EUS with OVD 11g Integration: How to Register a DB with DBCA with a NonAdmin Account, i.e., a Different Account Other than the "cn=orcladmin" Superuser Account? (TNS-04411: Directory service: permission denied)
(Doc ID 1582322.1)
Last updated on AUGUST 30, 2023
Applies to:
Oracle Virtual Directory - Version 11.1.1.0 and laterInformation in this document applies to any platform.
Goal
What group membership does a regular (non-administrator) LDAP user account object need in order to register databases using Database Configuration Assistant (DBCA) for Enterprise User Security (EUS) through Oracle Virtual Directory (OVD) 11g?
It is possible to register databases using a different account other than the "cn=orcladmin" superuser account?
For example: Realm name is dc=<COMPANY>,dc=com, or dc=<OVD_DOMAIN>,dc=com if using the default OVD EUS setup.
When creating a user account object at that level (for example cn=<USERNAME>,dc=<COMPANY>,dc=com), what group should this user be added to in order to register a databases with DBCA?
After following RDBMS documentation:
Oracle® Database Net Services Administrator's Guide 11g Release 2 (11.2) E41945-03
Chapter 3 Managing Network Address Information
Section "Who Can Add or Modify Entries in the Directory Server"
And adding the user to the following groups:
cn=OracleDBCreators,cn=OracleContext,dc=<OVD_DOMAIN>,dc=com
cn=OracleContextAdmins,cn=Groups,cn=OracleContext,dc=<OVD_DOMAIN>,dc=com
cn=OracleNetAdmins,cn=OracleContext,dc=<OVD_DOMAIN>,dc=com
Registering a DB with DBCA still fails with:
service. - TNS-04411: Directory service:
permission denied
caused by:
oracle.net.config.DirectoryServiceException:
TNS-04411: Directory service: permission denied
caused by: oracle.net.ldap/NNFLException
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |