Last updated on MARCH 08, 2017
Applies to:Oracle Internet Directory - Version 10.1.4 to 10.1.4 [Release 10gR3]
Portal - Version 10.1.2.0.0 to 10.1.4.2 [Release 10gR2]
Information in this document applies to any platform.
Production (PROD) and Development (DEV) instances running OID 10.1.4.
The DEV instance has no problems.
In PROD, a new portal midtier was setup. To migrate, newly built content should be imported into the new PROD instance, which failed. PROD has been manually recreated, and since then the execution of the WWCTX_API.SET_CONTEXT procedure in SQL*Plus returns errors:
ORA-6512:at "PORTAL.WWCTX_API" line 1686
Log in to SQL*Plus using portal admin username and password, at the prompt enter:
exec WWCTX_API.SET_CONTEXT('portal',[portal lightweight password],NULL);
Using debugging steps from <Note 260840.1> binding as the Portal App Account DN, i.e.:
And User DN : cn=portal,cn=users,<realm, e.g., dc=mycompany,dc=com>.
The script from <Note 260840.1> returns an OID ldap underlying error:
Error Message : ORA-31202: DBMS_LDAP: LDAP client/server error: Insufficient access
After turning on OID Server Access Control (aci) level debug, the OID log shows that same Portal App Account DN is authenticating to OID, but it does not have access to attributes of the Portal realm entry, e.g.:
And it fails aci checking with LDAP error 50 insufficient privileges :
member, Evaluation continues
23:58:20 * gslaudeaAttributesEvaluation: Operation id:(7) Enforcing Server Default
23:58:20 * gslaudeaAttributesEvaluation:Operation id:(7) Attribute Access to entry
(cn=portal,cn=users,dc=mycompany,dc=com) not allowed
23:58:20 * gslaudekModsEvaluation: Access to attributes not allowed
23:58:20 * INFO : gsleswrASndResult2 RESULT = 50 nentries=0
NOTE: The following command can also be used to reproduce the same error:
-w <portal app dn pwd> -b "cn=portal,cn=users,dc=mycompany,dc=com" -a userpassword -v <portal user pwd>
Where <portal app dn pwd> can be obtained by using solution steps 1-3 from <Note 312154.1>.
Both PROD and DEV OID's are at same version/patchset. Both OID's have same aci's for cn=users,dc=mycompany,dc=com and cn=portal,cn=users,dc=mycompany,dc=com (default aci's).
Both OID's return the same results from ldapsearch membership check for the portal app dn account, i.e.:
Also verified both nodes against <Note 270620.1>.
PROD OID has been reinstalled/rebuilt.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms