OUD11g - EUS Setup For User External Authentication works fine for some users, but fails with ORA-01017 error for users in a different suffix
Last updated on OCTOBER 25, 2017
Applies to:Oracle Unified Directory - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
Having EUS implementation for Oracle database to authenticate Oracle database users with OUD.
This works fine for users under cn=users,dc=example,dc=com.
However in the OUD isntance, there are users on different location as well, for example uid=user1,cn=db_users,dc=example,dc=com
When connecting from clients using username user1/password, receiving ORA-01017 error.
After enable the trace in the database, found that OUD search only under cn=users,dc=example,dc=com.
kzld_search -s sub -b cn=OracleDBSecurity,cn=Products,cn=OracleContext,dc=example,dc=com
search filter: (&(objectclass=orcldbenterprisedomain_82)(uniqueMember=cn=xxxxx,cn=OracleContext,dc=example,dc=com))
kzldsp found policy ALL
kzld_search -s base -b cn=Common,cn=Products,cn=OracleContext,dc=safeway,dc=com
search filter: objectclass=*
kzld found uid for orclCommonNicknameAttribute
kzldsearch_ext -s sub -b cn=users,dc=example,dc=com
search filter: uid=user1
KZLD_ERR: failed the search 28304.
number of entries: 0
KZLD_ERR: failed to locate user of name user1
KZLD is doing LDAP unbind
Probably It is necessary perform some modification, to make this user search, in the different container.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms