OID 11g 11.1.1.7 Command Line Created RAD's Not Working For Oracle Forms After Applying an OID Bundle Patch (BP), e.g., 11.1.1.7.5. OID Debug Log Shows Access Not Allowed / Denied by ACP But Returns Successful (RESULT=0 nentries=0) (Doc ID 2233077.1)

Last updated on AUGUST 24, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1.7.0 to 11.1.1.7.0 [Release 11g]
Information in this document applies to any platform.

Symptoms

Using Resource Access Descriptors (RADs) created with command line or Default RAD are not working with Oracle Forms.

Followed document:   How to Create Default Resource Access Descriptors (RADS) for Forms 11g (Document 1390533.1).

RADs created using dynamic create RAD page work fine.

This issue started after applying CPU bundle patch: OID Patch 17839633 - OID BUNDLE PATCH 11.1.1.7.5; reference:

     Oracle Internet Directory (OID) Version 11g Bundle Patch / Bundle Patches For Non-Fusion Applications (NonFA / NonP4FA) Customers (Document 1614114.1).

Once the Forms URL is requested, then if the RAD is created via command line, the page defaults to the create RAD page, but the RAD is already associated for the user.

Steps to Reproduce:
1. Create a RAD for a user, for example: "orclresourcename=MYDB+orclresourcetypename=OracleDB,cn=Resource Access Descriptor,orclownerguid=16C155F152F68CA1E050020AF24110A8,cn=Extended Properties,cn=OracleContext,dc=mycompany,dc=com"
2. Do a subtree search as a user other than the Owner GUID user from search base "cn=Resource Access Descriptor,orclownerguid=16C155F152F68CA1E050020AF24110A8,cn=Extended Properties,cn=OracleContext,dc=mycompany,dc=com"
3. Access is denied by the ACL on "cn=Extended Properties,cn=OracleContext,dc=mycompany,dc=com" but a Success code is returned (RESULT=0).


OID debugged log shows that Access is denied, but returns successful RESULT=0 and nentries=0, for example:

[2015-07-15T23:37:57-07:00] [OID] [TRACE:16] [] [OIDLDAPD] [host: myhost] [pid: 31463] [tid: 11] [ecid: xx] ServerWorker (REG):[[
BEGIN
ConnID:740 mesgID:11 OpID:10  OpName:search ConnIP:<IP Address> ConnDN:orclapplicationcommonname=formsapps123-45cf-c80060e150e3,cn=forms,cn=products,cn=oraclecontext
gslbnfsFilterNorm: origVal:<orclresourcedescriptor> NormVal:<orclresourcedescriptor>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm : String to Normalize: <16C155F152F68CA1E050020AF24110A8>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm() Normalized value: <16c155f152f68ca1e050020af24110a8>
2015-07-15T23:37:57 * Adding access=ffffffff, Available access: ffffffff, Requested access=4
2015-07-15T23:37:57 * Available access: ffffffff, Requested access=4 Result=Not Allowed
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10)                          Filter Accees denied by ACP: (cn=extended properties,cn=oraclecontext,dc=mycompany,dc=com)
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10) User                          being Privileged group member, Evaluation continues
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10) Visiting ACP at:                (cn=oraclecontext,dc=mycompany,dc=com)
2015-07-15T23:37:57 *     EQUALITY
2015-07-15T23:37:57 * INFO * gslbnstStringNorm : String to Normalize: <orclnetservicealias>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm() Normalized value: <orclnetservicealias>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm : String to Normalize: <top>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm() Normalized value: <top>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm : String to Normalize: <orclresourcedescriptor>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm() Normalized value: <orclresourcedescriptor>
2015-07-15T23:37:57 *     EQUALITY
2015-07-15T23:37:57 * INFO * gslbnstStringNorm : String to Normalize: <orclnetdescription>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm() Normalized value: <orclnetdescription>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm : String to Normalize: <top>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm() Normalized value: <top>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm : String to Normalize: <orclresourcedescriptor>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm() Normalized value: <orclresourcedescriptor>
2015-07-15T23:37:57 *     EQUALITY
2015-07-15T23:37:57 * INFO * gslbnstStringNorm : String to Normalize: <orclnetdescriptionlist>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm() Normalized value: <orclnetdescriptionlist>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm : String to Normalize: <top>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm() Normalized value: <top>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm : String to Normalize: <orclresourcedescriptor>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm() Normalized value: <orclresourcedescriptor>
2015-07-15T23:37:57 *     EQUALITY
2015-07-15T23:37:57 * INFO * gslbnstStringNorm : String to Normalize: <orclnetservice>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm() Normalized value: <orclnetservice>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm : String to Normalize: <top>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm() Normalized value: <top>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm : String to Normalize: <orclresourcedescriptor>
2015-07-15T23:37:57 * INFO * gslbnstStringNorm() Normalized value: <orclresourcedescriptor>
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10)                          Filter Accees denied by ACP: (cn=oraclecontext,dc=mycompany,dc=com)
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10) User                          being Privileged group member, Evaluation continues
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10) Visiting ACP at:                (dc=mycompany,dc=com)
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10)                          Filter Accees denied by ACP: (dc=mycompany,dc=com)
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10) User                          being Privileged group member, Evaluation continues
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10) Visiting ACP at:                (dc=com)
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10)                          Filter Accees denied by ACP: (dc=com)
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10) User                          being Privileged group member, Evaluation continues
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10) Visiting ACP at:                (dc=com)
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10) Visiting ACP at:                (cn=root)
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10)                          Filter Accees denied by ACP: (cn=root)
2015-07-15T23:37:57 * gslaudeFilterEvaluation:Operation id:(10) User                          being Privileged group member, Evaluation continues
2015-07-15T23:37:57 * gslaudeFilterEvaluation: Op id:(10) Filter Access to entry              (orclresourcename=MYDB+orclresourcetypename=OracleDB,cn=Resource Access Descriptor,orclownerguid=16C155F152F68CA1E050020AF24110A8,cn=Extended Properties,cn=OracleContext,dc=mycompany,dc=com) not allowed
2015-07-15T23:37:57 * gslaudeFilterEvaluation: Operation id:(10) Exit
2015-07-15T23:37:57 * INFO: gsleswrDsndseaEntry : Access to filter attributes                   not allowed
2015-07-15T23:37:57 * Entry sent as a search result.
2015-07-15T23:37:57 * INFO:gsleswrASndResult OPtime=40275 micro sec RESULT=0 tag=101 nentries=0
2015-07-15T23:37:57 * Exit: gslsbsSearch()
2015-07-15T23:37:57 * Exit gslfseADoSearch
2015-07-15T23:37:57 *  
 BASE DN = cn=resource access descriptor,orclownerguid=16c155f152f68ca1e050020af24110a8,cn=extended properties,cn=oraclecontext,dc=mycompany,dc=com
 SCOPE = 2
 FILTER = (orclresourcename=nfads)
 REQD ATTRS = orclresourcename orclresourcetypename orcluseridattribute orclpasswordattribute orclflexattribute1

EVENT "BER  READ      " time :        472  micro sec
EVENT "DIME OVRD      " time :      40377  micro sec
EVENT "PRE DIME       " time :         59  micro sec
EVENT "DB Fetch       " time :      37830  micro sec
EVENT "EC LOOKUP      " time :         81  micro sec
EVENT "Post Dime      " time :       2399  micro sec
EVENT "Ber flush      " time :         33  micro sec
TOTAL "Operation      " time :      40278  micro sec

TOTAL "Worker         " time :      40920  micro sec

END
]]

 

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms