Unable To Login To /oamconsole After Running Idmconfigtool Script With -configOAM Option

(Doc ID 1541154.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

You had to run idmconfigtool for OIM-OAM integration. The script was run once yesterday and after some issues you had to re-run again and started seeing issues. The script ran successfully without errors, but the Admin Console is locked out. You cannot login to WLS console. You are getting the following errors on Admin and Managed instance. The base is cn=users,dc=idm for the user store.

Caused By: javax.naming.NameNotFoundException: [LDAP: error code 32 - LDAP Error 32 : No Such Object]; remaining name 'cn=common, cn=products, cn=oraclecontext'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066)

In OVD:
[2013-03-22T16:29:27.908-05:00] [octetstring] [NOTIFICATION] [OVD-20043] [com.octetstring.accesslog] [tid: 371] [ecid: 4c2a47a6f103fb3e:-17a9f4e0:13d93ca73c4:-8000-0000000000000428,0:2] conn=613 op=4 SRCH base=cn=common,cn=products,cn=oraclecontext scope=0 filter=objectclass=* requestedAttributes=[orcldefaultsubscriber, orclsubscribernicknameattribute, orclsubscribersearchbase] sizelimit=0 timelimit=0 typesOnly=FALSE
[2013-03-22T16:29:27.913-05:00] [octetstring] [NOTIFICATION] [OVD-20044] [com.octetstring.accesslog] [tid: 371] [ecid: 4c2a47a6f103fb3e:-17a9f4e0:13d93ca73c4:-8000-0000000000000428,0:2] conn=613 op=4 RESULT err=32 tag=0 nentries=0 etime=6 dbtime=0 mem=226,017,312/269,352,960

You tried setting the WLS embedded LDAP as primary using wlst, but no luck. Further looking into oam-config.xml, You see this change, which did not make any sense. The directory type got switched to OID from OVD not sure where the authentication module is picking the base DN-cn=common,cn=products,cn=oraclecontext from?

<Setting Name="LDAP_PROVIDER" Type="xsd:string">OID</Setting>

In the OAMConfig.properties that used for the Idmconfigtool script with -configOAM, you have:

IDSTORE_DIRECTORYTYPE: OVD

You tried to modify oam-config.xml to switch the primary identitystore datastore type, it flips to OID right after running the script.

 

Changes

 Run Idmconfigtool script with -configOAM option

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms