My Oracle Support Banner

OVD - The ldapsearch Command Does Not Return Any Entries With "deny-b-null" in Diagnostic Log (Doc ID 2286565.1)

Last updated on NOVEMBER 26, 2019

Applies to:

Oracle Virtual Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.1.9.0 version, Virtual Directory Server 

OVD Read only access

Can query user entry through ODSM but can not query user successfully using ldapsearch

Entry can be queried successfully as orcladmin


ERROR
-----------------------
Filename = access.log
See the following error:

Authentication successful but with nentries=0; Search filter uid=<UID22> with base DN ""

[2017-07-07T14:47:51.132+10:00] [octetstring] [NOTIFICATION] [OVD-20038] [com.octetstring.accesslog] [tid: xx] [ecid: <ECID>] conn=37 op=0 BIND dn=CN=<ADMIN_USER>,OU=<OU4>,OU=<OU3>,OU=<OU2>,dc=<CONTAINER1>,dc=<DOMAIN>,dc=<COMPANY>,dc=com method=0 version=3
[2017-07-07T14:47:51.139+10:00] [octetstring] [NOTIFICATION] [OVD-20039] [com.octetstring.accesslog] [tid: xx] [ecid: <ECID>] conn=37 op=0 RESULT err=0 tag=0 nentries=0 etime={3}
[2017-07-07T14:47:51.142+10:00] [octetstring] [NOTIFICATION] [OVD-20043] [com.octetstring.accesslog] [tid: xx] [ecid: <ECID>] conn=37 op=1 SRCH base= scope=2 filter=uid=<UID22> requestedAttributes=[] sizelimit=0 timelimit=0 typesOnly=FALSE
[2017-07-07T14:47:51.223+10:00] [octetstring] [NOTIFICATION] [OVD-20044] [com.octetstring.accesslog] [tid: xx] [ecid: <ECID>] conn=37 op=1 RESULT err=0 tag=0 nentries=0 etime=81 dbtime=0 mem=1,524,894,552/2,066,743,296

Using ECID from SRCH operation in access log  found deny-b-null in diagnostic log --

[2017-07-07T14:47:51.221+10:00] [octetstring] [TRACE] [] [com.octetstring.vde.acl.ACLChecker] [tid: xx] [ecid: <ECID>] [SRC_CLASS:
com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] deny-b-null--CN=<ADMIN_USER>,OU=<OU4,OU=<OU3>,OU=<OU2>,dc=<CONTAINER1>,dc=<DOMAIN>,dc=<COMPANY>,dc=com-CN=<UID22>,OU=<OU1>,OU=<DOMAIN_USERS>,dc=<DOMAIN>,dc=<COMPANY>,dc=com


BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, can not search for user using ldapsearch with a user other than orcladmin.

Changes

Followed this KM doc to allow non-orcladmin user to authenticate and search / administer users in ODSM -


How To Configure / Create / Setup Multiple Administrators (More Than One Superadmin / Superuser Like cn=orcladmin) In OVD 11g For ODSM (Doc ID 1340236.1)

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.