Setting up LDAP for authentication to portal:default property set named "ldap

Similar Messages

• WLC connect LDAP for Authentication, but could not connect to server

  Hi Everyone, I got a problem when I use WLC 5508 connect to LDAP for authentication, but no luck there, it's a simple config, but not easy to work on my job, I got the following messgae:
  Service Port - Not connected
  Distrubution port include:
       Management Interface - in AP Management VLAN - 30
       Student AP interface - in Student VLAN - 20
       Staff AP interface - in Staff VLAN - 10
  AD is in Staff VLAN - 10
  WLC LDAP Server setting
  Base DN:OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
  User Attribute: sAMAccountName
  User Object Type: Person
  Debug aaa all enable message
  *LDAP DB Task 1: Jul 09 01:40:58.969: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
  *LDAP DB Task 1: Jul 09 01:41:00.969: ldapInitAndBind [1] configured Method Anonymous lcapi_bind (rc = 1005 - LDAP bind failed)
  *LDAP DB Task 1: Jul 09 01:41:00.969: ldapClose [1] called lcapi_close (rc = 0 - Success)
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to IDLE
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to RETRY
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP_OPT_REFERRALS = -1
  WLC GUI Log:
  *LDAP DB Task 1: Jul 09 02:56:13.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  *LDAP DB Task 1: Jul 09 02:56:11.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  *LDAP DB Task 1: Jul 09 02:56:09.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  LDP Message of LDAP BaseDN:
  Expanding base 'CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk'...
  Result <0>: (null)
  Matched DNs:
  Getting 1 entries:
  >> Dn: CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
  4> objectClass: top; person; organizationalPerson; user;
  1> cn: Frankie F. Yeung;
  1> sn: Yeung;
  1> givenName: Frankie;
  1> initials: F;
  1> distinguishedName: CN=Frankie F. Yeung,OU=OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
  1> instanceType: 0x4 = ( IT_WRITE );
  1> whenCreated: 8/10/2011 10:28:14 China Standard Time China Standard Time;
  1> whenChanged: 8/10/2011 10:31:26 China Standard Time China Standard Time;
  1> displayName: Frankie F. Yeung;
  1> uSNCreated: 3850555;
  1> uSNChanged: 3850571;
  1> name: Frankie F. Yeung;
  1> objectGUID: 6ebfc7e9-6989-4f11-bae7-62c23af67edc;
  1> userAccountControl: 0x10200 = ( UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD );
  1> badPwdCount: 0;
  1> codePage: 0;
  1> countryCode: 0;
  1> badPasswordTime: 0;
  1> lastLogoff: 0;
  1> lastLogon: 0;
  1> pwdLastSet: <ldp error <0x0>: cannot format time field;
  1> primaryGroupID: 513;
  1> objectSid: S-1-5-21-3867848445-1581729766-1247451615-2172;
  1> accountExpires: <ldp error <0x0>: cannot format time field;
  1> logonCount: 0;
  1> sAMAccountName: fckyeung;
  1> sAMAccountType: 805306368;
  1> userPrincipalName: [email protected];
  1> objectCategory: CN=Person,CN=Schema,CN=Configuration,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
  Hope I can resolve this problem ASAP, thanks!

  Your AD is in the Staff Vlan so maybe the WLC uses the Staff interface instead of management to contact the AD. I don't know how you sniffed exactly.
  The comment about eap methods you saw is when you use LDAP with dot1x security. It is the same as saying "You cannot do peap-mschapv2 or eap-fast-mschpv2 with LDAP".
  But you can do LDAP for web authentication, that has no eap methods.
  Your original problem was a binding problem from the WLC, so we can expect that the WLC really is sending traffic towards AD.

• External LDAP for authentication

  Hi All,
  I want to use external ldap for authentication purpose with Access Manager.
  I tried adding this external ldap as a secondary ldap but couldn�t succeed.
  If I add this ldap in the primary ldap along with the AM�s own ldap, this also fails to authenticate users from the external ldap.
  How can I achieve this?
  I read many topics in this forum regarding this but none of them explain how it can be achieved.
  Please suggest.
  Thanks in advance.

  This is what the amconsole log says:
  ERROR: ConsoleServletBase.onUncaughtException
  java.lang.NullPointerException
       at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.constructFilter(LDAPv3Repo.java:3126)
       at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.search(LDAPv3Repo.java:1996)
       at com.iplanet.am.sdk.AMDirectoryManager.search(AMDirectoryManager.java:1938)
       at com.sun.identity.idm.AMIdentityRepository.searchIdentities(AMIdentityRepository.java:221)
       at com.sun.identity.console.idm.model.EntitiesModelImpl.getEntityNames(EntitiesModelImpl.java:139)
       at com.sun.identity.console.idm.EntitiesViewBean.getEntityNames(EntitiesViewBean.java:222)
       at com.sun.identity.console.idm.EntitiesViewBean.beginDisplay(EntitiesViewBean.java:177)
       at com.iplanet.jato.taglib.UseViewBeanTag.doStartTag(UseViewBeanTag.java:149)
       at jsps.console._idm._Entities_jsp._jspService(_Entities_jsp.java:86)
       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
       at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
       at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
       at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
       at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:382)
       at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
       at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
       at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:133)
       at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:149)
       at com.sun.identity.console.idm.HomeViewBean.forwardTo(HomeViewBean.java:109)
       at com.sun.identity.console.realm.RealmPropertiesBase.nodeClicked(RealmPropertiesBase.java:90)
       at com.sun.web.ui.view.tabs.CCTabs.handleTabHrefRequest(CCTabs.java:129)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
       at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
       at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
       at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
       at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
       at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:787)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at com.sun.mobile.filter.AMLController.doFilter(AMLController.java:163)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)

• AD LDAP for Authentication but ABAP or IDM for Role Assignments

  Hi Portal Gurus,
  Is it possible to configure the UME in such as way so that it connects to the AD for authentication purposes but uses the CUA or SAP Identity Manager for role assignments?
  Thanks,
  Vibhu

  Hi,
  Thanks for the suggestion. But ours was a different problem.
  The issue was with a faulty reconciliation job that had been fixed. But it had done its damage before the fix and this caused the inconsistent behavior.
  During the reconciliation job (to update changed and add new backend roles in IDM) various task trigger attributes get disabled and then re-enabled after the import. These disabled triggers did not get re-enabled for the privileges on some systems. And the reconciliation job was also delta enabled, so only new privileges, after the initial load, should have been impacted. But impact to many privileges -- all privileges of some target systems -- misled our investigation. The timing of the reconciliation job executions kind of added to the confusion and inconsistencies during the initial setup. But we finally tracked this down and wrote a custom job to fix the triggers for only the affected privileges. Assignments to all systems started to function successfully as expected.
  Best regards,
  Ashok

• LDAP for authentication

  Hey Guys,
  I noticed that when a group memebership change sin LDAP, it takes some time for the changes showup on the portal. I think that the portal caches the LDAP membership and refreshes it from time to time. Does anybody what the default value is? And is there a way to chnage this frequency of refresh?
  Thank You
  Madhavi

  Madhavi,
  Default timeout is 2.5 mins(150000 ms). You can set the PageTimeout property in Page Editor.. For more information, pls take a look at the following link.
  http://help.sap.com/saphelp_nw04/helpdata/en/b4/12083e7623445ae10000000a11405a/frameset.htm
  In your case, you can check the par file and change the setting..
  Hope, this helps
  Jojo

• Regarding SAP CUA vs Corporate LDAP for authentication purposes

  Hello All:
     Could anyone please give more information about SAP CUA and the corporate LDAP? Please suggest which is more advantageous and what is the cost involved in each of these. These are the options for the authentication of SAP Enterprise Portal in our system here. We want to figure out which has more advantages over the other one.
  Thanks,
  LBuegg

  Hello all,
     Appreciate your response for this query. We need to figure out the options soon. Its kind of urgent.
  Thanks again..
  L Buegg.

• Setting Session Timeout for HANA Cloud Portal

  Hi all,
  is there any way for setting the session timeout period on HANA cloud Portal?
  If not, what is the predefined session timeout?
  Thank you in advance.
  Silvia Grabmann

  Hi Silvia,
  Session timeout is 20 minutes and cannot be changed. In fact it is configured at the platform level.
  Regards,
  Ifat.

• Help   Save for Web problem    PE9  default gif setting

  I have a 64 bit PC with Windows 7. PE9 and problem is when I "Save for Web" as a jpg....everytime I save a file it defaults back to the gif everytime. I want the default to be JPG!!  I never use gif for anything.  Pain in the rear to change the drop and setting to jpg everytime. I have a call tag in with no help yet, and have reinstalled PE9.Thanks in advance. Ray

  It’s usually due to incorrect permissions settings on the OS.
  Open Windows Explorer and navigate to:
  C:\Program Files\Adobe
  Locate the Photoshop Elements 9 folder (the one with the blue PSE logo)
  Right click on that folder and choose Properties - then click the security tab and make the following changes:
  1. Click on the edit button to change permissions.
  2. Click Add and type the word “Everyone” in the Object names Box (without the quotation marks) and click OK.
  3. Under group/User Names select everyone so that it becomes highlighted.
  4. Put a check mark in the box against Allow Full Control and click Apply.
  N.B. for Windows 64 bit navigate to Program Files (x86)
  PSE should now remember you last settings rather than reverting to the default settings.

• OWSM won't connect to ldap for authentication in policy

  System: 10.1.3 on Windows with SOA Suite
  I've got a web service deployed, got OWSM running, have registered the web service with a gateway component and have built a basic policy (just to log) in the Pipeline "request" and Pipeline "Response" parts of the governing policy; this basic policy works correctly. However, when I try to add an "Ldap Authenticate" step to the Pipeline "Request" part of the policy, OWSM doesn't seem to really try to connect to the LDAP. I have tried two LDAPs (Lotus Notes and OID) that are operational - I can access both of them via command line using the same credentials with which I configured the "Ldap Authenticate" step. Yet, when I invoke the web service with the "Ldap Authenticate" step configured in the policy I get the following exception:
  A fault was thrown in the step Client.AuthenticationFault:Invalid username or password
  I'm pretty dang sure I have entered the correct credentials in the "Ldap Authenticate" configuration (I checked it 45,000 times) - it seems that OWSM really isn't trying to connect to the LDAPs - and there's no logging that I've found that will tell me what it's really trying to do.
  Anyone have any hints or know what's going on?

  I have the same problem.
  With the help of Vikas's instuctions for changing log level I could log the gateway's activities:
  security.WSBasicCredsExtractor - Element Value:farbod
  security.WSBasicCredsExtractor - Element Value:mypassword
  security.WSBasicCredsExtractor - Successfully retrieved username and password
  security.WSBasicCredsExtractor - Removing the UsernameToken Header
  ldap.DirContextHolder - Creating new directory context
  ldap.LDAPAuthenticatorStep - Failed to connect to ldap server.
  I am unsure whether my LDAP settings in OWSM are correct:
  my server name is nfsserver.com(OID Server) and I have this user in OID:
  cn=farbod,cn=Users,dc=nfsserver,dc=com
  so I think these settings should work:
  LDAP host (*)      nfsserver
  LDAP port (*)      389      
  User objectclass (*)      inetOrgPerson      
  LDAP baseDN (*)      cn=Users,dc=nfsserver,dc=com
  LDAP adminDN (*)      cn=orcladmin,cn=Users,dc=nfsserver,dc=com
  LDAP admin password      ******          
  LDAP admin login enabled (*)      true
  Uid Attribute (*)      string      uid      
  User Attributes to be retrieved      uid
  Is the bold part correct?
  Regards
  Farbod

• User Property Sets / UUP -- not showing up

  Hi. We are having problems getting any portal user property sets to show up in any environment other than our dev boxes. We are running 10.2. Our environment consists of our dev workstations, a dev server in 'development' mode, a stage server in 'production' mode, and a production server in 'production' mode.
  On our development boxes, we see the following property sets from the portal admin:
  Groupspace
  CustomerProperties
  BusinessUserProperties
  BusinessEmployeeProperties
  The latter 2 are our UUP property sets. As I said, these sets appear on our dev boxes, but from what I understand, that is expected because the EAR is exploded when published on a dev box.
  Consultants developed much of this portal application for us, including the uup property sets, and they are backing away and not offering any help in this matter. They simply said to use the propegation tools. I used the propegation tool to merge my dev box inventory and our development server inventory, and the differences did indicate the 4 property sets listed above. I selected to add only those 4 property sets to the dev server, exported the merged inventory, and exported it to our dev server with no errors. However, still no property sets showed up. I then pulled down another inventory from our dev server, and it indicated that it still did not have the property sets. I repeated this cycle once more to no avail.
  Things that are confusing to me are:
  1) The 'Groupspace' and 'CustomerProperties' sets appear to be portal default property sets. Wouldn't they be expected to exist in all environments?
  2) I thought that I read if the server you are deploying the EAR to is in 'development' mode, then the property sets should be moved over when deploying the EAR normally. I may be wrong about this as I am on information overload trying to learn these portal aspects under a time crunch.
  3) Where in the portal database are the propertysets themselved defined? I can see the 'PROPERTY_KEY' and 'PROPERTY_VALUE' tables which handle storing the user properties themselves, but I don't see any tables which would define a property set.
  Thanks in advance for any insights to this issue. It is making my week really tough.

  1st, I recommend posting in the WebLogic Portal forum:
  WebLogic Portal
  2ndly, I recommend opening a support case to get assistance if you are under a time crunch.

• Retrieve parameters from LDAP using authentication module

  I have existing LDAP that contains organization people and their attributes. I have several web applications that use existing LDAP for authentication and authorization. My goal is to deploy single sign-on with openSSO so that users are authenticated against existing LDAP. Changing of the existing LDAP is forbidden.
  I deployed newest stable OpenSSO and Apache2 + newest policy agents to web service servers.
  OpenSSO server uses LDAP authentication module to authenticate users against existing LDAP. It uses flat file data repository and realm attributes -> user profile is ignored.
  This basic setup works fine. The next step is to integrate existing web applications to single sign-on system. The authentication part works fine. I just disabled old mechanism from web applications that did the LDAP authentication. OpenSSO and Apache Policy agent are handling that part.
  The existing web applications are still querying existing LDAP other attributes there than uid and userpassword. Is it possible to configure OpenSSO to forward LDAP attributes to web application as cookie or header value? Or is the forwarding feature only for attributes in Data Store?
  If the forwarding is not possible what is the next best alternative ?

  OpenSSO forum is quite silent so I'm back with you guys.
  I managed to solve the agent error log problem I mentioned before. The problem was about nonexisting attributes in AMAgent.properties com.sun.am.policy.agents.config.profile.attribute.map. I removed extra attributes and the authentication against LDAP started to work again.
  The problem is that no attributes are forwarded from LDAP to web application. I have tried HTTP_COOKIE and HTTP_HEADER settings in AMAgent.properties and com.sun.am.policy.agents.config.profile.attribute.map is set to cn|common-name,mail|email.
  My LDAP looks like this:
  # testuser, pollo.fi
  dn: cn=testuser,dc=pollo,dc=fi
  cn: testuser
  objectClass: organizationalPerson
  objectClass: inetOrgPerson
  givenName: Test
  sn: User
  ou: People
  uid: testuser
  mail: [email protected]
  And my datastore configuration:
  LDAP server->localhost:389
  LDAP bind DN->cn=admin,dc=pollo,dc=fi
  LDAP organization DN->dc=pollo,dc=fi
  Attribute name mapping->empty
  LDAP3 Plugin supported types and operations->agent,group,realm,user all read,create,edit,delete
  LDAP3 Plugin search scope->scope_sub
  LDAP Users Search Attribute->uid
  LDAP Users Search Filter->(objectclass=inetorgperson)
  LDAP User Object Class->organizationalPerson
  LDAP User Attributes->uid, userpassword
  Create User Attribute Mapping->empty
  Attribute Name of User Status->inetuserstatus
  User Status Active Value->Active
  User Status Inactive Value->inactive
  LDAP Groups Search Attribute->cn
  LDAP Groups Search Filter->(objectclass=groupOfUniqueNames)
  LDAP Groups container Naming Attribute->ou
  LDAP Groups Container Value->groups
  LDAP Groups Object Class->top
  LDAP Groups Attributes->cn,description,dn,objectclass
  Attribute Name for Group Membership->empty
  Attribute Name of Unqiue Member->uniqueMember
  Attribute Name of Group Member URL->memberUrl
  LDAP People Container Naming Attribute->ou
  LDAP People Container Value->people
  LDAP Agents Search Attribute->uid
  LDAP Agents Container Naming Attribute->ou
  LDAP Agents Container Value->agents
  LDAP Agents Search Filter->(objectClass=sunIdentityServerDevice)
  LDAP Agents Object Class->sunIdentityServerDevice,top
  LDAP Agents Attributes->empty
  Identity Types That Can Be Authenticated->Agent,User
  Authentication Naming Attribute->uid
  Persistent Search Base DN->dc=pollo,dc=fi
  Persistent Search Filter->(objectclass=*)
  Persistent Search Maximum Idle Time Before Restart->0
  Should I enable some setting still to get the forwarding going on? Any ideas for debugging?

• How to set nondefault directory for SQL Developer on Citrix (terminal)

  Hi
  My purpose is that , when I click"open" button on SQL Developer I hope it prompts out a defined diretory rather than the default one.The problem here is I'm using Citrix paltform in the terminal end and hence I don't authorization to do any modification on the C:\ drive (server end)
  I got this guide lines from the tutorial but I can reset the rying directory by either way.
  To specify a nondefault SQLDEVELOPER_USER_DIR location, do either of the
  following:
  ■ Set the SQLDEVELOPER_USER_DIR environment variable to specify another
  directory path.
  ■ Edit the <sqldeveloper_
  install>\sqldeveloper\sqldeveloper\bin\sqldeveloper.conf file
  and substitute the desired directory path for SQLDEVELOPER_USER_DIR in the
  following line:
  SetUserHomeVariable SQLDEVELOPER_USER_DIR
  1.After I execute below command on cmd, the variavle has been set but still it navigates to the default directory:
  set SQLDEVELOPER_USER_DIR=U:\sql
  2.I want to modify the "sqldeveloper.conf " file but since it is located in C: drive I don't have right to modify it.(I'm using terminal as stated above)
  Could anyone help me out ??
  Ella

  Ella,
  You don't say which version of SQL Developer you are using via Citrix, but just setting the SQLDEVELOPER_USER_DIR hasn't worked for a long time (see Re: SQLDEVELOPER_USER_DIR does not function anymore). Also, since version 1.5, the default for the user directory (now set via ide.user.dir as shown below) is under the user profile area (relative to %APPDATA%), which you should be able to write to, even on Citrix.
  Assuming that neither of those help, you will need to get whoever installed SQL Developer on the Citrix C: drive to modify the sqldeveloper.conf to have a line like, where the path exists for everyone who will be using the shared SQL Developer (assumes everyone has a H: drive):
  AddVMOption -Dide.user.dir=H:\sqldeveloperAn alternative (depending on how you start SQL Developer via Citrix), is to create your own shortcut to start SQL Developer with something like:
  sqldeveloper -J-Dide.user.dir="%SQLDEVELOPER_USER_DIR%"theFurryOne

• How can you set a ringtone for unknown numbers

  How can you set a ringtone for unknown numbers?

  You can set up each one of your contacts with a ringtone and use the default for all other unknown numbers. There is no way to set up a ringtone for unknown numbers.

• HT3529 How do I set a signature for text messages?

  How do I set a signature for text messages?

  You can set a signature in Mail but not in Messages.

• ORA-02069: global_names parameter must be set to TRUE for this operation

  I have 10g database and a schema 'TMAPP'
  And I have two table in TMAPP as
  create table user_menu_privs
  company_code           varchar2(5),
  bu_code      varchar2(12),
  user_group      varchar2(30),
  user_group_type      varchar2(1),
  menu_option_code number(5),
  enabled varchar2(1),
  query_only varchar2(1),
  default_lang varchar2(3),
  created_by      varchar2(10),
  created_on      date,
  updated_by      varchar2(10),
  updated_on      date,
  constraint pk_user_menu_privs primary key (company_code,bu_code,user_group,user_group_type,menu_option_code),
  constraint fk_user_menu_privs foreign key (company_code,bu_code,user_group,user_group_type)
  references user_group(company_code,bu_code,user_group,user_group_type)
  create table user_dst
  company_code           varchar2(5),
  bu_code      varchar2(12),
  userid varchar2(10),
  user_group      varchar2(30) ,
  user_group_type      varchar2(1) ,
  font_size      number(2) ,
  font_name      varchar2(100) ,
  address_id number(10),
  created_by      varchar2(10),
  created_on      date,
  updated_by      varchar2(10),
  updated_on      date,
  constraint pk_user_dst primary key (company_code,bu_code,userid,user_group,user_group_type),
  constraint fk_user_dst foreign key (company_code,bu_code,user_group,user_group_type)
  references user_group(company_code,bu_code,user_group,user_group_type)
  I have another database 11g with a schema TMAPP.
  Here I have created a database link 'to_dev' is connecting to the 10g db
  using this I can connect and see the data from 10g TMAPP
  I have created two views
  create or replace view user_menu_privs as
  select *
  from user_menu_privs@to_dev
  where user_group in
  (select user_group from user_dst
  where user_group_type='F');
  create or replace view user_dst as
  select * from user_dst@to_dev;
  and I executed
  delete from user_menu_privs
  where menu_option_code=108;
  I am getting the error
  ORA-02069: global_names parameter must be set to TRUE for this operation
  after that I set the global_names in 11g as TRUE
  then I am getting another error as
  ORA-02085: database link TO_DEV connects to DEV.REGRESS.RDBMS.DEV.US.ORACLE.COM -- that means link is not wokring
  Please help
  Dennis
  Edited by: DJ on Mar 13, 2012 5:49 AM
  Edited by: DJ on Mar 13, 2012 5:51 AM
  Edited by: DJ on Mar 13, 2012 5:53 AM
  Edited by: DJ on Mar 13, 2012 5:55 AM
  Edited by: DJ on Mar 13, 2012 5:56 AM

  OP wrote
  >
  But you said
  create a database link in 11g database with 11g database global name and put 11g database global_name=true.
  and put 10g database golba_name=false;
  >
  That isn't what I said at all. Reread my first reply. The first part is a copy of what you had stated.
  >
  ORA-02069: global_names parameter must be set to TRUE for this operation
  after that I set the global_names in 11g as TRUE
  >
  And then I said
  >
  That is because when global_names is TRUE, the database link name MUST be same as the global db name of the database to which the link connects to.
  You need to drop the database link and recreate it using the global name of the database it connects to.
  'link name MUST be same as the global db name of the database to which the link connects to.' - I didn't say 11g.
  And I didn't say 'put 11g database global_name=true' because you had already done that! 'after that I set the global_names in 11g as TRUE.
  1. 11g - global_names MUST be TRUE
  2. 11g - database link name MUST be the same as the global db name of the database to which the link connects to - 10g global db name
  3. 10g - gloibal_names setting is irrelevant