My Oracle Support Banner

ODSEE - How to Add a Server to the DSCC Registry When the Directory Server Does Not Use "cn=directory manager" as the Root DN? (Doc ID 1312298.1)

Last updated on JULY 26, 2019

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.0 and later
Information in this document applies to any platform.
***Checked for relevance on 14-Feb-2013***


When running dsccreg add-server, there are 2 authentications performed:
1) Against the Directory server ads instance (by default) on port 3998 as cn=admin,cn=administrators,cn=dscc (which is the DSCC administrator)
2) Against the Directory server you are attempting to register which is by default cn=directory manager

If the registered server does not use cn=directory manager, the non-default rootDN that dsccreg will use to authenticate against the registered server will need to be provided.

The rootDN on the registered server can be confirmed / verified by running this:
grep nsslapd-rootdn dse.ldif
dsconf get-server-prop root-dn
Note: When running dsconf against the registered server the " -D " would be used to specify a user other than cn=directory manager.   So dsconf and dsccreg differ in that way.

Here is an example of how the prompt is presented to enter the cn=directory manager password:
root@host:/sunone/dsee7/bin> ./dsccreg add-server /app/sunone/dsee7/slapd-host
Enter DSCC administrator's password:
/app/sunone/dsee7/slapd-host is an instance of DS
Enter password of "cn=Directory Manager" for /app/sunone/dsee7/slapd-host:

If the dsccreg command is attempted to run with -D to specify the non-default rootDN rather than -B, then it will result in err=32 because it is trying to authenticate with cn=nonDM to the Directory server ads instance rather than server that is being attempted to register:
./dsccreg add-server -D cn=nonDM /app/sunone/dsee7/slapd-host
Enter DSCC administrator's password:
Failed to connect to ldap://host:3998
[LDAP: error code 32 - No Such Object]
/sunone/dsee7/slapd-host has not been registered in DSCC on host.

From the dsccreg man page-
-D user-dn
--user-dn user-dn

Bind using the specified user-dn.

By default, the value of the environment variable LDAP_ADMIN_USER is used. If LDAP_ADMIN_USER is not defined, cn=admin,cn=Administrators,cn=dcc is used.
-B instance-user-dn
--inst-user-dn instance-user-dn

Use the specified bind DN to bind to the instance specified by instance-path.

By default, the dsccreg command uses cn=Directory Manager.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.