LDAP: error code 49 - 80090308
I recently saw my log files as we were experiencing slowness in our application and found the follwoing error message :
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext
error, data 52e, v893]; remaining name 'dc=hess,dc=pri,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2549)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2523)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1904)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1809)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1734)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:328)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:313)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:238)
at com.retek.rsw.persistence.ldap.LdapRswSecurityDao.getGroupNames(LdapRswSecurityDao.java:197)
at com.retek.rsw.persistence.ldap.LdapRswSecurityDao.authenticateAndReadUser(LdapRswSecurityDao.java:92)
at com.retek.rsw.service.RswSecurity.getUser(RswSecurity.java:47)
at com.retek.rsw.ui.control.security.LoginDoneAction.perform(LoginDoneAction.java:37)
at org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1787)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1586)
at com.retek.struts.action.ActionServlet.process(ActionServlet.java:227)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
Can anyone please help me understand this message. I looked it up on the internet and it said that you DN's are not set properly, if that is the case then none of the users should be able to login then howcome users are able to login?
Thanks in Advance,
Joyce
LDAP error code 49 means that invalid credentials were provided, so perhaps the application is trying to bind with the wrong dn/password.
Similar Messages
-
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSec
I am getting [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] when executing ctx.search() command of the below source code:
public void authenticateUser() throws AuthenticationException, NamingException {
Hashtable<String, String> props = new Hashtable<String, String>();
String principalName = "dctestuser1" + "@" + "example1.com";
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
props.put("java.naming.provider.url", "dns://");
props.put(Context.REFERRAL, "follow");
props.put(Context.SECURITY_PRINCIPAL, principalName);
props.put(Context.SECURITY_CREDENTIALS, "admin@123");
props.put("com.sun.jndi.ldap.read.timeout", "90000");
try {
final DirContext ctx=LdapCtxFactory.getLdapCtxInstance("ldap://dc01.example1.com" ,props);
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE );
String userReturnedAtts[] = {"cn","member"};
ctls.setReturningAttributes(userReturnedAtts);
NamingEnumeration<SearchResult> answer =
ctx.search("DC=example2,DC=org","(&(objectclass=user)(sAMAccountName=dctestuser2)(userPassword=admin@123))",ctls);
boolean bFound = answer.hasMore();
System.out.println(bFound);
return;
} catch (CommunicationException e) {
Two domains used in this example, example1.com and example2.org exist on separate forests.
This scenario is working fine using the same credentials without any exception when tested with LDP.exe that comes with windows OS.Same exception is received when execute following search command:
ctx.search("DC=example2,DC=org","(&(objectclass=user)(sAMAccountName=dctestuser2))",ctls); -
Javax.naming.AuthenticationException [LDAP: error code 49 - 80090308
i am getting a problem in connection.
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
plz suggestsatish_dhn wrote:
plz suggesterr code 49 means problem with login credentials.
"525" (between "data" and "vece" ) means user not found. -
Dear all,
I saw the following error in the server-login log file:
2007/07/24 15:15:03.098 (pid 2698) server/login/moreinfo #1185261303098
Loaded class com.sco.tta.server.login.LdapLoginAuthority: {
LDAPRoot=.../_ldapmulti/forest/
accountEnabledChecked=false
anonLogin=false
attemptPasswordChange=true
generalLdapProfileName=.../_ens/o=Tarantella System Objects/cn=LDAP Profile
mustChangePasswordResult[0]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 701
mustChangePasswordResult[1]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 773
mustChangePasswordResult[2]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 773
mustChangePasswordResult[3]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 773
name=com.sco.tta.server.login.LdapLoginAuthority
propAccEnabled=scottaaccountenabled
userMustChangePasswordResult=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 773
userPasswordExpiredResult=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 701
version=4.31.905
What should i do in my SGD server ?
What should i do in my AD server ?
What is the solution to resolve the error ?
Appreciate any help given.Hi,
I am also getting the same error. Please let me explain what i have encountered.
In the active directory (version 2003), the administrator has limited the user to login to only his workstation. This has been set by putting his workstation host name or IP (which is allowed to accessed by the user) into a "log on to" list (at the user level) in Active Directory.There is another option if the administrator allow the user to be able to log on to any workstation, that is by checking the "log on to all computer" check box at that particular user id.
When my user has been set to "log on to all computer", i don't encounter the error message i.e. error code 49, as mentioned in the subject of this topic. However, when a particular user has been limited to only access to his own workstation, the error appears. However, if the Active Directory server host name or IP has been added into the "log on to" list, the authentication is successful.
My application is actually running on an application server and the user is using Internet Explorer to login to my application from his workstation. And also, the application server has been joined to the same domain as the Active Directory server. My question is, is it a must that the Active Directory server name be added to the "log on to" list of that particular user in order for it to be authenticated by Active Directory? Does anyone has any ideas why this is happening? I definitely don't want to add the AD server name into the list as this will give the user rights to login to the AD server. Any advise would be of great help. Thanks a million in advance. -
Hi,
I am testing a single sign-on with spnego configuration. When I run diagtool spnego.conf, I always get this error.
Error connecting to the LDAP server
[EXCEPTION]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece�]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at com.sap.engine.config.diagtool.lib.ldap.LDAPServer.connect(LDAPServer.java:99)
at com.sap.engine.config.diagtool.tests.authentication.krb.MSActiveDirectoryKrbTest.checkServiceUser(MSActiveDirectoryKrbTest.java:153)
at com.sap.engine.config.diagtool.tests.authentication.krb.MSActiveDirectoryKrbTest.execute(MSActiveDirectoryKrbTest.java:127)
at com.sap.engine.config.diagtool.Task.execute(Task.java:55)
at com.sap.engine.config.diagtool.Launcher.run(Launcher.java:343)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.engine.config.diagtool.Launcher.main(Launcher.java:394)
Please help me to figure out what's wrong, and I would greatly appreciate that.
Regards,
-NapadolHello,
You have implemented a trusted domain tree configured with a cross-referrals in order to forward the DNs to another LDAP within the domain. Most probably you login onto an LDAP server that forwards the search request (aka the logon request). As the LDAP connection is not configured against referrals, the authentication to LDAP fails.
for more details, see http://support.microsoft.com/kb/241737
This is a known issue on the DiagTool that the SAP NW Security Developers currently investigate.
Please use the WebDiagtool for root cause analysis. It provides the same functionality. If you'd like to collect the user data from the LDAP server (as the DiagTool does it automatically), please use ldifde command directly on the MS host.
Cheers,
Tsvetomir -
Synchronization errors with AD: LDAP error code 65 : orclObjectSid
I'm trying to get synchronization working - importing data from Microsoft AD.
The bootstrap seemed to go ok, and the synchronization is up and running - but I still get errors in the profile's trace file as follows at the end of this post.
The error always seem to complain about the orclObjectSid attribute
Do I need to do anything to the OID schema?
Or is this a mapping problem?
Either way, how would I correct this error?
Thanks!!
Howard Dickins
Here's an example of the errors I'm getting:
DN : dc=connectutilities,dc=co,dc=uk
Normalized DN : dc=connectutilities,dc=co,dc=uk
Processing modifyRadd Operation ..
Proceeding with checkNReplace..
Performing checkNReplace..
Naming attribute: dc
Naming attribute value: dc
Naming attribute value: orclObjectSID
Adding Attribute in OID : orclObjectSID
Naming attribute value: orclobjectguid
Adding Attribute in OID : orclobjectguid
Total # of Mod Items : 2
Exception Modifying Entry : javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find orclobjectsid in mandatory or optional attribute list.]; remaining name 'dc=connectutilities,dc=co,dc=uk'
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find orclobjectsid in mandatory or optional attribute list.]; remaining name 'dc=connectutilities,dc=co,dc=uk'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1440)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:146)
at oracle.ldap.odip.gsi.LDAPWriter.checkNReplace(LDAPWriter.java:839)
at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:717)
at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:310)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:581)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
[LDAP: error code 65 - Failed to find orclobjectsid in mandatory or optional attribute list.]
Entry Not Found. Converting to an ADD op..
Processing Insert Operation ..
Performing createEntry..
Exception creating Entry : javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find orclobjectsid in mandatory or optional attribute list.]; remaining name 'dc=connectutilities,dc=co,dc=uk'
[LDAP: error code 65 - Failed to find orclobjectsid in mandatory or optional attribute list.]
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find orclobjectsid in mandatory or optional attribute list.]; remaining name 'dc=connectutilities,dc=co,dc=uk'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:777)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:176)
at oracle.ldap.odip.gsi.LDAPWriter.createEntry(LDAPWriter.java:1031)
at oracle.ldap.odip.gsi.LDAPWriter.insert(LDAPWriter.java:386)
at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:725)
at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:310)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:581)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
DIP_LDAPWRITER_ERROR_CREATE
Error in executing mapping DIP_LDAPWRITER_ERROR_CREATE
DIP_LDAPWRITER_ERROR_CREATE
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:722)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
DIP_LDAPWRITER_ERROR_CREATE
AD_OID_Import:Error in Mapping EngineDIP_LDAPWRITER_ERROR_CREATE
DIP_LDAPWRITER_ERROR_CREATE
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:741)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
AD_OID_Import:about to Update exec status
Updated Attributes
orclodipLastExecutionTime: 20090617062658
orclodipConDirLastAppliedChgNum: 12242192
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors:
Sleeping for 1secs
LDAP URL : (inexus-srv01:389 oracleextract
Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
LDAP Connection success
Applied ChangeNum : 12242192Available chg num = 12245972
Reader Initialised !!
LDAP URL : (inexus-srv34:389 cn=odisrv+orclhostname=inexus-srv34,cn=registered instances,cn=directory integration platform,cn=products,cn=oraclecontext
Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
LDAP Connection success
Writer Initialised!!
Writer proxy connection initialised!!
MapEngine Initialised!!
Filter Initialised!!
searchF :
CHGLOGFILTER : (&(USNChanged>=12242193)(USNChanged<=12242692))
Search Time 0
Search Successful till # 12242692
Search Changes Done
Changenumber uSNChanged: 12242193
targetdn distinguishedName: DC=connectutilities,DC=co,DC=uk
ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: dc=connectutilities,dc=co,dc=uk
Attributes:
Class: null Name: objectGUID Type: null ChgType: REPLACE Value: [[B@1c999c4]
Class: null Name: objectSid Type: null ChgType: REPLACE Value: [[B@8e5360]
Class: null Name: dc Type: null ChgType: REPLACE Value: [connectutilities]
Class: null Name: objectClass Type: nonbinary ChgType: REPLACE Value: [top, domain, domainDNS]
-----------I found a solution - I added the offending attribute orclObjectSid to the domain objectClass as an optional attribute.
It was a bit of a "clutching at straws" solution - but it does seem to have worked.
I'm not sure why the data being imported had such a value, but the synchronization hasn't thrown up any further errors since then.
Thanks for your help everyone.
Howard -
Error while create user in LDAP - LDAP: error code 1
Hi Guy's, I am getting below error while creating user in LDAP MS AD.
cn=3001,ou=sAP_IDM,dc=springswf,dc=comcn<mx:TEXT>putNextEntry failed storingOU=SAP_IDM,DC=springswf,DC=com</mx:TEXT>
<mx:LTEXT>Exception from Add operation:javaxnaming.NamingException: {LDAP: error code 1 = 00000000: LdapErr: DSID-OC090AE2, coment: In order to perform this operation a successful bind must be completed on the connection.,data0,vece
Steps I am following:
1. create a job through wizard and pick from (IC->jobs->Active Directory->Create Active Directory User)
2. Destination tab values that I am passing:
dn: cn=Dummyuser,ou=SAP_IDM,dc=<main domain>,dc=com
objectClass: top|person|organizationalPerson|user
sn: Surname
givenName: GivenName
displayName: Dummy user displayname
Under <main domain> an OU has been created called SAP_IDM for testing user creation from IDM.
Admin user account created called <XYZ> and has full control over SAP_IDM OU.
I am passing <XYZ> credentials into my job for user creation.
Thanks for you help!Farhan,
Based on the error message presented,
In order to perform this operation a successful bind must be completed on the connection
Make sure that you're using the correct information to do the AD Bind. User name should be something like cn=administrator,cn=users,dc=xxx,dc=xxx and the proper password.
Matt -
Install OCS 10.1.2 Infra DB failed with LDAP: error code 16 on Workspaces
during install OCS Infrastructure DB OCS have error:
... processed key-value: logfile=/oracle/product/dbocs/workspaces/logs/cw_config_backend.log
... processed key-value: action=setup_backend
... processed key-value: oh=/oracle/product/dbocs
... processed key-value: oid=oid.domain
... processed key-value: oid_port=389
... processed key-value: oid_user_dn=cn=orcladmin
... processed key-value: oid_passwd=xxxxxx
... processed key-value: db_sn=ocs.domain
... processed key-value: dba_user=sys
... processed key-value: dba_passwd=xxxxxx
... processed key-value: cw_db_passwd=xxxxxx
Attempting to set logfile to: /oracle/product/dbocs/workspaces/logs/cw_config_backend.log
Processed oh=/oracle/product/dbocs
BACKEND installation ...
... Trying to lookup database dn
... Obtain OID connection
...... Can not obtain OID ssl port.
...... OID port = "389"
...... Trying to establish a non-ssl connection. OID host "oid.domain", OID port "389", OID user dn "cn=orcladmin".
... OID connection created.
...... You must specify either db_dn or db_sn.
...... ldap search filter "(&(objectclass=orcldbserver)(orcldbglobalname=ocs.domain))"
...... Succesfully located database dn "cn=ocs,cn=OracleContext".
...... Database dn = "cn=ocs,cn=OracleContext"
... Validating existence and version of CW schema: "CWSYS" in database: "cn=ocs,cn=OracleContext".
... Obtain JDBC connect string
... JDBC connect string = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
...derived: "jdbc_str=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))".
Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
Unlocking schema and setting passwd: "CWSYS/xxxxxx".
Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
... Checking Workspaces container.
... Container "cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext" already exist.
... Finish checking Workspaces container.
... Trying to create backend application entity in OID
...... Database dn = "cn=ocs,cn=OracleContext"
...... Backend entity name = "ocs"
...... Backend entity dn = "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext"
... Backend entries already exist. Cleanup old entries.
deregisterProvisioningListener ...
app dn = orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext
subscriber = dc=domain,dc=com
... Trying to remove entity "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext".
... Deleting "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext"
Adding Workspaces application entity to: cn=Service Registry Viewers,cn=Groups,cn=OracleContext
Adding Workspaces application entity to: cn=Service Registry Admins,cn=Groups,cn=OracleContext
... Insufficient privilege to create application entity "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext". Please check the user DN and password.
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
oracle.workspaces.install.CwCAException: Error while executing action: "setup_backend"
Caused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]
at oracle.workspaces.install.CwConfig.run(CwConfig.java:639)
at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
Caused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
... 1 more
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
What should i do?
help.
Thanksclosed
Re: Install OCS 10.1.2 Infra DB failed with LDAP: error code 16 on Workspac -
OID - LDAP:error code 19 -Admin domain
Exception creating Entry : javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - Admin domain does not contain schema information for objectclass person.]; remaining name 'cn=oriondes,ou=servidoresmiembro,ou=internos,cn=users,dc=superfinanciera,dc=gov,dc=co'
[LDAP: error code 19 - Admin domain does not contain schema information for objectclass person.]
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - Admin domain does not contain schema information for objectclass person.]; remaining name 'cn=oriondes,ou=servidoresmiembro,ou=internos,cn=users,dc=superfinanciera,dc=gov,dc=co'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3001)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:777)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:176)
at oracle.ldap.odip.gsi.LDAPWriter.createEntry(LDAPWriter.java:1056)
at oracle.ldap.odip.gsi.LDAPWriter.insert(LDAPWriter.java:409)
at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:748)
at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:335)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:581)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
DIP_LDAPWRITER_ERROR_CREATE
DIP_LDAPWRITER_ERROR_CREATE
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:722)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
DIP_LDAPWRITER_ERROR_CREATE
ActiveChgImp:Error in Mapping EngineDIP_LDAPWRITER_ERROR_CREATE
DIP_LDAPWRITER_ERROR_CREATE
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:741)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
ActiveChgImp:about to Update exec status
Updated Attributes
orclodipLastExecutionTime: 20100906150632
orclodipConDirLastAppliedChgNum: 34086144
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not AttemptedHi,
Please let me know if this has been resolved. Also, please post the solution if you find any.
-Mahendra. -
LDAP Error code 65 - givenName
I have tried dozens of things and reviewed many metalink documents, but none of them seem to zero in on my exact issue. Can someone please tell me why it is unable to map the givenName attribute. I have verified that inetOrgPerson is the correct objectclass to map this attribute, so I really don't understand.
My mapping is as follows:
givenName: : :person:givenName: :inetorgperson
Here is the details from my import.trc file.
Command exec succesful
LDAP URL : (server.mycompanyenergy.com:port : 389cn=AdminOID,cn=users,dc=mycompanyenergy,dc=com
LDAP Connection success
LDAP URL : (server.mycompanyenergy.com:389 cn=AdminOID,cn=users,dc=mycompanyenergy,dc=com
Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
LDAP Connection success
Last Cookie:TVNEUwMAAAAZWAkygJLLAQAAAAAAAAAAGAEAAMxcJgAAAAAAAAAAAAAAAADMXCYAAAAAAIYe+wZstEBBmZS0D5tgsHIBAAAAAAAAAAsAAAAAAAAAhh77Bmy0QEGZlLQPm2CwctRcJgAAAAAAyXc5FZpI0EKT2vApaqLf0QbybAAAAAAAxQ7dMLsVXEORsgFd1HJd4/OvhAAAAAAAEX6EMgTxVk+GUsZbGZvEYEyIgwAAAAAAUt0eQY/5c0+YwrHTuSWj6oi+iwMAAAAA8fdCZEQBBUS7GM7m8LxW3eFvqwEAAAAADFg9fo0Mhk6gjY+SsJSaYh4NLgAAAAAArLDumHJ2NEyD4z8FAKGRU4p0AAAAAAAAC+CWoJbJsk2lkF9r8XwUKGZ+bwAAAAAA5ABDre7ZDU+vzdZhaHJCR8EsAQAAAAAAVUA8umstpEaHIpGN0a8S124iCAAAAAAA
Last IgnoreCnt:0
Reader Initialised !!
LDAP URL : (drsnt17.mycompanyenergy.com:389 cn=odisrv+orclhostname=DRSNT17,cn=registered instances,cn=directory comegration platform,cn=products,cn=oraclecontext
Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
LDAP Connection success
Writer Initialised!!
Writer proxy connection initialised!!
MapEngine Initialised!!
Filter Initialised!!
searchF : (|(objectclass=organizationalunit)(&(objectclass=user)(userprincipalname=*)(!(objectclass=computer)))(isDeleted=TRUE))
searchF : (|(objectclass=organizationalunit)(&(objectclass=user)(userprincipalname=*)(!(objectclass=computer)))(isDeleted=TRUE))
Search Time 63
Search Changes Done
Value of mIgnoreCnt: 0
ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: CN=AdminGEL,CN=Users,DC=mycompanyenergy,DC=com
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [top, person, organizationalPerson, user]
Class: null Name: objectguid Type: null ChgType: REPLACE Value: [[B@39443f]
Source ChangeRecord Created
MAPPING : Source Change Record : ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: CN=AdminGEL,CN=Users,DC=mycompanyenergy,DC=com
Attributes:
Class: null Name: CN Type: null ChgType: Value: [AdminGEL]
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [top, person, organizationalPerson, user]
Class: null Name: objectguid Type: null ChgType: REPLACE Value: [[B@39443f]
MAPPING: Attributes - Start
MAPPING: Processing Map Rule : 7
MAPPING: Processing Map Rule : 7
Value is empty after evaluation of mapping rule
MAPPING: Processing Map Rule : 8
MAPPING: Processing Map Rule : 8
MAPPING: Processing Map Rule : 7
MAPPING: DstChangeRecord after Attribute Mapping : ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: CN=AdminGEL,CN=Users,DC=mycompanyenergy,DC=com
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [orcladuser, orcluserv2]
Class: null Name: orclSAMAccountName Type: null ChgType: NOCHANGE Value: [$ ]
Class: null Name: krbPrincipalName Type: null ChgType: NOCHANGE Value: [@ ]
Class: null Name: orclObjectGUID Type: null ChgType: REPLACE Value: [s+86AiXo4EW5VplAtIXjkQ==]
Not able to construct DN
MAPPING : Dst Change Record : ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: *
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [orcladuser, orcluserv2]
Class: null Name: orclSAMAccountName Type: null ChgType: NOCHANGE Value: [$ ]
Class: null Name: krbPrincipalName Type: null ChgType: NOCHANGE Value: [@ ]
Class: null Name: orclObjectGUID Type: null ChgType: REPLACE Value: [s+86AiXo4EW5VplAtIXjkQ==]
Output ChangeRecord ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: *
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [orcladuser, orcluserv2]
Class: null Name: orclSAMAccountName Type: null ChgType: NOCHANGE Value: [$ ]
Class: null Name: krbPrincipalName Type: null ChgType: NOCHANGE Value: [@ ]
Class: null Name: orclObjectGUID Type: null ChgType: REPLACE Value: [s+86AiXo4EW5VplAtIXjkQ==]
DN : *
Normalized DN : cn=admingel,ou=oidusers,cn=users,dc=mycompanyenergy,dc=com
Changetype is 5
Processing modifyRadd Operation ..
Proceeding with checkNReplace..
Performing checkNReplace..
Naming attribute: cn
Naming attribute value: orclObjectGUID
Naming attribute value: objectclass
Total # of Mod Items : 1
Exception Modifying Entry : javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find givenname in mandatory or optional attribute list.]; remaining name 'cn=admingel,ou=oidusers,cn=users,dc=mycompanyenergy,dc=com'
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find givenname in mandatory or optional attribute list.]; remaining name 'cn=admingel,ou=oidusers,cn=users,dc=mycompanyenergy,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1440)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:146)
at oracle.ldap.odip.gsi.LDAPWriter.checkNReplace(LDAPWriter.java:862)
at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:740)
at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:335)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:581)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
[LDAP: error code 65 - Failed to find givenname in mandatory or optional attribute list.]
Entry Not Found. Converting to an ADD op..
Processing Insert Operation ..
Performing createEntry..
Exception creating Entry : javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find cn in mandatory or optional attribute list.]; remaining name 'cn=admingel,ou=oidusers,cn=users,dc=mycompanyenergy,dc=com'
[LDAP: error code 65 - Failed to find cn in mandatory or optional attribute list.]
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find cn in mandatory or optional attribute list.]; remaining name 'cn=admingel,ou=oidusers,cn=users,dc=mycompanyenergy,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:777)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:176)
at oracle.ldap.odip.gsi.LDAPWriter.createEntry(LDAPWriter.java:1054)
at oracle.ldap.odip.gsi.LDAPWriter.insert(LDAPWriter.java:409)
at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:748)
at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:335)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:581)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
DIP_LDAPWRITER_ERROR_CREATE
Error in executing mapping DIP_LDAPWRITER_ERROR_CREATE
DIP_LDAPWRITER_ERROR_CREATE
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:722)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
DIP_LDAPWRITER_ERROR_CREATE
Last chg key: TVNEUwMAAAAZWAkygJLLAQAAAAAAAAAAGAEAAMxcJgAAAAAAAAAAAAAAAADMXCYAAAAAAIYe+wZstEBBmZS0D5tgsHIBAAAAAAAAAAsAAAAAAAAAhh77Bmy0QEGZlLQPm2CwctRcJgAAAAAAyXc5FZpI0EKT2vApaqLf0QbybAAAAAAAxQ7dMLsVXEORsgFd1HJd4/OvhAAAAAAAEX6EMgTxVk+GUsZbGZvEYEyIgwAAAAAAUt0eQY/5c0+YwrHTuSWj6oi+iwMAAAAA8fdCZEQBBUS7GM7m8LxW3eFvqwEAAAAADFg9fo0Mhk6gjY+SsJSaYh4NLgAAAAAArLDumHJ2NEyD4z8FAKGRU4p0AAAAAAAAC+CWoJbJsk2lkF9r8XwUKGZ+bwAAAAAA5ABDre7ZDU+vzdZhaHJCR8EsAQAAAAAAVUA8umstpEaHIpGN0a8S124iCAAAAAAA
ActiveImport:Error in Mapping EngineDIP_LDAPWRITER_ERROR_CREATE
DIP_LDAPWRITER_ERROR_CREATE
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:741)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
ActiveImport:about to Update exec status
Updated Attributes
orclodipLastExecutionTime: 20101208201740
orclodipConDirLastAppliedChgNum: TVNEUwMAAAAZWAkygJLLAQAAAAAAAAAAGAEAAMxcJgAAAAAAAAAAAAAAAADMXCYAAAAAAIYe+wZstEBBmZS0D5tgsHIBAAAAAAAAAAsAAAAAAAAAhh77Bmy0QEGZlLQPm2CwctRcJgAAAAAAyXc5FZpI0EKT2vApaqLf0QbybAAAAAAAxQ7dMLsVXEORsgFd1HJd4/OvhAAAAAAAEX6EMgTxVk+GUsZbGZvEYEyIgwAAAAAAUt0eQY/5c0+YwrHTuSWj6oi+iwMAAAAA8fdCZEQBBUS7GM7m8LxW3eFvqwEAAAAADFg9fo0Mhk6gjY+SsJSaYh4NLgAAAAAArLDumHJ2NEyD4z8FAKGRU4p0AAAAAAAAC+CWoJbJsk2lkF9r8XwUKGZ+bwAAAAAA5ABDre7ZDU+vzdZhaHJCR8EsAQAAAAAAVUA8umstpEaHIpGN0a8S124iCAAAAAAA
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors:
Sleeping for 1secsIs there anyone who can help? I am getting the error on krbprincipalname now. Here is the mapping of the change record, I can't determine where the problem is.
ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: CN=AdminGEL,CN=Users,DC=mycompany,DC=com
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [top, person, organizationalPerson, user]
Class: null Name: objectguid Type: null ChgType: REPLACE Value: [[B@edc3a2]
Source ChangeRecord Created
MAPPING : Source Change Record : ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: CN=AdminGEL,CN=Users,DC=mycompany,DC=com
Attributes:
Class: null Name: CN Type: null ChgType: Value: [AdminGEL]
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [top, person, organizationalPerson, user]
Class: null Name: objectguid Type: null ChgType: REPLACE Value: [[B@edc3a2]
MAPPING: Attributes - Start
MAPPING: Processing Map Rule : 7
MAPPING: Processing Map Rule : 7
Value is empty after evaluation of mapping rule
MAPPING: Processing Map Rule : 8
MAPPING: Processing Map Rule : 7
MAPPING: DstChangeRecord after Attribute Mapping : ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: CN=AdminGEL,CN=Users,DC=mycompany,DC=com
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [orcladuser]
Class: null Name: orclSAMAccountName Type: null ChgType: NOCHANGE Value: [$ ]
Class: null Name: orclObjectGUID Type: null ChgType: REPLACE Value: [s+86AiXo4EW5VplAtIXjkQ==]
Not able to construct DN
MAPPING : Dst Change Record : ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: *
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [orcladuser]
Class: null Name: orclSAMAccountName Type: null ChgType: NOCHANGE Value: [$ ]
Class: null Name: orclObjectGUID Type: null ChgType: REPLACE Value: [s+86AiXo4EW5VplAtIXjkQ==]
Output ChangeRecord ChangeRecord : ----------
Changetype: ADDRMODIFY
ChangeKey: *
Attributes:
Class: null Name: objectclass Type: null ChgType: REPLACE Value: [orcladuser]
Class: null Name: orclSAMAccountName Type: null ChgType: NOCHANGE Value: [$ ]
Class: null Name: orclObjectGUID Type: null ChgType: REPLACE Value: [s+86AiXo4EW5VplAtIXjkQ==]
DN : *
Normalized DN : cn=admingel,ou=oidusers,cn=users,dc=mycompany,dc=com
Changetype is 5
Processing modifyRadd Operation ..
Proceeding with checkNReplace..
Performing checkNReplace..
Naming attribute: cn
Naming attribute value: orclObjectGUID
Naming attribute value: objectclass
Total # of Mod Items : 1
Exception Modifying Entry : javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find krbprincipalname in mandatory or optional attribute list.]; remaining name 'cn=admingel,ou=oidusers,cn=users,dc=mycompany,dc=com'
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find krbprincipalname in mandatory or optional attribute list.]; remaining name 'cn=admingel,ou=oidusers,cn=users,dc=mycompany,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1440)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:146)
at oracle.ldap.odip.gsi.LDAPWriter.checkNReplace(LDAPWriter.java:862)
at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:740)
at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:335)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:581)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
[LDAP: error code 65 - Failed to find krbprincipalname in mandatory or optional attribute list.]
Based on the objects attributes list, the krbprincipalname is part of the orcluserv2 object class, so the mapping should be fine.
objectclasses: ( 2.16.840.1.113894.1.2.52 NAME 'orclUserV2' SUP 'top' AUXILIAR
Y MAY ( orclHireDate $ orclDateOfBirth $ orclMaidenName $ orclIsVisible $ or
clDisplayPersonalInfo $ middleName $ orclDefaultProfileGroup $ c $ orclTimeZ
one $ orclIsEnabled $ orclPasswordHintAnswer $ orclPasswordHint $ orclWorkfl
owNotificationPref $ orclTimeZone $ c $ orclActiveStartDate $ orclActiveEndD
ate $ orclGender $ userPKCS12 $ orclPKCS12Hint $ orclPassword $ authPassword
$ orclPasswordVerifier $ orclSecondaryUID $ krbPrincipalName $ orclWireless
AccountNumber $ orclUIAccessibilityMode $ assistant $ orclSAMAccountName $ o
rclUserProvMode ) ) -
Hitting error LDAP: error code 20 - mail attribute has duplicate value.
Hi ,
Anyone faced this issue before LDAP: error code 20 - mail attribute has duplicate value. We are getting this error intermittently in oid logs and
and due to that provisioning stuck . I know that the issue due to the object class mismatch in attributes. But map profile looks fine . Anything else need to check ?
SSO verion 10.4.1.3 and DB version 10g .
javax.naming.directory.AttributeInUseException: [LDAP: error code 20 - mail attribute has duplicate value.]; remaining name 'uid=abc,cn=users,dc=xyz ,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2972)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1440)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:146)
at oracle.ldap.odip.gsi.LDAPWriter.modify(LDAPWriter.java:479)
at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:318)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:656)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
DIP_LDAPWRITER_ERROR_MODIFY
Error in executing mapping DIP_LDAPWRITER_ERROR_MODIFY
DIP_LDAPWRITER_ERROR_MODIFY
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:830)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
DIP_LDAPWRITER_ERROR_MODIFY
Setting Change Success Count : 27682
Setting Change Failure Count : 11004
CDSImportProfile:Error in Mapping EngineDIP_LDAPWRITER_ERROR_MODIFY
DIP_LDAPWRITER_ERROR_MODIFY
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:851)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
CDSImportProfile:about to Update exec statusdid you search the LDAP server to see whether the email value you try to use already exist ? typically LDAP server do not care whether email is duplicated or not, but by default OIM server do not allow duplicated email
-
Hi,
I am getting the following error when I try to do a search on an ldap (AD LDS) database:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=AppPartFE,DC=com'
]; remaining name 'cn=Users,dc=AppPartFE,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at Test.<init>(Test.java:70)
at Test.main(Test.java:118)
I can bind successfully using either the userPrincipalName (UPN) or the Distinguished Name (DN), however my search is failing.
It is almost as if I am connected to the db tree at the wrong place. Do I need a different search scope?
I appreciate any assistance you can provide.
Here is my code:
import java.util.*;
import static java.lang.System.err;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class Test
public Test()
Properties prop = new Properties();
prop.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
prop.put("java.naming.provider.url", "ldap://MyHost.Mydomain.labs.CompanyX.com:50004");
String strProviderUrl = "ldap://MyHost.Mydomain.labs.CompanyX.com:50004";
// Can successfully bind with the userPrincipalName in AD LDS
//prop.put("java.naming.security.principal", "[email protected]");
// Can successfully bind with Distinguished Name
// Note: the string is case insensitive and embedded blank after a comma is not a problem
prop.put("java.naming.security.principal", "cn=tst0001,cn=Users,dc=AppPartFE,dc=com");
prop.put("java.naming.security.credentials", "password");
try {
LdapContext ctx = new InitialLdapContext(prop, null);
System.out.println("Bind successful");
//I am successful to this point....
//now try doing a search on another user
String strFilter = "(&(objectClass=userProxy)(sAMAccountName=tst0001))";
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); //works with object class=* to find top partition node
NamingEnumeration<SearchResult> results = ctx.search("cn=Users,dc=AppPartFE,dc=com", strFilter, searchControls);
SearchResult searchResult = null;
if(results.hasMoreElements()) {
searchResult = (SearchResult) results.nextElement();
//make sure there is not another item available, there should be only 1 match
if(results.hasMoreElements()) {
System.err.println("Matched multiple users for the accountName");
catch (NamingException ex) {
ex.printStackTrace();
public static void main(String[] args)
Test ldaptest = new Test();Because you are specifiying a base distinguished name in your ldap url, the ldap context will be rooted at that context and all subsequent objects will be relative to that base distinguished name.//connect to my domain controller
String ldapURL = "ldaps://rhein:636/dc=bodensee,dc=de";andString userName = "CN=verena bit,OU=Lehrer,OU=ASR,DC=bodensee,DC=de";results in an fully distinguished name of:CN=verena bit,OU=Lehrer,OU=ASR,DC=bodensee,DC=de,dc=bodensee,dc=deEither specify your ldap url asString ldapURL = "ldaps://rhein:636";and leave your username as is, or specify the user object relative to the base distinguished name in the ldapurlString userName = "CN=verena bit,OU=Lehrer,OU=ASR"; -
LDAP: error code 53 - Function Not Implemented
Hi All,
While doing search on Oracle internet directory server(oracle ldap server),
we are getting following exception.
Exception
in thread "main" javax.naming.OperationNotSupportedException: [LDAP:
error code 53 - Function Not Implemented]; remaining name
'ou=people,dc=test,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3058)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at DifferentSearches.doFilterSearch(DifferentSearches.java:99)
at DifferentSearches.main(DifferentSearches.java:23)
Following is the code -
code:
DirContext ctx= getDirContext();
SearchControls ctls = new SearchControls();
ctls. setReturningObjFlag (true);
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String filter = "(displayname=chandra)";
NamingEnumeration answer = ctx.search("ou=people,dc=test,dc=com", filter, ctls);
formatResults(answer);
ctx.close();
When we search on the added attributes (like currentsession count) it works
fine. For this we had to enable index in OID on this field. But this is
not possible for the default attributes. OID does not provide a way to
enable indexing on these attributes. Could someone please let us know
how we can search on default attributes ?
Regards
Rahul
Edited by: Rahul_Sonawale on Oct 17, 2008 4:26 AMThanks Rajiv for reply.
I had read that thread before posting this. However, this is lightly different.
From other sites I can see that if it's caused by indexing, the error msg would say so and also tell you which attribute it is.
Some one suggested it's OID dropping the database connections intermittantly and should check both CRS ORACLE_HOME and RDBMS ORACLE_HOME have SQLNET.EXPIRE_TIME set and check the TNS and alert logs on the DB side for any other possible connection failure.
From some OID log we do see it has lost database connection:
OID logs in /u01/oid/oid_inst/diagnostics/logs/OID/oid1 :
ConnID:76 mesgID:2 OpID:1 OpName:search ConnIP:10.244.87.239 ConnDN:cn=policyrwuser,cn=users,dc=us,dc=oracle,dc=com
[gsldecfsFetchEntries] ORA error 3135: ORA-03135: connection lost contact
Process ID: 29973
Session ID: 164 Serial number: 3
I should post another thread for oid lost db connection. -
Use of LdapRealm results in [LDAP: error code 32 - No Such Object]
Hi,
I'm testing with the example 'basic-auth' of the SJSAS7 2004Q2 with the LdapRealm.
This little test app can successfully authenticate my user against LDAP.
package de.zdf.qmv.helloworld.test;
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
public class TestLdap {
public static void main(String[] args) {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://123.123.123.123:389/o=aaa");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "uid=myuser,ou=ddd,o=ccc,o=bbb,o=aaa");
env.put(Context.SECURITY_CREDENTIALS, "mypwd");
try {
DirContext ctx = new InitialDirContext(env);
ctx.close();
} catch (Exception e) {
e.printStackTrace();
}But when I try to use these Settings for the LDAP Security Realms in the AppServer it doesn't work.
<auth-realm name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
<property value="ldap://123.123.123.123:389/o=aaa" name="directory"/>
<property value="ou=ddd,o=ccc,o=bbb,o=aaa" name="base-dn"/>
<property value="ldapRealm" name="jaas-context"/>
</auth-realm>I get this error:
AM: Processing login with credentials of type: class com.sun.enterprise.security.auth.login.PasswordCredential
FEIN: Logging in user [myuser] into realm: ldap using JAAS module: ldapRealm
AM: Login module initialized: class com.iplanet.ias.security.auth.login.LDAPLoginModule
AM: search: baseDN: ou=ddd,o=ccc,o=bbb,o=aaa filter: uid=myuser
WARNUNG: SEC1106: Error during LDAP search with filter [uid=myuser].
WARNUNG: SEC1000: Caught exception.
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=ddd,o=ccc,o=bbb,o=aaa'Is the base-dn of the LDAP Security Realms properties the equivalent to the SECURITY_PRINCIPAL (without uid= )?
Is there a missing property in the LDAP Security Realms properties to get this work?
Thanks for your helpI have the same error with my code...
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost");
Context ctx = new InitialContext(env);
SQLServerDataSource mds = new SQLServerDataSource();
ctx.bind("jdbc/, mds);
// ERROR!!!!LDAP: error code 32 - No Such Object
I just installed the qcslapd.exe, running qcslapd -debug i get the result:
20030514 14:28:13 conn=6 fd=2 connection from e700 (127.0.0.1)
20030514 14:28:13 conn=6 op=0 BIND dn="" method=128
20030514 14:28:13 unknown version 3
20030514 14:28:13 conn=6 op=1 BIND dn="" method=128
20030514 14:28:13 conn=6 op=0 RESULT err=2 tag=97 nentries=0
20030514 14:28:13 conn=6 op=1 RESULT err=0 tag=97 nentries=0
20030514 14:28:13 conn=6 op=2 SRCH base="jdbc" scope=0 filter="(objectclass=*)"
20030514 14:28:14 conn=6 op=2 RESULT err=32 tag=101 nentries=0
can you help... HELP -
OID - OperationalNotSupportedException: [LDAP: error code 53 - Server ... ]
Hi,
I'm using JNDI (Java Native Directory Interface) accessing OID, and I received a javax.naming.OperationalNotSupportedException: [LDAP: error code 53 - Server currently in read only mode. Update operations not allowed];
I am not sure what's wrong.
I tried the following command
"./ldapsearch -b "" -s base "objectclass=*" orclservermode" The returned result is "orclservermode=rw"
So it is in read-write mode. I'm not sure what's wrong.
This started happen after I apply the 10.1.4.2.0 patch.Unfortunately I am not an OID expert so I can't really comment on the OID server part of the problem.
What I actually have plenty of experience of is the JNDI package and there has been a number of times when the error messages produced by JNDI have been cryptic or simply wrong. I would recommend sniffing the LDAP connection and check what error messages are actually created by the OID server.
Good luck!
/M
Maybe you are looking for
-
updated to iTunes 10.7 from app Store last night. After the update, iTunes opens then stalls with the "spinning pizza wheel". Force Quit is unresponsive and will not shut it down. If I then open other applications say Safari for example, the problem
-
How can I reference a dtd in the Web-Inf directory from an xml file?
Hi, I've placed my test.xml and test.dtd files in the following direcory (part of my web application) weblogic\config\MyDomain\applications\sample\Web-inf When I refer to the dtd from the xml file, as follows, <?xml version="1.0" encoding="ISO-8859-1
-
[GS70] Some of my keyboard keys type a random sequence of characters
On my GS70 when I press some keys it presses multiple keys, leading to weird behavior. I tested this with the macro functionality of the steelseries engine. When I press backspace it types: backspace + \ + reserved + reserved + F1 + Delete When I pre
-
Run CF10 Developer in Standard Edition mode
Is there a way to run ColdFusion 10 Developer in Standard mode for testing? My main concern is the Oracle drivers and if the standard edition will meet our needs, but would like to test it before purchasing what could be the incorrect license.
-
Hi, I am new to OSB. I have created some proxy serices and business services. I want to know about the testing procedure. I m using soapUI to test, for that i need to create some script (Ant, Maven) to run in hudson. Can any one help me, what could b