OID - LDAP:error code 19 -Admin domain

Similar Messages

• OID - OperationalNotSupportedException: [LDAP: error code 53 - Server ... ]

  Hi,
  I'm using JNDI (Java Native Directory Interface) accessing OID, and I received a javax.naming.OperationalNotSupportedException: [LDAP: error code 53 - Server currently in read only mode.  Update operations not allowed];
  I am not sure what's wrong.
  I tried the following command
  "./ldapsearch -b "" -s base "objectclass=*" orclservermode" The returned result is "orclservermode=rw"
  So it is in read-write mode. I'm not sure what's wrong.
  This started happen after I apply the 10.1.4.2.0 patch.

  Unfortunately I am not an OID expert so I can't really comment on the OID server part of the problem.
  What I actually have plenty of experience of is the JNDI package and there has been a number of times when the error messages produced by JNDI have been cryptic or simply wrong. I would recommend sniffing the LDAP connection and check what error messages are actually created by the OID server.
  Good luck!
  /M

• Install OCS 10.1.2 Infra DB failed with LDAP: error code 16 on Workspaces

  during install OCS Infrastructure DB OCS have error:
  ... processed key-value: logfile=/oracle/product/dbocs/workspaces/logs/cw_config_backend.log
  ... processed key-value: action=setup_backend
  ... processed key-value: oh=/oracle/product/dbocs
  ... processed key-value: oid=oid.domain
  ... processed key-value: oid_port=389
  ... processed key-value: oid_user_dn=cn=orcladmin
  ... processed key-value: oid_passwd=xxxxxx
  ... processed key-value: db_sn=ocs.domain
  ... processed key-value: dba_user=sys
  ... processed key-value: dba_passwd=xxxxxx
  ... processed key-value: cw_db_passwd=xxxxxx
  Attempting to set logfile to: /oracle/product/dbocs/workspaces/logs/cw_config_backend.log
  Processed oh=/oracle/product/dbocs
  BACKEND installation ...
  ... Trying to lookup database dn
  ... Obtain OID connection
  ...... Can not obtain OID ssl port.
  ...... OID port = "389"
  ...... Trying to establish a non-ssl connection. OID host "oid.domain", OID port "389", OID user dn "cn=orcladmin".
  ... OID connection created.
  ...... You must specify either db_dn or db_sn.
  ...... ldap search filter "(&(objectclass=orcldbserver)(orcldbglobalname=ocs.domain))"
  ...... Succesfully located database dn "cn=ocs,cn=OracleContext".
  ...... Database dn = "cn=ocs,cn=OracleContext"
  ... Validating existence and version of CW schema: "CWSYS" in database: "cn=ocs,cn=OracleContext".
  ... Obtain JDBC connect string
  ... JDBC connect string = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
  ...derived: "jdbc_str=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))".
  Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
  Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
  Unlocking schema and setting passwd: "CWSYS/xxxxxx".
  Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
  ... Checking Workspaces container.
  ... Container "cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext" already exist.
  ... Finish checking Workspaces container.
  ... Trying to create backend application entity in OID
  ...... Database dn = "cn=ocs,cn=OracleContext"
  ...... Backend entity name = "ocs"
  ...... Backend entity dn = "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext"
  ... Backend entries already exist. Cleanup old entries.
  deregisterProvisioningListener ...
  app dn = orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext
  subscriber = dc=domain,dc=com
  ... Trying to remove entity "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext".
  ... Deleting "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext"
  Adding Workspaces application entity to: cn=Service Registry Viewers,cn=Groups,cn=OracleContext
  Adding Workspaces application entity to: cn=Service Registry Admins,cn=Groups,cn=OracleContext
  ... Insufficient privilege to create application entity "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext". Please check the user DN and password.
  javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
  at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
  at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
  at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
  at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
  at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
  at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
  at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
  at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
  at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
  at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
  oracle.workspaces.install.CwCAException: Error while executing action: "setup_backend"
  Caused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]
  at oracle.workspaces.install.CwConfig.run(CwConfig.java:639)
  at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
  Caused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
  at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
  at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
  at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
  at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
  at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
  at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
  at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
  at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
  at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
  ... 1 more
  javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
  at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
  at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
  at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
  at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
  at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
  at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
  at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
  at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
  at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
  at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
  What should i do?
  help.
  Thanks

  closed
  Re: Install OCS 10.1.2 Infra DB failed with LDAP: error code 16 on Workspac

• LDAP error Code 19

  I am trying to do an AD=>OID synchronization and keep encountering the error message as follows -
  ERROR: [Fri Dec 15 13:26:37 CST 2006] Writer Thread - 0 - [LDAP: error code 19 - Admin domain does not contain schema information for objectclass user.]
  Can Someone please enlighten me as to what I may be doing wrong - does this relate to permissions (or lack thereof) on the AD side or the OID side?
  Thanks
  Joe

  I did - went through the note and did what it asked - still no success - one thing that is strange is that the filter in a 10.1.2.0.2 install works with the double " around the search filter. Wonder what has changed in a 10.1.4 install that necessitates removing the double quotes around the search filter.

• Synchronization errors with AD: LDAP error code 65 : orclObjectSid

  I'm trying to get synchronization working - importing data from Microsoft AD.
  The bootstrap seemed to go ok, and the synchronization is up and running - but I still get errors in the profile's trace file as follows at the end of this post.
  The error always seem to complain about the orclObjectSid attribute
  Do I need to do anything to the OID schema?
  Or is this a mapping problem?
  Either way, how would I correct this error?
  Thanks!!
  Howard Dickins
  Here's an example of the errors I'm getting:
  DN : dc=connectutilities,dc=co,dc=uk
  Normalized DN : dc=connectutilities,dc=co,dc=uk
  Processing modifyRadd Operation ..
  Proceeding with checkNReplace..
  Performing checkNReplace..
  Naming attribute: dc
  Naming attribute value: dc
  Naming attribute value: orclObjectSID
  Adding Attribute in OID : orclObjectSID
  Naming attribute value: orclobjectguid
  Adding Attribute in OID : orclobjectguid
  Total # of Mod Items : 2
  Exception Modifying Entry : javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find orclobjectsid in mandatory or optional attribute list.]; remaining name 'dc=connectutilities,dc=co,dc=uk'
  javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find orclobjectsid in mandatory or optional attribute list.]; remaining name 'dc=connectutilities,dc=co,dc=uk'
       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
       at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1440)
       at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
       at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
       at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
       at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:146)
       at oracle.ldap.odip.gsi.LDAPWriter.checkNReplace(LDAPWriter.java:839)
       at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:717)
       at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:310)
       at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:581)
       at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
       at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
  [LDAP: error code 65 - Failed to find orclobjectsid in mandatory or optional attribute list.]
  Entry Not Found. Converting to an ADD op..
  Processing Insert Operation ..
  Performing createEntry..
  Exception creating Entry : javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find orclobjectsid in mandatory or optional attribute list.]; remaining name 'dc=connectutilities,dc=co,dc=uk'
  [LDAP: error code 65 - Failed to find orclobjectsid in mandatory or optional attribute list.]
  javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find orclobjectsid in mandatory or optional attribute list.]; remaining name 'dc=connectutilities,dc=co,dc=uk'
       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
       at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:777)
       at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
       at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
       at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
       at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:176)
       at oracle.ldap.odip.gsi.LDAPWriter.createEntry(LDAPWriter.java:1031)
       at oracle.ldap.odip.gsi.LDAPWriter.insert(LDAPWriter.java:386)
       at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:725)
       at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:310)
       at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:581)
       at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
       at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
  DIP_LDAPWRITER_ERROR_CREATE
  Error in executing mapping DIP_LDAPWRITER_ERROR_CREATE
  DIP_LDAPWRITER_ERROR_CREATE
       at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:722)
       at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
       at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
  DIP_LDAPWRITER_ERROR_CREATE
  AD_OID_Import:Error in Mapping EngineDIP_LDAPWRITER_ERROR_CREATE
  DIP_LDAPWRITER_ERROR_CREATE
       at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:741)
       at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
       at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:186)
  AD_OID_Import:about to Update exec status
  Updated Attributes
  orclodipLastExecutionTime: 20090617062658
  orclodipConDirLastAppliedChgNum: 12242192
  orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
  orclOdipSynchronizationErrors:
  Sleeping for 1secs
  LDAP URL : (inexus-srv01:389 oracleextract
  Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
  LDAP Connection success
  Applied ChangeNum : 12242192Available chg num = 12245972
  Reader Initialised !!
  LDAP URL : (inexus-srv34:389 cn=odisrv+orclhostname=inexus-srv34,cn=registered instances,cn=directory integration platform,cn=products,cn=oraclecontext
  Specifying binary attributes: mpegvideo objectguid objectsid guid usercertificate orclodipcondirlastappliedchgnum
  LDAP Connection success
  Writer Initialised!!
  Writer proxy connection initialised!!
  MapEngine Initialised!!
  Filter Initialised!!
  searchF :
  CHGLOGFILTER : (&(USNChanged>=12242193)(USNChanged<=12242692))
  Search Time 0
  Search Successful till # 12242692
  Search Changes Done
  Changenumber uSNChanged: 12242193
  targetdn distinguishedName: DC=connectutilities,DC=co,DC=uk
  ChangeRecord : ----------
  Changetype: ADDRMODIFY
  ChangeKey: dc=connectutilities,dc=co,dc=uk
  Attributes:
  Class: null Name: objectGUID Type: null ChgType: REPLACE Value: [[B@1c999c4]
  Class: null Name: objectSid Type: null ChgType: REPLACE Value: [[B@8e5360]
  Class: null Name: dc Type: null ChgType: REPLACE Value: [connectutilities]
  Class: null Name: objectClass Type: nonbinary ChgType: REPLACE Value: [top, domain, domainDNS]
  -----------

  I found a solution - I added the offending attribute orclObjectSid to the domain objectClass as an optional attribute.
  It was a bit of a "clutching at straws" solution - but it does seem to have worked.
  I'm not sure why the data being imported had such a value, but the synchronization hasn't thrown up any further errors since then.
  Thanks for your help everyone.
  Howard

• Error while create user in LDAP - LDAP: error code 1

  Hi Guy's, I am getting below error while creating user in LDAP MS AD.
  cn=3001,ou=sAP_IDM,dc=springswf,dc=comcn<mx:TEXT>putNextEntry failed storingOU=SAP_IDM,DC=springswf,DC=com</mx:TEXT>
  <mx:LTEXT>Exception from Add operation:javaxnaming.NamingException: {LDAP: error code 1 = 00000000: LdapErr: DSID-OC090AE2, coment: In order to perform this operation a successful bind must be completed on the connection.,data0,vece
  Steps I am following:
  1. create a job through wizard and pick from (IC->jobs->Active Directory->Create Active Directory User)
  2. Destination tab values that I am passing:
  dn: cn=Dummyuser,ou=SAP_IDM,dc=<main domain>,dc=com
  objectClass: top|person|organizationalPerson|user
  sn: Surname
  givenName: GivenName
  displayName: Dummy user displayname
  Under <main domain> an OU has been created called SAP_IDM for testing user creation from IDM.
  Admin user account created called <XYZ> and has full control over SAP_IDM OU.
  I am passing <XYZ> credentials into my job for user creation.
  Thanks for you help!

  Farhan,
  Based on the error message presented,
  In order to perform this operation a successful bind must be completed on the connection
  Make sure that you're using the correct information to do the AD Bind.  User name should be something like cn=administrator,cn=users,dc=xxx,dc=xxx and the proper password.
  Matt

• Error when performing search:  getExtendedProperties [LDAP: error code 50

  Hi there,
  We are currently running OAS 10.1.2. We have an application which is running Oracle Forms. To get access to these forms, the authenication is a combination of the user logging on to their windows domain, (AD SSO) and having the correct username and groups within Oracle OID and DAS.
  We have a major problem at the moment in Production where every so often a user will get rejected for having insufficient access rights, and the UserID in the logs being Null. Yet if they try again it works.
  Does anyone know why this might be happening for?
  Here is the Forms log :
  09/07/31 06:59:32 Forms session <967> runtime process id = 10,780
  09/07/31 07:02:27 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
  ror code 50 - Insufficient Access Rights]
  09/07/31 07:02:27 at oracle.ldap.util.User.getExtendedProperties(User.java:365)
  09/07/31 07:02:27 at oracle.forms.servlet.FormsOIDContext.getUserCredentials(Unknown Source)
  09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.getUserId(Unknown Source)
  09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.doRequest(Unknown Source)
  09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.doGet(Unknown Source)
  09/07/31 07:02:27 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  09/07/31 07:02:27 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  09/07/31 07:02:27 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
  09/07/31 07:02:27 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
  09/07/31 07:02:27 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
  09/07/31 07:02:27 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
  09/07/31 07:02:27 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
  09/07/31 07:02:27 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192
  09/07/31 07:02:27 at java.lang.Thread.run(Thread.java:534)
  09/07/31 07:02:27 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
  ror code 50 - Insufficient Access Rights]
  09/07/31 07:02:27 In getUserId method: caught oracle.ldap.util.AccessDeniedException: General Error when performing search: ge
  tExtendedProperties [LDAP: error code 50 - Insufficient Access Rights]
  09/07/31 07:02:27 In doRequest method in ue.isNamingException
  09/07/31 07:02:27 Redirecting to DAS to update the resviewer list
  09/07/31 07:02:27 UserID is NULL redirecting to DAS
  09/07/31 07:02:27 Forms Group DNcn=Logical Application Group, orclApplicationCommonName=formsApp_dras03.workcover.qld.gov.au_63A
  36930655911DBBF37F32F8ED7FD07, cn=forms, cn=Products, cn=OracleContext                                                                                                                                                                                         
  09/07/31 07:02:27 The DAS URL generated: http://prinfds.workcover.qld.gov.au:7777/oiddas/ui/oracle/ldap/das/mypage/AppCreateReso
  urceInfo?resKey=prcar_sso&resType=oracleDB&resViewer=cn%3DLogical+Application+Group%2C+orclApplicationCommonName%3DformsApp_dras
  03.workcover.qld.gov.au_63A36930655911DBBF37F32F8ED7FD07%2C+cn%3Dforms%2C+cn%3DProducts%2C+cn%3DOracleContext&doneURL=http%3A%2F
  %2Fdras03.workcover.qld.gov.au%3A7778%2Fforms%2Ffrmservlet%3Fconfig%3Dprcar_sso%26form%3DSY0001.fmx&cancelURL=
  09/07/31 07:05:26 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
  ror code 50 - Insufficient Access Rights]
  09/07/31 07:05:26 at oracle.ldap.util.User.getExtendedProperties(User.java:365)
  09/07/31 07:05:26 at oracle.forms.servlet.FormsOIDContext.getUserCredentials(Unknown Source)
  09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.getUserId(Unknown Source)
  09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.doRequest(Unknown Source)
  09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.doGet(Unknown Source)
  09/07/31 07:05:26 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  09/07/31 07:05:26 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  09/07/31 07:05:26 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
  09/07/31 07:05:26 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
  09/07/31 07:05:26 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
  09/07/31 07:05:26 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
  09/07/31 07:05:26 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
  09/07/31 07:05:26 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192
  09/07/31 07:05:26 at java.lang.Thread.run(Thread.java:534)
  09/07/31 07:05:26 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
  ror code 50 - Insufficient Access Rights]
  09/07/31 07:05:26 In getUserId method: caught oracle.ldap.util.AccessDeniedException: General Error when performing search: ge
  tExtendedProperties [LDAP: error code 50 - Insufficient Access Rights]
  09/07/31 07:05:26 In doRequest method in ue.isNamingException

  I fixed it in my environment.
  formweb.cfg has oid_formsid and formsid_group_dn. Verify if these values are correct.
  Also ensure that formsid_group_dn has no blank spaces after ',' (commas)
  formsid_group_dn=cn=Logical Application Group,orclApplicationCommonName=formsApp_xyzhost_1224C3F0A73B11DBBFC783346A955D8F,cn=forms,cn=Products,cn=OracleContext

• [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSec

  I am getting [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] when executing ctx.search() command of the below source code:
  public void authenticateUser() throws AuthenticationException, NamingException {
  Hashtable<String, String> props = new Hashtable<String, String>();
  String principalName = "dctestuser1" + "@" + "example1.com";
  props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
  props.put("java.naming.provider.url", "dns://");
  props.put(Context.REFERRAL, "follow");
  props.put(Context.SECURITY_PRINCIPAL, principalName);
  props.put(Context.SECURITY_CREDENTIALS, "admin@123");
  props.put("com.sun.jndi.ldap.read.timeout", "90000");
  try {
  final DirContext ctx=LdapCtxFactory.getLdapCtxInstance("ldap://dc01.example1.com" ,props);
  SearchControls ctls = new SearchControls();
  ctls.setSearchScope(SearchControls.SUBTREE_SCOPE );
  String userReturnedAtts[] = {"cn","member"};
  ctls.setReturningAttributes(userReturnedAtts);
  NamingEnumeration<SearchResult> answer =
  ctx.search("DC=example2,DC=org","(&(objectclass=user)(sAMAccountName=dctestuser2)(userPassword=admin@123))",ctls);
  boolean bFound = answer.hasMore();
  System.out.println(bFound);
  return;
  } catch (CommunicationException e) {
  Two domains used in this example, example1.com and example2.org exist on separate forests.
  This scenario is working fine using the same credentials without any exception when tested with LDP.exe that comes with windows OS.

  Same exception is received when execute following search command:
  ctx.search("DC=example2,DC=org","(&(objectclass=user)(sAMAccountName=dctestuser2))",ctls);

• LDAP: error code 50 - Insufficient Access Rgiths

  Hi,
  I am newbie at Oracle Internet Directory. I hope you help me to resolve the following problem:
  When I signed in the Oracle Director Manager with user "cn=orcladmin,cn=Users,dc=localhost,dc=com" and blank password
  to create an entry (or attribute). I got error: [LDAP: error code 50 - Insufficient Access Rgiths]
  How do I resolve this problem?
  Thanks,
  QuanND

  Connecting as orcladmin requires using a password. The password has been established during installation of OID. By default from (9.0.4) on it is set to be the same password as the ias_admin password you provided during installation of the Oracle Infrastructure installation.
  Notice that there are two (2) orcladmin entries in OID.
  One cn=orcladmin is the OID superuser (same as root on UNIX) the other one is cn=orcladmin, cn=users,dc=your.default.domain
  When you login to OID using ODM and specify only orcladmin ODM assumes by default this will be cn=orcladmin (aka root)
  regards,
  --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

• Hitting error LDAP: error code 20 - mail attribute has duplicate value.

  Hi ,
  Anyone  faced this issue before LDAP: error code 20 - mail attribute has duplicate value. We are getting this error intermittently  in oid logs and 
  and due to that  provisioning stuck . I know that the issue due to the object class mismatch in attributes. But  map profile looks fine . Anything else need to check ?
  SSO verion 10.4.1.3 and DB version 10g .
  javax.naming.directory.AttributeInUseException: [LDAP: error code 20 - mail attribute has duplicate value.]; remaining name 'uid=abc,cn=users,dc=xyz ,dc=com'
          at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2972)
          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
          at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1440)
          at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
          at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:146)
          at oracle.ldap.odip.gsi.LDAPWriter.modify(LDAPWriter.java:479)
          at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:318)
          at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:656)
          at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
          at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
  DIP_LDAPWRITER_ERROR_MODIFY
  Error in executing mapping DIP_LDAPWRITER_ERROR_MODIFY
  DIP_LDAPWRITER_ERROR_MODIFY
          at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:830)
          at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
          at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
  DIP_LDAPWRITER_ERROR_MODIFY
  Setting Change Success Count : 27682
  Setting Change Failure Count : 11004
  CDSImportProfile:Error in Mapping EngineDIP_LDAPWRITER_ERROR_MODIFY
  DIP_LDAPWRITER_ERROR_MODIFY
          at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:851)
          at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
          at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
  CDSImportProfile:about to Update exec status

  did you search the LDAP server to see whether the email value you try to use already exist ?  typically LDAP server do not care whether email is duplicated or not, but by default OIM server do not allow duplicated email

• LDAP Newbie:    javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT)

  Hi,
  I am getting the following error when I try to do a search on an ldap (AD LDS) database:
  javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
  'DC=AppPartFE,DC=com'
  ]; remaining name 'cn=Users,dc=AppPartFE,dc=com'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
  at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
  at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
  at javax.naming.directory.InitialDirContext.search(Unknown Source)
  at Test.<init>(Test.java:70)
  at Test.main(Test.java:118)
  I can bind successfully using either the userPrincipalName (UPN) or the Distinguished Name (DN), however my search is failing.
  It is almost as if I am connected to the db tree at the wrong place.  Do I need a different search scope?
  I appreciate any assistance you can provide.
  Here is my code:
  import java.util.*; 
  import static java.lang.System.err;
  import javax.naming.Context;
  import javax.naming.NamingEnumeration;
  import javax.naming.NamingException;
  import javax.naming.directory.DirContext;
  import javax.naming.directory.SearchControls;
  import javax.naming.directory.SearchResult;
  import javax.naming.ldap.InitialLdapContext;
  import javax.naming.ldap.LdapContext;
  public class Test 
  public Test() 
    Properties prop = new Properties(); 
    prop.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory"); 
    prop.put("java.naming.provider.url", "ldap://MyHost.Mydomain.labs.CompanyX.com:50004");
    String strProviderUrl = "ldap://MyHost.Mydomain.labs.CompanyX.com:50004";
    // Can successfully bind with the userPrincipalName in AD LDS
    //prop.put("java.naming.security.principal", "[email protected]");
    // Can successfully bind with Distinguished Name
    // Note: the string is case insensitive and embedded blank after a comma is not a problem
     prop.put("java.naming.security.principal", "cn=tst0001,cn=Users,dc=AppPartFE,dc=com"); 
    prop.put("java.naming.security.credentials", "password"); 
    try { 
      LdapContext ctx = new InitialLdapContext(prop, null); 
      System.out.println("Bind successful");
  //I am successful to this point....
     //now try doing a search on another user
       String strFilter = "(&(objectClass=userProxy)(sAMAccountName=tst0001))";
      SearchControls searchControls = new SearchControls();
      searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); //works with object class=* to find top partition node
      NamingEnumeration<SearchResult> results = ctx.search("cn=Users,dc=AppPartFE,dc=com", strFilter, searchControls);
      SearchResult searchResult = null;
      if(results.hasMoreElements()) {
           searchResult = (SearchResult) results.nextElement();
          //make sure there is not another item available, there should be only 1 match
          if(results.hasMoreElements()) {
              System.err.println("Matched multiple users for the accountName");
    catch (NamingException ex) { 
      ex.printStackTrace(); 
  public static void main(String[] args) 
    Test ldaptest = new Test(); 

  Because you are specifiying a base distinguished name in your ldap url, the ldap context will be rooted at that context and all subsequent objects will be relative to that base distinguished name.//connect to my domain controller
  String ldapURL = "ldaps://rhein:636/dc=bodensee,dc=de";andString userName = "CN=verena bit,OU=Lehrer,OU=ASR,DC=bodensee,DC=de";results in an fully distinguished name of:CN=verena bit,OU=Lehrer,OU=ASR,DC=bodensee,DC=de,dc=bodensee,dc=deEither specify your ldap url asString ldapURL = "ldaps://rhein:636";and leave your username as is, or specify the user object relative to the base distinguished name in the ldapurlString userName = "CN=verena bit,OU=Lehrer,OU=ASR";

• LDAP: error code 53 - Function Not Implemented

  Hi All,
  While doing search on Oracle internet directory server(oracle ldap server),
  we are getting following exception.
  Exception
  in thread "main" javax.naming.OperationNotSupportedException: [LDAP:
  error code 53 - Function Not Implemented]; remaining name
  'ou=people,dc=test,dc=com'
       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3058)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
       at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
       at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
       at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
       at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
       at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
       at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
       at DifferentSearches.doFilterSearch(DifferentSearches.java:99)
       at DifferentSearches.main(DifferentSearches.java:23)
  Following is the code -
  code:
       DirContext ctx= getDirContext();
       SearchControls ctls = new SearchControls();
       ctls. setReturningObjFlag (true);
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
       String filter = "(displayname=chandra)";
       NamingEnumeration answer = ctx.search("ou=people,dc=test,dc=com", filter, ctls);
       formatResults(answer);
       ctx.close();
  When we search on the added attributes (like currentsession count) it works
  fine. For this we had to enable index in OID on this field. But this is
  not possible for the default attributes. OID does not provide a way to
  enable indexing on these attributes. Could someone please let us know
  how we can search on default attributes ?
  Regards
  Rahul
  Edited by: Rahul_Sonawale on Oct 17, 2008 4:26 AM

  Thanks Rajiv for reply.
  I had read that thread before posting this. However, this is lightly different.
  From other sites I can see that if it's caused by indexing, the error msg would say so and also tell you which attribute it is.
  Some one suggested it's OID dropping the database connections intermittantly and should check both CRS ORACLE_HOME and RDBMS ORACLE_HOME have SQLNET.EXPIRE_TIME set and check the TNS and alert logs on the DB side for any other possible connection failure.
  From some OID log we do see it has lost database connection:
  OID logs in /u01/oid/oid_inst/diagnostics/logs/OID/oid1 :
  ConnID:76 mesgID:2 OpID:1 OpName:search ConnIP:10.244.87.239 ConnDN:cn=policyrwuser,cn=users,dc=us,dc=oracle,dc=com
  [gsldecfsFetchEntries] ORA error 3135: ORA-03135: connection lost contact
  Process ID: 29973
  Session ID: 164 Serial number: 3
  I should post another thread for oid lost db connection.

• Error : LDAP Error code 32 - in shared services export operation

  Hi everyone !
  I m using MS Active Directory in my Shared services for external authentication.
  while exporting provisioning for all users against project:applications , it is not working
  Trace error is :
  2010-05-26 16:43:58,988 Export : Root cause : [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
       'OU=NJ - Users,OU=CLI - NJ,DC=cli,DC=ad'
  suggestions are highly appreciated
  Thank you
  Edited by: user11966901 on May 27, 2010 2:43 AM

  Below is the solution we got when we had kind of same issue:
  Steps To Reproduce:
  Install the OIM AD base connector version 9.1.0
  Upgrade the Connector to OIM 9.1.0.1 version using Patch 7553764
  Provision a user from OIM to AD.
  Cause
  The OIM 9.1.0.1 patch contains a fix that can handle special characters in the process form. But there is special character like hyphen (-) in Root Context value (for example: 'OU=X-Test OU,DC=mydomain,DC=com' ) inthe IT Resource it causes provisioning to fail.
  Solution
  In this case the user is being provisioned to a Organization called 'X-Test OU' under the mydomain.com domain in the AD. There is Lookup called 'Lookup.ADReconciliation.Organization' which is populated using the Schedule task called "AD Organization Lookup Recon". This lookup is also used in the AD User
  Process Form for populating the Organization Field.
  -- To implement the solution, please execute the following steps::
  Edit the Root Context value in the IT Resource to point above the OU=X-Test OU organization. So it looks like dc=mydomain,dc=com.
  Run the Schedule task called "AD Organization Lookup Recon" by providing dc=mydomain,dc=com value to Search Base parameter in the schedule task. This recon would populate the 'Lookup.ADReconciliation.Organization'.
  Now provision a user to AD resource and in the process form selected the OU=X-Test OU as the Organization.
  This way the user gets successfully provisioned and gets created under the 'OU=X-Test OU,DC=mydomain,DC=com'
  Cheers....!!!

• SGD-AD "LDAP error code 49"

  Dear all,
  I saw the following error in the server-login log file:
  2007/07/24 15:15:03.098 (pid 2698) server/login/moreinfo #1185261303098
  Loaded class com.sco.tta.server.login.LdapLoginAuthority: {
  LDAPRoot=.../_ldapmulti/forest/
  accountEnabledChecked=false
  anonLogin=false
  attemptPasswordChange=true
  generalLdapProfileName=.../_ens/o=Tarantella System Objects/cn=LDAP Profile
  mustChangePasswordResult[0]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 701
  mustChangePasswordResult[1]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 773
  mustChangePasswordResult[2]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 773
  mustChangePasswordResult[3]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 773
  name=com.sco.tta.server.login.LdapLoginAuthority
  propAccEnabled=scottaaccountenabled
  userMustChangePasswordResult=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 773
  userPasswordExpiredResult=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 701
  version=4.31.905
  What should i do in my SGD server ?
  What should i do in my AD server ?
  What is the solution to resolve the error ?
  Appreciate any help given.

  Hi,
  I am also getting the same error. Please let me explain what i have encountered.
  In the active directory (version 2003), the administrator has limited the user to login to only his workstation. This has been set by putting his workstation host name or IP (which is allowed to accessed by the user) into a "log on to" list (at the user level) in Active Directory.There is another option if the administrator allow the user to be able to log on to any workstation, that is by checking the "log on to all computer" check box at that particular user id.
  When my user has been set to "log on to all computer", i don't encounter the error message i.e. error code 49, as mentioned in the subject of this topic. However, when a particular user has been limited to only access to his own workstation, the error appears. However, if the Active Directory server host name or IP has been added into the "log on to" list, the authentication is successful.
  My application is actually running on an application server and the user is using Internet Explorer to login to my application from his workstation. And also, the application server has been joined to the same domain as the Active Directory server. My question is, is it a must that the Active Directory server name be added to the "log on to" list of that particular user in order for it to be authenticated by Active Directory? Does anyone has any ideas why this is happening? I definitely don't want to add the AD server name into the list as this will give the user rights to login to the AD server. Any advise would be of great help. Thanks a million in advance.

• [LDAP: error code 49 - Invalid Credentials]

  New to OID. Using Jdev 10.1.3 and then have following code. user is apenlast and password is penlast2.
  I want to get all the attributes for this user from OID. But I keep getting this error.
  javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
  Actually from SSO login screen, if I try login using apenlast/penlast2 I can successfully login to OID. Then why this error from code ??
  InitialDirContext ctx1 = ConnectionUtil.getDefaultDirCtx
  ( "ormi://br-dev3.fjcs.net:399",
  "389",
  "cn=apenlast",
  "penlast2" );
  System.out.println("TTTTTTTTTTTTTTTTTTTTT "+ctx1.getAttributes("uid"));

  probably you're not using using the fully qualified DN.
  the users are stored by default under cn=users,dc=yourDOMAIN
  so u should try cn=apenlast,cn=users,dc=yourDOMAIN.
  regards,
  --Olaf