User Provisioning Profile Problem
There’s problem in OID provisioning to Oracle E-Business where the user profile that created in OID was not populated to the FND_USER table. Previously it was working as normal and when I check the ODISRV process status. the process was up and running without error.
Is kind of tricky to troubleshoot the provisioning profile problem, so I enable the ODISRV trace by referring enable ODISRV trace for DIP provisioning.
Once the trace was set, I have analyze the log file generated which was ORACLE_cn=Common,cn=Products,cn=OracleContext_E.aud.
User Provisioning Troubleshooting
============Event ID : 543930 - (IDENTITY_ADD)============ Source : cn=orcladmin Time : 20091112024516z Object Name: oracle_user Object Type: Object GUID: 6823887E27002999E0446E3000000000 Object DN : cn=oracle_user,cn=Users,dc=houston,dc=hp,dc=com AttrName - OpType - Value ------------------------------------------- cn - ADD - oracle_user sn - ADD - oracle_user givenname - ADD - oracle_user objectclass - ADD - person objectclass - ADD - organizationalPerson objectclass - ADD - inetOrgPerson objectclass - ADD - top objectclass - ADD - orclUserV2 uid - ADD - oracle_user mail - ADD - user@oracle-business.com ------------------------------------------- STATUS CODE: -31202 STATUS MSG : ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials. Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired . Please contact the Administrator to change your password. DISPOSITION: EVENT_ERROR
There is possibility the password was expired for OID to connect to Oracle E-Business Suite. To confirm this follow the steps as below: -
#Connect TO E-Business DATABASE AND GET the credential AS below SELECT fnd_preference.GET('#INTERNAL', 'LDAP_SYNCH','USERNAME') Apps_Instance_OID_Account FROM dual; SELECT fnd_preference.eget('#INTERNAL', 'LDAP_SYNCH','EPWD','LDAP_PWD') Apps_Password FROM dual;
Run the ldapbind command to check the credential validity with the information obtain for the query above.
ldapbind -D "<Apps Instance OID Account>" -w <Apps Password> -h <OIDserver> -p <OIDport> #Example of the ldapbind credential check command ldapbind -D "orclApplicationCommonName="ORACLE",cn="EBusiness",cn=Products, \ cn=OracleContext,dc=houston,dc=provisioning,dc=com" \ -w password -h oracle.provisioning.com -p 3060 ldap_bind: Invalid credentials ldap_bind: additional info: Password Policy Error :9000: GSL_PWDEXPIRED_EXCP : Your Password has expired. Please contact the Administrator to change your password.
Login to Oracle Directory Manager (ODM) and navigate the “Entry Management” by reversed the path of Apps Instance OID Account. You notice the date in pwdgraceusetime is over and that means the password has expired.
To solve the credential issue, update the “userpassword” field for this entry and it can be set to the existing value if required.
Click the “Apply” button to save this change. This immediately stores the new password, so you can redo the “ldapbind” test and it will succeed this time with “bind successful” message.
Related Posts
- Enable ODISRV Trace For DIP Provisioning
- OID LDAP Provisioning Log Management
- Oracle LDAP Query Search
- Oracle User Responsibility Script
PreviousNext» LDAP Attribute Password
Leave a Comment- Trackback: LDAP Attribute Password | The Guru Network
Join the over 2,000 people who get free and fresh knowledge as soon as it’s published.
We respect your email privacy.
We promise never to rent, sell or share information we collect because that would be a violation of everything we stand for.
Period.
September 22, 2011 7:55 am
Thanks a lot for this post. I got similar issue today and dba / metalink were of no much help (ORA-31208: DBMS_LDAP: PL/SQL – Invalid LDAP Message.).
Now issue got resolved. Thanks again