My Oracle Support Banner

OUD11g - EUS Setup For User External Authentication Works for Some Users but Fails With ORA-01017 for Users in a Different Suffix (Doc ID 2312243.1)

Last updated on OCTOBER 10, 2018

Applies to:

Oracle Unified Directory - Version and later
Information in this document applies to any platform.


EUS implementation for Oracle database to authenticate Oracle database users with OUD.

This works fine for users under cn=users,dc=example,dc=com.

However, in the OUD instance, there are also users in a different location. For example - uid=user1,cn=db_users,dc=example,dc=com

When connecting from clients using username user1/password, receiving ORA-01017 error.

ORA-01017: invalid username/password; logon denied

After enable the trace in the database, found that OUD search only under cn=users,dc=example,dc=com.

kzld found pwd in wallet
kzld_search -s sub -b cn=OracleDBSecurity,cn=Products,cn=OracleContext,dc=example,dc=com
search filter: (&(objectclass=orcldbenterprisedomain_82)(uniqueMember=cn=xxxxx,cn=OracleContext,dc=example,dc=com))
kzldsp found policy ALL
kzld_search -s base -b cn=Common,cn=Products,cn=OracleContext,dc=example,dc=com
search filter: objectclass=*
kzld found uid for orclCommonNicknameAttribute
kzldsearch_ext -s sub -b cn=users,dc=example,dc=com
search filter: uid=user1
KZLD_ERR: failed the search 28304.
number of entries: 0
KZLD_ERR: 28304
KZLD_ERR: failed to locate user of name user1
KZLD is doing LDAP unbind

Probably It is necessary perform some modification, to make this user search, in the different container.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.