There’s problem in OID provisioning to Oracle E-Business where the user profile that created in OID was not populated to the FND_USER table. Previously it was working as normal and when I check the ODISRV process status. the process was up and running without error.
Is kind of tricky to troubleshoot the provisioning profile problem, so I enable the ODISRV trace by referring enable ODISRV trace for DIP provisioning.
Once the trace was set, I have analyze the log file generated which was ORACLE_cn=Common,cn=Products,cn=OracleContext_E.aud.
User Provisioning Troubleshooting
============Event ID : 543930 - (IDENTITY_ADD)============
Source : cn=orcladmin
Time : 20091112024516z
Object Name: oracle_user
Object GUID: 6823887E27002999E0446E3000000000
Object DN : cn=oracle_user,cn=Users,dc=houston,dc=hp,dc=com
AttrName - OpType - Value
cn - ADD - oracle_user
sn - ADD - oracle_user
givenname - ADD - oracle_user
objectclass - ADD - person
objectclass - ADD - organizationalPerson
objectclass - ADD - inetOrgPerson
objectclass - ADD - top
objectclass - ADD - orclUserV2
uid - ADD - oracle_user
mail - ADD - email@example.com
STATUS CODE: -31202
STATUS MSG : ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials.
Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired
. Please contact the Administrator to change your password.
There is possibility the password was expired for OID to connect to Oracle E-Business Suite. To confirm this follow the steps as below: –
#Connect TO E-Business DATABASE AND GET the credential AS below
SELECT fnd_preference.get('#INTERNAL', 'LDAP_SYNCH','USERNAME')
Apps_Instance_OID_Account FROM dual;
SELECT fnd_preference.eget('#INTERNAL', 'LDAP_SYNCH','EPWD','LDAP_PWD')
Apps_Password FROM dual;
Run the ldapbind command to check the credential validity with the information obtain for the query above.
ldapbind -D "<Apps Instance OID Account>" -w <Apps Password> -h <OIDserver> -p <OIDport>
#Example of the ldapbind credential check command
ldapbind -D "orclApplicationCommonName="ORACLE",cn="EBusiness",cn=Products, \
-w password -h oracle.provisioning.com -p 3060
ldap_bind: Invalid credentials
ldap_bind: additional info: Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :
Your Password has expired. Please contact the Administrator to change your password.
Login to Oracle Directory Manager (ODM) and navigate the “Entry Management” by reversed the path of Apps Instance OID Account. You notice the date in pwdgraceusetime is over and that means the password has expired.
To solve the credential issue, update the “userpassword” field for this entry and it can be set to the existing value if required.
Click the “Apply” button to save this change. This immediately stores the new password, so you can redo the “ldapbind” test and it will succeed this time with “bind successful” message.
Next» LDAP Attribute Password