My Oracle Support Banner

12c Cloud Control: Auto-Provisioning Fails for Certain LDAP Users due to Which Login to Console Fails (Doc ID 1635786.1)

Last updated on NOVEMBER 22, 2019

Applies to:

Enterprise Manager Base Platform - Version to [Release 12.1]
Information in this document applies to any platform.


OMS has been configured for Active Directory LDAP authentication using the below command:

emctl config auth ad -ldap_host ldaphost.domain -ldap_port <PORT> \
  -ldap_principal "${LDAP_PRINCIPLE}" -ldap_credential "${PRINCIPLE_PWD}" \
  -user_base_dn "${USER_BASE_DN}" -group_base_dn "${GROUP_BASE_DN}" \
  -sysman_pwd "${SYSMAN_PWD}"

This allows almost all LDAP users to login to the 12 Cloud Console successfully but fails for few users (for example: 123456). All the users are part of the same USER_BASE_DN.

When <USER_NAME> logs into the console, it fails with:

Authentication failed. If problem persists, contact your system administrator.

- In the WLS console, the user name - <USER_NAME> is listed in the GCDomain-> Security Realms-> myrealm-> Users and Groups page

- The LDAP user - <USER_NAME> is able to login into other SSO systems without any errors and the account has not been locked / unusable.

-  Active Directory status of the CN has been verified and found to be fine, simple LDAP bind also works.

-  If the user is manually created in EM using the command: emcli create_user -name=<USER_NAME> -type=EXTERNAL_USER

   the user is able to successfully login to the Console without any errors. But in this case, auto-provisioning is enabled by setting the OMS parameter:, so it should not be necessary to manually create the user in EM.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.