Identity And Access Server Fail To Start After LDAP Password Reset

(Doc ID 1151323.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Access - Version 10.1.4.2 to 10.1.4.3.0
Information in this document applies to any platform.

Symptoms

Oracle Access Manager (OAM) Identity Server and Access Server were installed successfully and have been successfully re-started without issues in the past.

For whatever reason the password for the administrator user that the OAM server components use to connect to the Configuration Data LDAP Server has been changed/reset.

Identity Server now fails to start. Example output from startup attempt:

$ ./start_ois_server
OIS Server started with pid: 24269
$ Unable to initialize Identity Server
Engine did not initialize. Check /oracle/software/oam/identity/oblix/logs/oblog.log for details.
Starting OIS server Watchdog.....
OIS Server Watchdog cannot run, because there is no OIS Server to watch.



The Identity Server oblog.log shows that the connection to the LDAP server to obtain Identity Server configuration data is failing with error LDAP Error 49 'Invalid Credentials':

2010/05/27@16:45:44.029000 UTC - COREid Server File Logger
<Year/Mon/Day@Hour:Min:Sec.Milsec> <Process_Id> <Thread_Id> <Module> <Level> <Code> <File:Line> "<Message>" <Named_Values...>
=============================================================================================================================
....
2010/07/07@12:58:25.796440 24269 24290 DB_RUNTIME WARNING 0x00000504 ../ldap_connection_mngr.cpp:489 "Exception during DB runtime code" function^ObLDAPConnctionManager::CreateAndOpenConnection

2010/07/07@12:58:25.797185 24269 24290 DB_RUNTIME WARNING 0x00000504 ../db_connection_mngr.cpp:493 "Exception during DB runtime code" function^DBConnectionManager::PollLDAPServer status^23

2010/07/07@12:58:25.804643 24269 24290 DB_RUNTIME WARNING 0x00000017 ../ldap_connection_mngr.cpp:436 "Invalid LDAP user credentials or password has expired" function^LDAPAsyncSimpleBind() userid^cn=orcladmin

2010/07/07@12:58:25.804675 24269 24290 DB_RUNTIME ERROR 0x000008C1 ../ldap_connection_mngr.cpp:443 "Failed to connect to directory server" lpszHost^oid.oracle.com port^389
...




Access Server also fails to start with reported errors "Failed to read Oblix Configuration Information" and "Unable to find configuration entry in directory server.."

Example output from start attempt:

 $ ./start_access_server
Access Server started with pid: 28816
$
Message from syslogd@ at Wed Jul 14 10:54:14 2010 ...
oracle Oblix: 2010/07/14@05:24:14.181825 28816 28816 CONFIGDB FATAL 0x00000DF9 /usr/abuild/Oblix/coreid1014/palantir/dblib/src/ldap_config_db.cpp:318 "Failed to read Oblix Configuration Information" function^LDAPConfigDB::ReadOblixDBConfig DN^o=Oblix, dc=oracle,dc=com obstatus^10 /usr/abuild/Oblix/coreid1014/palantir/dblib/src/db_util.cpp:771: Error: Exception re-thrown in GetWebResrcDB
/usr/abuild/Oblix/coreid1014/palantir/dblib/src/db_util.cpp:280: Error: Exception re-thrown in GetConfigDB
/usr/abuild/Oblix/coreid1014/palantir/dblib/src/ldap_config_db.cpp:225: Error: Exception re-thrown in LDAPConfigDB::Open()
/usr/abuild/Oblix/coreid1014/palantir/dblib/src/ldap_config_db.cpp:378: Error: Exception re-thrown in LDAPConfigDB::ReadOblixConfigDB()
/usr/abuild/Oblix/coreid1014/palantir/dblib/src/ldap_config_db.cpp:333: Error: Unable to find configuration entry in directory server at configuration base=`o=Oblix, dc=oracle,dc=com'

Unable to initialize the AAA server.
Unable to initialize the AAA server.



The trace Access Server oblog.log shows that the connection to the LDAP server to obtain Access Server configuration data is failing with error LDAP Error 49 'Invalid Credentials':


2010/07/14@05:24:13.810494 UTC - Access Server File Logger
<Year/Mon/Day@Hour:Min:Sec.Milsec> <Process_Id> <Thread_Id> <Module> <Level> <Code> <File:Line> "<Message>" <Named_Values...>
====================================================================================
...
2010/07/14@05:24:14.021675 28816 28816 CONFIGDB TRACE 0x00000203 /usr/abuild/Oblix/coreid1014/palantir/dblib/src/ldap_config_db.cpp:169 "Function entered" _TraceName^LDAPConfigDB::Open
...
2010/07/14@05:24:14.069983 28816 28840 DB_RUNTIME TRACE 0x00000205 ../ldap_connection_mngr.cpp:417 "Function called" _CallName^LDAPAsyncSimpleBind
...
2010/07/14@05:24:14.080369 28816 28840 DB_RUNTIME TRACE 0x00000204 ../ldap_util3.cpp:526 "Function exited" _TraceName^LDAPSimpleBind _TraceDuration^0.000830 retcode^1

2010/07/14@05:24:14.113402 28816 28840 LDAP DEBUG3 0x00000201 ../ldap_util3.cpp:3121 "ldap_parse_result of Simple Bind" ld handle^0x08B59B20 result^0x08BABE70 bind^cn=orcladmin LDAP bind operation status code^49 Additional error message^ freeit^0 parse_rc^0

2010/07/14@05:24:14.113520 28816 28840 DB_RUNTIME WARNING 0x00000017 ../ldap_connection_mngr.cpp:436 "Invalid LDAP user credentials or password has expired" function^LDAPAsyncSimpleBind() userid^cn=orcladmin

2010/07/14@05:24:14.113542 28816 28840 DB_RUNTIME ERROR 0x000008C1 ../ldap_connection_mngr.cpp:443 "Failed to connect to directory server" lpszHost^oid.oracle.com port^389



Changes

The password for the administrator user that Identity and Access Server uses to connect to the Configuration Data LDAP Server has been changed/reset.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms