How to Add a Server to the DSCC Registry When the Directory Server Does Not Use "cn=directory manager" as the Root DN? (Doc ID 1312298.1)

Last updated on MAY 05, 2016

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.0 and later
Information in this document applies to any platform.
***Checked for relevance on 14-Feb-2013***

Goal

When running dsccreg add-server, there are 2 authentications performed:
1) Against the Directory server ads instance (by default) on port 3998 as cn=admin,cn=administrators,cn=dscc (which is the DSCC administrator)
2) Against the Directory server you are attempting to register which is by default cn=directory manager

If your registered server does not use cn=directory manager, you will need to specify the non-default rootDN that dsccreg will use to authenticate against the registered server.
You can check if your rootDN on your registered server by running this:
grep nsslapd-rootdn dse.ldif
-or-
dsconf get-server-prop root-dn
Note: When running dsconf against your registered server you would use -D to specify a user other than cn=directory manager. So dsconf and dsccreg differ in that way.

Here is an example of how you are prompted to enter the cn=directory manager password:
root@host:/sunone/dsee7/bin> ./dsccreg add-server /app/sunone/dsee7/slapd-host
Enter DSCC administrator's password:
/app/sunone/dsee7/slapd-host is an instance of DS
Enter password of "cn=Directory Manager" for /app/sunone/dsee7/slapd-host:

If you try to run the dsccreg command with -D to specify the non-default rootDN rather than -B, then it will result in err=32 because it is trying to authenticate with cn=nonDM to the Directory server ads instance rather than server you are trying to register:
./dsccreg add-server -D cn=nonDM /app/sunone/dsee7/slapd-host
Enter DSCC administrator's password:
Failed to connect to ldap://host:3998
[LDAP: error code 32 - No Such Object]
/sunone/dsee7/slapd-host has not been registered in DSCC on host.

From the dsccreg man page-
https://docs.oracle.com/cd/E29127_01/doc.111170/e28967/dsccreg-1m.htm
:
-D user-dn
--user-dn user-dn

Bind using the specified user-dn.

By default, the value of the environment variable LDAP_ADMIN_USER is used. If LDAP_ADMIN_USER is not defined, cn=admin,cn=Administrators,cn=dcc is used.
--
-B instance-user-dn
--inst-user-dn instance-user-dn

Use the specified bind DN to bind to the instance specified by instance-path.

By default, the dsccreg command uses cn=Directory Manager.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms