Adding a User or Group to WLS or BISystem Role in EM Fails: Error | Failed to retrieve users. Or: Failed to retrieve roles. | Operations error: entity= op=search mesg=Protocol Error LDAP Error 2 : simple bind failed: ldaphost.mycompany.com:636 (Doc ID 1643249.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.7.0 and later
Business Intelligence Server Enterprise Edition - Version 11.1.1.7.0 and later
Oracle WebLogic Server - Version 10.3 and later
Enterprise Manager for Fusion Middleware - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

Scenario 1:

11g Oracle Business Intelligence Server Enterprise Edition (OBIEE) with Library Oracle Virtual Directory (libOVD) integrated with Active Directory (AD).

Adding a user to a BISystem Role in Enterprise Manager (EM) fails.

For example, EM > Edit Application Role > Search for a user, it fails with:

Error

Failed to retrieve users.

Operations error: entity= op=search mesg=Protocol Error LDAP Error 2 :
simple bind failed: myadhost.mycompany.com:3269


The EM log (e.g., emoms__4_.log) shows:

...<snip>...
2014-03-17 12:13:38,227 [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] ERROR emas.security logp.251 - Failed to retrieve users.
org.openliberty.arisid.stack.ConnectionException: Operations error: entity= op=search mesg=Protocol Error LDAP Error 2 : simple bind failed: myldaphost.mycompany.com:3269
at com.oracle.ovd.arisid.OvdStackProvider.mapResultCode(OvdStackProvider.java:644)
at com.oracle.ovd.arisid.OvdStackProvider.doSearch(OvdStackProvider.java:1264)
at com.oracle.ovd.arisid.OvdStackProvider.doSearch(OvdStackProvider.java:1200)
at com.oracle.ovd.arisid.ArisIdStackProvider.doSearch(ArisIdStackProvider.java:266)
at org.openliberty.arisid.Interaction.doSearch(Interaction.java:1379)
at org.openliberty.arisidbeans.IGFObjectManager.searchDigitalSubject(IGFObjectManager.java:1143)
at oracle.igf.userrole.UserManager.searchUsers(UserManager.java:1441)
at oracle.igf.userrole.UserManager.searchUsers(UserManager.java:1491)
at oracle.sysman.emas.model.security.UserRoleUtil.fetchUserListIGF(UserRoleUtil.java:202)
at oracle.sysman.emas.model.security.DialogAdminBean.fetchUserNameList(DialogAdminBean.java:813)
at oracle.sysman.emas.model.security.DialogAdminBean.fetchPrincipals(DialogAdminBean.java:554)
at oracle.sysman.emas.pagemodel.security.identity.EditAppRolePageModel.searchPrincipal(EditAppRolePageModel.java:496)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.el.parser.AstValue.invoke(Unknown Source)
at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
...<etc>...

 


Scenario 2:

Cannot add WebLogic (WLS) groups to Application Roles in Enterprise Manager (EM):

Failed to retrieve roles.
Operations error: entity= op=search mesg=Protocol Error LDAP Error 2 : simple bind failed: ldap.com:636
#{viewScope.emas_pagemodel_security_EditAppRole.searchPrincipal}: oracle.sysman.emSDK.app.exception.EMSystemException

The emoms.log shows:

2015-11-16T13:33:10.455+00:00] [AdminServer] [NOTIFICATION:32] [] [oracle.sysman.emas.security] [tid: [ACTIVE].ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: f6c93958e8fbec5d:755df93f:1511076be0a:-8000-00000000000000dd,0] [APP: em] Failed to retrieve roles.[[
org.openliberty.arisid.stack.ConnectionException: Operations error: entity= op=search mesg=Protocol Error LDAP Error 2 : simple bind failed: myldapserver.mycompany.com:636
at com.oracle.ovd.arisid.OvdStackProvider.mapResultCode(OvdStackProvider.java:644)
at com.oracle.ovd.arisid.OvdStackProvider.doSearch(OvdStackProvider.java:1264)
at com.oracle.ovd.arisid.OvdStackProvider.doSearch(OvdStackProvider.java:1200)
at com.oracle.ovd.arisid.ArisIdStackProvider.doSearch(ArisIdStackProvider.java:266)
...<etc>...

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms