Last updated on SEPTEMBER 29, 2015
Applies to:
Enterprise Manager Base Platform - Version 12.1.0.1.0 to 12.1.0.3.0 [Release 12.1]Information in this document applies to any platform.
Symptoms
OMS has been configured for Active Directory LDAP authentication using the below command:
emctl config auth ad -ldap_host ldaphost.domain -ldap_port 389 \
-ldap_principal "${LDAP_PRINCIPLE}" -ldap_credential "${PRINCIPLE_PWD}" \
-user_base_dn "${USER_BASE_DN}" -group_base_dn "${GROUP_BASE_DN}" \
-sysman_pwd "${SYSMAN_PWD}"
This allows almost all LDAP users to login to the 12 Cloud Console successfully but fails for few users (for example: 123456). All the users are part of the same USER_BASE_DN.
When 123456 user logs into the console, it fails with:
Authentication failed. If problem persists, contact your system administrator.
- In the WLS console, the user name - 123456 is listed in the GCDomain-> Security Realms-> myrealm-> Users and Groups page
- The LDAP user - 123456 is able to login into other SSO systems without any errors and the account has not been locked / unusable.
- Active Directory status of the CN has been verified and found to be fine, simple LDAP bind also works.
- If the user is manually created in EM using the command: emcli create_user -name=123456 -type=EXTERNAL_USER
the user is able to successfully login to the Console without any errors. But in this case, auto-provisioning is enabled by setting the OMS parameter:
oracle.sysman.core.security.auth.autoprovisioning=true, so it should not be necessary to manually create the user in EM.
Cause
Sign In with your My Oracle Support account |
|
Don't have a My Oracle Support account? Click to get started |
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms