12c Cloud Control: Auto-Provisioning Fails for Certain LDAP Users due to Which Login to Console Fails
(Doc ID 1635786.1)
Last updated on NOVEMBER 22, 2019
Applies to:
Enterprise Manager Base Platform - Version 12.1.0.1.0 to 12.1.0.3.0 [Release 12.1]Information in this document applies to any platform.
Symptoms
OMS has been configured for Active Directory LDAP authentication using the below command:
emctl config auth ad -ldap_host ldaphost.domain -ldap_port <PORT> \
-ldap_principal "${LDAP_PRINCIPLE}" -ldap_credential "${PRINCIPLE_PWD}" \
-user_base_dn "${USER_BASE_DN}" -group_base_dn "${GROUP_BASE_DN}" \
-sysman_pwd "${SYSMAN_PWD}"
This allows almost all LDAP users to login to the 12 Cloud Console successfully but fails for few users (for example: 123456). All the users are part of the same USER_BASE_DN.
When <USER_NAME> logs into the console, it fails with:
Authentication failed. If problem persists, contact your system administrator.
- In the WLS console, the user name - <USER_NAME> is listed in the GCDomain-> Security Realms-> myrealm-> Users and Groups page
- The LDAP user - <USER_NAME> is able to login into other SSO systems without any errors and the account has not been locked / unusable.
- Active Directory status of the CN has been verified and found to be fine, simple LDAP bind also works.
- If the user is manually created in EM using the command: emcli create_user -name=<USER_NAME> -type=EXTERNAL_USER
the user is able to successfully login to the Console without any errors. But in this case, auto-provisioning is enabled by setting the OMS parameter:
oracle.sysman.core.security.auth.autoprovisioning=true, so it should not be necessary to manually create the user in EM.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |