My Oracle Support Banner

OVD - The ldapsearch Command Does Not Return Any Entries With "deny-b-null" in Diagnostic Log (Doc ID 2286565.1)

Last updated on JULY 21, 2017

Applies to:

Oracle Virtual Directory - Version and later
Information in this document applies to any platform.


On : version, Virtual Directory Server 

OVD Read only access

Can query user entry through ODSM but can not query user successfully using ldapsearch

Entry can be queried successfully as orcladmin

Filename = access.log
See the following error:

Authentication successful but with nentries=0; Search filter uid=testoutlook with base DN ""

[2017-07-07T14:47:51.132+10:00] [octetstring] [NOTIFICATION] [OVD-20038] [com.octetstring.accesslog] [tid: 44] [ecid: 0000LoRO25RFCC75rJ8DyY1PNl1u00000S,0] conn=37 op=0 BIND dn=CN=adm,OU=TfNSW,OU=Support Admins,OU=SYSOPS,dc=CAD-DEV,dc=xxx2,dc=xxx1,dc=xx method=0 version=3
[2017-07-07T14:47:51.139+10:00] [octetstring] [NOTIFICATION] [OVD-20039] [com.octetstring.accesslog] [tid: 44] [ecid: 0000LoRO25RFCC75rJ8DyY1PNl1u00000S,0] conn=37 op=0 RESULT err=0 tag=0 nentries=0 etime={3}
[2017-07-07T14:47:51.142+10:00] [octetstring] [NOTIFICATION] [OVD-20043] [com.octetstring.accesslog] [tid: 45] [ecid: 0000LoRO25_FCC75rJ8DyY1PNl1u00000T,0] conn=37 op=1 SRCH base= scope=2 filter=uid=testoutlook requestedAttributes=[] sizelimit=0 timelimit=0 typesOnly=FALSE
[2017-07-07T14:47:51.223+10:00] [octetstring] [NOTIFICATION] [OVD-20044] [com.octetstring.accesslog] [tid: 45] [ecid: 0000LoRO25_FCC75rJ8DyY1PNl1u00000T,0] conn=37 op=1 RESULT err=0 tag=0 nentries=0 etime=81 dbtime=0 mem=1,524,894,552/2,066,743,296

Using ECID from SRCH operation in access log (0000LoRO25_FCC75rJ8DyY1PNl1u00000T,0) found deny-b-null in diagnostic log --

[2017-07-07T14:47:51.221+10:00] [octetstring] [TRACE] [] [com.octetstring.vde.acl.ACLChecker] [tid: 45] [ecid: 0000LoRO25_FCC75rJ8DyY1PNl1u00000T,0] [SRC_CLASS:
com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] deny-b-null--CN=adm,OU=TfNSW,OU=Support Admins,OU=SYSOPS,dc=CAD-DEV,dc=xxx2,dc=xxx1,dc=xx-CN=testoutlook,OU=TNSW,OU=DomainUsers,dc=xxx2,dc=xxx1,dc=xx

The issue has the following business impact:
Due to this issue, can not search for user using ldapsearch with a user other than orcladmin.


Followed this KM doc to allow non-orcladmin user to authenticate and search / administer users in ODSM -

How To Configure / Create / Setup Multiple Administrators (More Than One Superadmin / Superuser Like cn=orcladmin) In OVD 11g For ODSM (Doc ID 1340236.1)


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.