07:02:27 Forms Group DNcn=Logical Application Group, orclApplicationCommonName=formsApp_dras03.workcover.qld.gov.au_63A
36930655911DBBF37F32F8ED7FD07, cn=forms, cn=Products, cn=OracleContext
09/07/31 07:02:27 The DAS URL generated: http://prinfds.workcover.qld.gov.au:7777/oiddas/ui/oracle/ldap/das/mypage/AppCreateReso
urceInfo?resKey=prcar_sso&resType=oracleDB&resViewer=cn%3DLogical+Application+Group%2C+orclApplicationCommonName%3DformsApp_dras
03.workcover.qld.gov.au_63A36930655911DBBF37F32F8ED7FD07%2C+cn%3Dforms%2C+cn%3DProducts%2C+cn%3DOracleContext&doneURL=http%3A%2F
%2Fdras03.workcover.qld.gov.au%3A7778%2Fforms%2Ffrmservlet%3Fconfig%3Dprcar_sso%26form%3DSY0001.fmx&cancelURL=
09/07/31 07:05:26 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
ror code 50 - Insufficient Access Rights]
09/07/31 07:05:26 at oracle.ldap.util.User.getExtendedProperties(User.java:365)
09/07/31 07:05:26 at oracle.forms.servlet.FormsOIDContext.getUserCredentials(Unknown Source)
09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.getUserId(Unknown Source)
09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.doRequest(Unknown Source)
09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.doGet(Unknown Source)
09/07/31 07:05:26 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
09/07/31 07:05:26 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
09/07/31 07:05:26 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
09/07/31 07:05:26 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
09/07/31 07:05:26 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
09/07/31 07:05:26 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
09/07/31 07:05:26 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
09/07/31 07:05:26 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192
09/07/31 07:05:26 at java.lang.Thread.run(Thread.java:534)
09/07/31 07:05:26 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
ror code 50 - Insufficient Access Rights]
09/07/31 07:05:26 In getUserId method: caught oracle.ldap.util.AccessDeniedException: General Error when performing search: ge
tExtendedProperties [LDAP: error code 50 - Insufficient Access Rights]
09/07/31 07:05:26 In doRequest method in ue.isNamingException

I fixed it in my environment.
formweb.cfg has oid_formsid and formsid_group_dn. Verify if these values are correct.
Also ensure that formsid_group_dn has no blank spaces after ',' (commas)
formsid_group_dn=cn=Logical Application Group,orclApplicationCommonName=formsApp_xyzhost_1224C3F0A73B11DBBFC783346A955D8F,cn=forms,cn=Products,cn=OracleContext

SGD-AD "LDAP error code 49"

Dear all,
I saw the following error in the server-login log file:
2007/07/24 15:15:03.098 (pid 2698) server/login/moreinfo #1185261303098
Loaded class com.sco.tta.server.login.LdapLoginAuthority: {
LDAPRoot=.../_ldapmulti/forest/
accountEnabledChecked=false
anonLogin=false
attemptPasswordChange=true
generalLdapProfileName=.../_ens/o=Tarantella System Objects/cn=LDAP Profile
mustChangePasswordResult[0]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 701
mustChangePasswordResult[1]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 773
mustChangePasswordResult[2]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 773
mustChangePasswordResult[3]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 773
name=com.sco.tta.server.login.LdapLoginAuthority
propAccEnabled=scottaaccountenabled
userMustChangePasswordResult=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 773
userPasswordExpiredResult=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 701
version=4.31.905
What should i do in my SGD server ?
What should i do in my AD server ?
What is the solution to resolve the error ?
Appreciate any help given.

Hi,
I am also getting the same error. Please let me explain what i have encountered.
In the active directory (version 2003), the administrator has limited the user to login to only his workstation. This has been set by putting his workstation host name or IP (which is allowed to accessed by the user) into a "log on to" list (at the user level) in Active Directory.There is another option if the administrator allow the user to be able to log on to any workstation, that is by checking the "log on to all computer" check box at that particular user id.
When my user has been set to "log on to all computer", i don't encounter the error message i.e. error code 49, as mentioned in the subject of this topic. However, when a particular user has been limited to only access to his own workstation, the error appears. However, if the Active Directory server host name or IP has been added into the "log on to" list, the authentication is successful.
My application is actually running on an application server and the user is using Internet Explorer to login to my application from his workstation. And also, the application server has been joined to the same domain as the Active Directory server. My question is, is it a must that the Active Directory server name be added to the "log on to" list of that particular user in order for it to be authenticated by Active Directory? Does anyone has any ideas why this is happening? I definitely don't want to add the AD server name into the list as this will give the user rights to login to the AD server. Any advise would be of great help. Thanks a million in advance.

LDAP Error code:32

Hi All
I configured LDAP resource adapter in IDM 6.0. I was trying to reconcile and it was throwing this error
Error iterating accounts for resource LDAP localhost:
com.waveset.util.WavesetException: There was a problem enumerating accounts com.waveset.util.WavesetException: Error iterating over objects javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]
Everything in LDAP looks good. Not able to figure out where i amde a mistake. Any help is appreciated
Thanks
sungirl

Hi
Answering my own question. There was a mistake in Base DN in resource configuration. Correcting that fixed the error.
Thanks
sungirl

LDAP: error code 20 - pwdfailuretime attribute has duplicate value

Hi!
I am working on Oracle Infra 9.0.2
I am trying to update attribute of particular user, but it gives me error as follows
05:39:46 PM: Failed to update entry cn=szuhaila, cn=test, ou=test, o=com, c=my
Root error: LDAP: error code 20 - pwdfailuretime attribute has duplicate value. VALUE: 20080609004531z
I am trying to update with Orcale Directory Manager, I have tried with an LDAp browser thru too. It gives me same error.
Can some one guide me how to over some this issue?
Thanks in advance.
Edited by: user8705646 on Aug 20, 2009 12:13 AM

did you search the LDAP server to see whether the email value you try to use already exist ? typically LDAP server do not care whether email is duplicated or not, but by default OIM server do not allow duplicated email

LDAP: error code 48 - Server is Configured to Deny Anonymous Binds

Similar Messages

Maybe you are looking for