LDAP problems

Similar Messages

• Ldap problem, ORA-06521: PL/SQL: Error mapping function

  I am getting this error(s)
  ORA-06521: PL/SQL: Error mapping function
  ORA-06512: at "SYS.DBMS_LDAP_API_FFI", line 0
  ORA-06512: at "SYS.DBMS_LDAP", line 1338
  ORA-06512: at "SYS.DBMS_LDAP", line 1273
  ORA-06512: at "SYS.DBMS_LDAP", line 529
  ORA-06512: at line 127
  after binding and searching an ldap directory.
  Line 127 is:
  my_dn := DBMS_LDAP.get_dn(my_session, my_entry);
  Both of the 'my_xx' parameters have been successfully set earlier in the script I believe as they produce no errors and DBMS_LDAP.count_entries(my_session, my_message) returns = 1.
  I am following the example at:
  http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96577/smplcode.htm#636994
  In fact any of the functions used in the 'while loop' in the above example give a similar error.
  Apparently SYS.DBMS_LDAP_API_FFI is a call to an external C program, but this would be a standard Oracle one, not one I have written.
  I am connecting to a non-Oracle ldap server, and have tried several (OpenLDAP 2.X, & Windows 2000 AD), with same results.
  Any suggestions gratefully received.
  Cheers
  KIM

  Scott,
  Thanks for your concern. I should have explained. I am working in HTMLdb, successfully using ldap to authenticate, but now need to get the logged-in user's name and other details. All my attemps to use the wwv_flow_ldap functions have failed, and I am no resorting to DBMS_LDAP to get what I want. I am hoping thatsome helpful person can shed some light on this problem
  Cheers
  KIM

• User migration vom SAP DB to LDAP: Problem when userId not equal to logonId

  Hello
  I have to write a migration tool which migrates the users stored in the SAP DB to LDAP. Thereby the logon ID of the users in the SAP DB is not equal to the user ID.
  The migration works fine and in SAP Identity Management (IDM) everything is ok.
  But when I try to log onto the portal with a migrated user, the portal tells me that no portal role is assigned to the user. But the IDM shows clearly that the portal role is assigned to the user.
  Investigation showed that when I create in the LDAP a user with the same logon ID and user ID, the log onto the portal works ok. As soon the logon ID differs from the user ID, the portal does not find the assigned portal role anymore, although in IDM everything works.
  How can I solve this problem? It is important that the logon ID and the user ID are different as otherwise all the stored data has wrong references.
  Greetings
  Rolf
  Edited by: Rolf Grüninger on Jul 19, 2011 6:08 PM

  Problem solved:
  The naming attribute of the user account has to be set to the same attribute as the one of the user object and not to the user logon ID.

• Open Directory or LDAP Problem with 10.5 Client and 10.4 Server

  Yesterday, the client-server setup we've been using successfully FOR YEARS decided not to work on a v10.5.8 MacBook Pro client. Did not do anything to the v10.5 client recently (other than to boot it up). Not sure if any software was updated on the server recently (where do I check for this?). Curiously, a v10.4.11 client running on a Mac Pro (tower) continues to work fine/as though nothing's changed. It appears as though the only difference is v10.4 client (working) vs. v10.5 client (not working).
  Here is what IS working:
  1) Network Home Directories on dedicated drive partition of Mac running OS X Server v10.4.11. AFP, DNS, and Open Directory are all up and running (normally, I think) as shown in Server Admin application.
  2) Mac Pro (tower) client running v10.4.11 binds to and authenticates at v10.4.11 server. Any valid user can access their home directory on the server seamlessly when logging in at this v10.4.11 client Mac.
  3) That same v10.4.11 client Mac also contains a LOCAL admin user with its home directory on the local hard drive. That LOCAL admin account is used to update software on a per machine basis (and preclude users from adding unauthorized software, needing to use a specific machine, etc.).
  Here is what IS NOT working:
  4) On a MacBook Pro client running v10.5.8, the LOCAL admin account looses access to the partition containing its local home directory. The drive partition literally disappears. The only "solution" I've been able to find (and it's not truly a solution) is to turn off the Open Directory/LDAP binding (using the Directory Utility application). With binding turned off, the LOCAL admin user has no problem accessing their home directory on the local hard drive partition. Turn binding on again (using Directory Utility application), and the LOCAL admin user can no longer see its local home directory.
  Again, binding is necessary to allow regular users to use the v10.5 MacBook Pro with Network Home Directories (as in items 1-3 above). Binding should be turned on for this reason. However, with binding on, the LOCAL admin user cannot manage the computer because the local partition containing the admin home directory disappears/is inaccessible. Turn binding off, and the partition containing the admin home directory reappears.
  Perhaps there's something in the sever logs that will help. I don't really know how to read these, so if your help involves the logs, please refer to them explicitly (e.g., "in Server Admin, go to Open Directory->Logs->LDAP log" or similar).
  Any help greatly appreceated.

  Nope. Never used sso_util.
  I try to use Apple's GUI server management tools unless absolutely necessary/at the end of my rope (i.e., last step before re-install etc.). I figure there's just too many things going on under the hood: using the command line may fix one setting, but not re-configure the two or three others that Apple NEEDS in order to have the whole thing working in harmony. Unless you really know what's going on with all the configuration files, it's best to let the GUI manage the settings.
  In my particular circumstance, I've now got ALL Leopard clients, one Leopard v10.5 server, and one Tiger v10.4 server. Everything is working fine now, but it was not a simple matter getting the Tiger v10.4 server re-integrated into the otherwise ALL Leopard environment. OD/Kerberos is on the Leopard v10.5 server. Home directories are still on the Tiger v10.4 server.
  Two keys to getting THIS/MY set-up working:
  1) Tiger v10.4 server needs to have Open Directory set to "Connected to a Directory System" and has to be joined to the Kerberos realm that was set-up on the Leopard v10.5 server (use Server Admin to do all of this).
  2) Sharepoint on Tiger v10.4 server has to have SOME, but NOT ALL checkboxes for guest access enables/checked. See:
  http://discussions.apple.com/message.jspa?messageID=10903468#10903468
  Number 2 immediately above is contrary to what Apple manual for User Management reads, but this is what worked for me/my set up, after pulling my hair out following the manual's instructions to the letter and not getting the thing to work!

• OBIEE and LDAP problem

  Hi all!
  After connecting our OBIEE 11.1.1.5 to LDAP we faced with a strange problem: after one user enters the system any next user logged in has the same privileges in OBIEE as the first one.
  We turned off the following caches:
  - WebLogic Principal Validator Cache in a security realm Performance section
  - Group Membership Lookup Hierarchy Caching in our LDAP authentication provider Performance section
  But the problem still occurs. Does anyone have any suggestions on this?

  Hi I was having endless issues with OBIEE and LDAP, I followed the exact steps here:
  http://docs.oracle.com/cd/E17904_01/web.1111/e13707/atn.htm#SECMG169
  These worked for me, so you could check for a start these recommended setting are same in your environment.
  Thanks

• Update LDAP problem using SPLDAP_RECEIVE_ATTRIBUTES

  Hi Friends,
  I can create new data records in LDAP but when i try to update these records i get following error :
  type id                      number   message
  E   |LDAPRC                 |053   |LDAP server cannot execute operation    
  Does anyone has any idea about this?
  Thanks.

  I am getting the same problem. Can anyone tell us what is going on?

• Web Proxy Server & Secure LDAP Problem

  Hi,
  I'm currently trying to interface a test system with SunONE Web Proxy 3.6 SP4 with a SunONE DIrectory Server 5.2 system. Using unencrypted LDAP, things worked fine.
  After creating a test certificate on the Directory Server, I reconfigured the Proxy to use SSL LDAP. Within the Administration Server of the proxy, communications with the SSL-enabled LDAP port looks fine and I am able to download the user/group lists from the directory server. Similarly, the ldapsearch tool works fine. However, the proxy instance itself does not even want to start, reporting the following problem(s):
  [30/Mar/2004:13:49:24] info: ldap_pool: ldapu_pool_init() : can't contact server <bovproxy.bov.com>
  [30/Mar/2004:13:49:24] security: ldap subsystem: ldap server(s) unreacheable. Acl evaluation may fail.
  [30/Mar/2004:13:49:24] info: LdapCheckUp set to 30 seconds
  A netstat whilst the proxy is starting reveals that the system does open ports with the LDAP server ok. I've tried various things without success. Any ideas/suggestions would be really welcome.
  Thanks,
  Herbert

  Hi, Can you just guide how to setup this kind of scenario. I mean to say
  im using solaris 9 X86 and i have to setup webproxy server (for internet connection sharing) and LDAP. The users should enter username and password for accessing internet. If you dont mind where can i get the documenattion on this. Please help me in this issue as im new bie in Solaris World.
  Thanks in Advance
  R. Venkat Sharma

• Address book ldap problems

  Hi. My organization uses a domain controller server on port 3268 for ldap/GAL access. In the past I have had intermitant problems accessing the GAL through address book and the mail app. The last time this happened I trashed some pref files and got it working again. Since upgrading to Mountain Lion, it is not working again. I've tried trashing various plist files, but none have seemed to help. I've been doing this over the last few weeks so I can't specifically list which plist files I've tried.
  If anyone has a solution or any suggestions I would appreciate it. If there is a way to see at what level it is failing that would be helpful too. It does not show up in the Mail activity window.
  Thanks

  Hi Jay,
  It is a Outlook 2003 problem.. the way around it is:
  Open registry editor.
  a. Find the following registry key.
  HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook
  b. Edit --> New -->Key
  c. Input "ldap" and press Enter key.
  HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\LDAP
  1.Edit --> New -->[DWORD]
  6. Input "NoDisplayNameSearch" ane press Enter key.
  7. Right click the above and click "change".
  8. Input "1" to [data value] and press [OK]
  9. Edit --> New -->[DWORD]
  10.Input "DisableVLVBrowsing" and press Enter key
  11. Right click the above and click "change".
  12. Input "1" to [data value] and press [OK]
  13. Close the registry editor.

• UME and LDAP problems

  Hi all!
  I'm trying to configure my UME to a MS Active Dir Server...
  I managed to display the users and groups - stored in the LDAP - in the useradmin GUI of the UME http://<server>:50000/useradmin.
  The problem I have is the following:
  the groups in the LDAP Directory Server have users as members. But in the GUI - when choosing a group and click maintain users - are not displayed.
  In order to get the groups dislayed in the GUI I had to edit the configuration XML file. I guess there is a way to edit the XML config file to be able to see users as kind of childs of a group.
  Any hint on this issue?
  Kind regards,
  Christoph

  Post the LDAP path to your groups and users. Even though in LDAP the groups have members attached that doesn't mean you will see it that way in the UME gui. Are these the real user entries in LDAP or is this simply an attribute of the group?
  Deep hierarchy implies groups are trees with the real user underneath and that no user will appear in multiple groups. Is that the way your LDAP is implemented?
  See this help - http://help.sap.com/saphelp_nw04/helpdata/en/09/c5ee407552742ae10000000a155106/frameset.htm
  Nick

• LDAP problem

  Hello!
  I have implemented a EP (NW2004s) system once before, and have connected it to our LDAP server without much difficulty.
  Now I have just installed another portal with EP (NW2004s SR1) and am having trouble with user mapping in LDAP. I can get the Portal to connect to LDAP with no problem, but the problem is just the user mapping.
  We have multiple backend ABAP systems that we connect to through the Portal.
  Our LDAP username/login information is different than the usernames/login info in the backend ABAP systems. To resolve this, we have the ABAP login information mapped to the LDAP login information, all within LDAP. So users can log in ot the Portal using their LDAP login info and be able to go into the backend systems without having to login again. This caused no problem with the NW2004s (older) installation.
  However, in the new installation it's failing to recogize the user mapping that already exists in LDAP. So basically, I can login to the portal with my LDAP uid, but when I try to go to a backend system, I get a "username or password not recognized" message, and in SM20 (ABAP system) I can see that it's trying to log me in with my LDAP uid, and not mapping to my ABAP uid.
  I have basically copied everything from the old installation and have been looking at resolving this issue for a few days now, thinking it might be some small configuration that I'm missing. I've found nothing.
  The original configuration file (configtool) we used was exactly the same in both new and old Portal systems. Since they were the same, I saw no problem using our modified copy from the old system.
  The system profiles that I created in the Portal for the backend systems are exactly the same. I have the exact same LDAP connection information in both Portal systems (not that it matters since it's not having trouble connecting to LDAP, just mapping, or recognizing the mapping, the LDAP and ABAP uids). The certificate for the Portal has been imported into the backend systems. As well, I have the Portal pointing to one of the created system profiles in the Portal as a reference system. All in all, from what I can tell, both systems are identical as far as the configuration, but it's still not mapping the UIDs.
  Would anyone have an idea of what might be causing this, or possibly something else to check? I'm running out of ideas on what it might be.
  Thanks so much.
  I'll award points for any helpful answers.
  Beau.

  If you're talking about the settings under Sys Admin>Sys Configuration>UME Configuration, from what I can tell they are the same. There are some differences, however, between the old system and the new.
  For instance in the new system, under the LDAP Servers tab, there is a section for
  Blocked principals
       Unique Names of Blocked Users:  Administrator,Guest
       Unique Names of Blocked Groups: Administrators,Guests
  As, well some of the tabs contain less information than they once did. But for the most part I don't see anything that could be related. The user I'm testing with isn't one of these blocked users or in these blocked groups.
  Do you remember what flag this is exactly?
  Thanks.

• LDAP problems after IP change

  I changed my IP address for the LDAP server in accordance to the advice given here:
  http://discussions.apple.com/thread.jspa?messageID=1983263&#1983263
  [using command:
  sudo changeip /LDAPv3/127.0.0.1 212.212.123.45 212.212.35.5 ldap.example.com ldap.example.com
  However, LDAP still does not work. [when attempting to authenticate, I just get the shaking Login screen]. The logs do not indicate anything useful to diagnose this problem.
  As well, iChat (on another server) can not authenticate users to the OD Server (assuming the problem is the same for LDAP and authentication problems).
  Can someone help me out as to where I went wrong and how to correct it?

  I want to thank the guys at this post:
  http://discussions.apple.com/thread.jspa?messageID=2404645&#2404645
  Following these instructions (while a bit bumpy in my situation) fixed my LDAP. As such, I am marking this problem as solved... although, another problem crept up as a result... MD5 mail authentication now fails (Password works)... so, I will open a new thread in Mail section and mark this as answered.

• Could Calendar services not available after reboot be LDAP problem?

  I followed this installation guide:
  https://wikis.oracle.com/display/CommSuite7U2/Communications+Suite+on+a+Single+Host+%28Linux%29#CommunicationsSuiteonaSingleHost%28Linux%29-InstallingCommunicationsSuite7Update2Software
  I have successfully installed and set up the Oracle UCS Sun7 update 2 server. Calendar works ( if I don't reboot the server ).
  However, when I reboot the server, Calendar service is unavailable.
  Important information for when I installed Oracle UCS sun 7 update 2 by following the installation guide:
  I have noticed when browsing through the folders, that there was already a 'dsee6' folder for the Oracle Linux I started from. Following the example installation for the Oracle Linux 5 with GlassFish install, I was instructed to download a new Directory Server. Following the instructions on page 7 of the install guide listed above, I made another folder 'dsee7'. I am wondering if I should never have downloaded this new Directory Server as instructed on page 6 "Get the Software". The install guide actually does not mention where to get the Directory Server from, so I just went to the edelivery site and figured it out myself. Anyways, under the "Installing and Configuring Directory Server" section, #3, I was instructed to "mv dsee7 /opt/sun/directory". In this folder, /opt/sun/directory/bin, there will be "./dsadmin" utility that can be ran. This is used to do many things with the Directory Server including starting it. Here is how I started it:
  cd /opt/sun/directory/bin
  ./dsadm create /var/opt/sun/directory/dsins1
  ./dsconf create-suffix "0=isp"
  Also, I downloaded the Directory Server from edelivery - Oracle Directory Server Enterprise Edition 11gR1 Patch Set 1 for Linux x86-64
  Then, I ended up running to get it set up:
  ./dsccsetup ads-create
  ./dsccsetup war-file-create
  $ ./dsccsetup cacao-reg
  ./dsccsetup status
  Then, it looked like the dcss agent is registered in cacao.
  So, if we forward ahead to page 9 of the install guide, "Preparing the Directory", I ran this and prepared the directory. After I finished installation, I could restart the Directory Server with no problems, as long as I did not reboot the machine. I would restart the Directory Server like so:
  cd /opt/sun/directory/bin
  ./dsadmin stop-domain domain1
  ./dsadmin start-domain domain1
  However, if I rebooted the machine, I could still start and stop the Directory Server as noted. But, the Calendar Services were not available.
  The only reason I wonder about this LDAP Server possibly being the cause of this is because I had at one point configured the services to start on boot. I followed these instructions:
  https://wikis.oracle.com/display/CommSuite7U2/Start+and+Stop+Scripts+for+Communications+Suite+%28Linux%29
  I am using a VMSphere client to host this set up. So, since that point of configuring the services to start up, I have rolled the snap shot back so that the services are no longer set up to start on boot. But, when they were, and I rebooted the machine, I could see ldap 389 errors all over the place. So, that lead me to roll my snap shot back in effort to try and fix the ldap errors. I no longer get LDAP errors since I rolled my snap shot back. But, like I said, I no longer have any of the services, including the LDAP, to start on boot as noted in the above link that instructs us how to do this.
  After reboot, I run these commands to get the server up and running:
  Start GlassFish server:
  cd /opt/sun/SUNWappserver/bin
  ./startserv
  Start web ( Messaging Server I think ):
  cd /opt/sun/comms/messaging64/bin
  ./start-msg
  Start LDAP ( Directory Server )
  cd /opt/sun/directory/bin
  ./dsadm start /var/opt/sun/directory/dsins1
  Start Mysql
  cd/etc/init.d
  ./mysqld start
  All of those commands complete without problem. I can log into the convergence web, I can hit the delegated administrator, I can log into the GlassFish admin console, and I can see my calendar folder when I hit it in the web ( http://myServer.com/davserver/dav/home/userName/calendar/ ).
  So, in summary, I am wondering if anyone knows if this supposed second Directory Server is causing my problems since I started with Oracle Linux 5 and Oracle Linux 5 appeared to have the folder dsee6 already installed with it. Could this be why my calendar services are not starting after reboot but are working before reboot?
  ( Also, all of my posts keep getting deleted. Can someone please email me if someone from Oracle is deleting my posts and tell me why they are getting deleted? )
  Edited by: ntfytim16 on Mar 5, 2012 7:41 AM
  Some of my steps were out of order. Cleaned them up so it is easier to understand.

  Here is my error0.log which is in the /var/opt/sun/comms/davserver/logs folder:
  =========================
  Last packet sent to the server was 0 ms ago.
  SEVERE [2012-03-01T05:10:26.033-0500] <...DavServer.loadBackend> failed to instantiate or create backend com.sun.comms.davserver.backends.BackendException: Cannot get Initial Database Information: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Communications link failure
  Last packet sent to the server was 0 ms ago.(OPERATION_NOT_SUPPORTED)
  INFO [2012-03-01T05:10:26.033-0500] <...DavServer.loadBackend> Loading backend ischedulebackend with backendid ischedulebackend
  INFO [2012-03-01T05:10:26.034-0500] <...DavServer.loadBackend>      JDBC JNDI Name = jdbc/ischedulebackend
  SEVERE [2012-03-01T05:10:26.177-0500] <...JdbcBackend.queryDatabaseType> Cannot get Initial Database Information: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Communications link failure
  Last packet sent to the server was 0 ms ago.
  SEVERE [2012-03-01T05:10:26.177-0500] <...DavServer.loadBackend> failed to instantiate or create backend com.sun.comms.davserver.backends.BackendException: Cannot get Initial Database Information: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Communications link failure
  Last packet sent to the server was 0 ms ago.(OPERATION_NOT_SUPPORTED)
  INFO [2012-03-01T05:10:26.209-0500] <...DavServer.loadBackends> iSchedule enabled
  WARNING [2012-03-01T05:10:26.209-0500] <...DavServer.loadBackends> iSchedule URI is configured but can't find ischedule backend.
  SEVERE [2012-03-01T05:10:29.567-0500] <...LDAPSingleHostPool.buildConnection> buildConnection: got LDAPException while connecting to Pool number:0. Host=myServer.com :netscape.ldap.LDAPException: failed to connect to server ldap://myServer.com:389 (91)
  SEVERE [2012-03-01T05:10:29.568-0500] <...LDAPSingleHostPool.buildConnection> buildConnection: got LDAPException while connecting to Pool number:0. Host=myServer.com :netscape.ldap.LDAPException: failed to connect to server ldap://myServer.com:389 (91)
  WARNING [2012-03-01T05:10:29.568-0500] <...LDAPFailoverPool.getConnection> Fatal Error: All LDAP servers are down.
  ======================
  Does that look like an LDAP issue to you?
  "Fatal Error: All LDAP servers are down."
  Edited by: ntfytim16 on Mar 5, 2012 10:13 AM
  Changed one server address

• Oracle Directory Manager LDAP Problem

  Hello,
  I am right in the middle of provisioning OCS on a Win2K sp4 server. I am receiving and error that the LDAP server is not up and running when trying to logon to the Directory Manager GUI. It appears all services are running fine. Does anyone have any imput?
  Thanks,
  Mark

  Finally got this working!
  It was the wallet manager. The trusted CA root cert was not installed properly. The certifcate status has to be marked "Ready" to have everything work correctly.
  Chetan

• External LDAP problems after 5.4 - 9.0.4 migration

  I've just completed a 5.4 - 9.0.4 migration without any errors being reported, but I am now having problems with my external user directory.
  The setup is:
  Standalone Calendar 9.0.4
  Solaris
  iPlanet directory server 5.1
  There are several error codes associated with the problem, but unfortunately the documentation I have doesn't describe any of these (or of it does there is not enough info, or the suggested remedial action has not worked), there are no hits on these from technet, metalink, or these forums...
  Any info on any of the following error codes greatly appreciated:
  0x17401
  0x132D5
  0x13ABA
  0x13ABB
  0x18009
  These appear in das.log and eng.log.
  The iPlanet server logs show that the Calendar server is establishing a connection when it starts, and I have run UNIDSUP successfully to verify that the Calendar server thinks the directory server is up....
  Any suggestions/ideas anyone???!!

  Hi,
  Please log a support TAR.
  Thanks,
  Lily

• IDS 6.0 Authentication LDAP problem

  Hi all,
  I would like to test the ids6 bundled sample "remote client login". I have installed the temp cert. and activate the SSL on the web-instance. Then, i modify the AMConfig.properties: "com.iplanet.am.server.protocol" to "https". Then, i restart the IDS. After that, run the application. However, on testing ids server with authentication services SSL
  enabled (i.e. https://<ids server>/<deployment url>/), I got following
  unknown protocol error if only changing http to https in
  AMConfig.properties:
  ----------------- cut here ----------------
  orgname is : dc=com,dc=cn
  javax.security.auth.login.LoginException: Failed to create New
  AuthContextError while processing XML requestunknown protocol: https
  at
  com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:145)
  at LDAPLogin.main(LDAPLogin.java:57)
  Login failed!!

  Thanks,
  The problem was fixed after i change the jdk to 1.4 and
  specially set the classpath to
  /opt/iplanet/ids6/SUNWam/lib:/opt/iplanet/ids6/SUNWam/lib/am_services.jar:/opt/anyiu/iplanet/ids6/SUNWam/lib/am_sdk.jar -d /opt/iplanet/ids6/class