Logo Background

User Provisioning Profile Problem

  • By on November 24, 2009 | 2 Comments

    There’s problem in OID provisioning to Oracle E-Business where the user profile that created in OID was not populated to the FND_USER table. Previously it was working as normal and when I check the ODISRV process status. the process was up and running without error.

    Is kind of tricky to troubleshoot the provisioning profile problem, so I enable the ODISRV trace by referring enable ODISRV trace for DIP provisioning.

    Once the trace was set, I have analyze the log file generated which was ORACLE_cn=Common,cn=Products,cn=OracleContext_E.aud.

    User Provisioning Troubleshooting

    ============Event ID : 543930 - (IDENTITY_ADD)============
    Source     : cn=orcladmin
    Time       : 20091112024516z
    Object Name: oracle_user
    Object Type:
    Object GUID: 6823887E27002999E0446E3000000000
    Object DN  : cn=oracle_user,cn=Users,dc=houston,dc=hp,dc=com
    AttrName     -      OpType     -     Value
    cn    -     ADD    -     oracle_user
    sn    -     ADD    -     oracle_user
    givenname    -     ADD    -     oracle_user
    objectclass    -     ADD    -     person
    objectclass    -     ADD    -     organizationalPerson
    objectclass    -     ADD    -     inetOrgPerson
    objectclass    -     ADD    -     top
    objectclass    -     ADD    -     orclUserV2
    uid    -     ADD    -     oracle_user
    mail    -     ADD    -     user@oracle-business.com
    STATUS CODE: -31202
    STATUS MSG : ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials. 
    Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired
    . Please contact the Administrator to change your password.

    There is possibility the password was expired for OID to connect to Oracle E-Business Suite. To confirm this follow the steps as below: –

    #Connect TO E-Business DATABASE AND GET the credential AS below
    SELECT fnd_preference.get('#INTERNAL', 'LDAP_SYNCH','USERNAME') 
    Apps_Instance_OID_Account FROM dual;
    SELECT fnd_preference.eget('#INTERNAL', 'LDAP_SYNCH','EPWD','LDAP_PWD') 
    Apps_Password FROM dual;

    Run the ldapbind command to check the credential validity with the information obtain for the query above.

    ldapbind -D "<Apps Instance OID Account>" -w <Apps Password> -h <OIDserver> -p <OIDport> 
    #Example of the ldapbind credential check command
    ldapbind -D "orclApplicationCommonName="ORACLE",cn="EBusiness",cn=Products, \
    cn=OracleContext,dc=houston,dc=provisioning,dc=com" \
    -w password -h oracle.provisioning.com -p 3060
    ldap_bind: Invalid credentials
    ldap_bind: additional info: Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :
    Your Password has expired. Please contact the Administrator to change your password.

    Login to Oracle Directory Manager (ODM) and navigate the “Entry Management” by reversed the path of Apps Instance OID Account. You notice the date in pwdgraceusetime is over and that means the password has expired.

    To solve the credential issue, update the “userpassword” field for this entry and it can be set to the existing value if required.

    Click the “Apply” button to save this change. This immediately stores the new password, so you can redo the “ldapbind” test and it will succeed this time with “bind successful” message.

    » LDAP Attribute Password
  1. #1 anil gupta
    September 22, 2011 7:55 am

    Thanks a lot for this post. I got similar issue today and dba / metalink were of no much help (ORA-31208: DBMS_LDAP: PL/SQL – Invalid LDAP Message.).

    Now issue got resolved. Thanks again

    Post ReplyPost Reply
Leave a Comment