Portal 10g Procedure To Query Portal Views WWCTX_API.SET_CONTEXT Fails With ORA-06510 ORA-6512
(Doc ID 758063.1)
Last updated on AUGUST 25, 2019
Applies to:
Oracle Internet Directory - Version 10.1.4 to 10.1.4 [Release 10gR3]Portal - Version 10.1.2.0.0 to 10.1.4.2 [Release 10gR2]
Information in this document applies to any platform.
Symptoms
Production (PROD) and Development (DEV) instances running OID 10.1.4.
The DEV instance has no problems.
In PROD, a new portal midtier was setup. To migrate, newly built content should be imported into the new PROD instance, which failed. PROD has been manually recreated, and since then the execution of the WWCTX_API.SET_CONTEXT procedure in SQL*Plus returns errors:
ORA-6512:at "PORTAL.WWCTX_API" line 1686
ORA-6512:at line
To reproduce:
Log in to SQL*Plus using portal admin username and password, at the prompt enter:
exec WWCTX_API.SET_CONTEXT('portal',[portal lightweight password],NULL);
Diagnostics:
Using debugging steps from <Note 260840.1> binding as the Portal App Account DN, i.e.:
orclapplicationcommonname=portal.081215.010901.834742000,cn=portal,cn=products,cn=oraclecontext
And User DN : cn=portal,cn=users,<realm, e.g., dc=<COMPANY>,dc=com>.
The script from <Note 260840.1> returns an OID ldap underlying error:
Error Message : ORA-31202: DBMS_LDAP: LDAP client/server error: Insufficient access
After turning on OID Server Access Control (aci) level debug, the OID log shows that same Portal App Account DN is authenticating to OID, but it does not have access to attributes of the Portal realm entry, e.g.:
cn=portal,cn=users,dc=<COMPANY>,dc=com
And it fails aci checking with LDAP error 50 insufficient privileges :
Privileged group
member, Evaluation continues
23:58:20 * gslaudeaAttributesEvaluation: Operation id:(7) Enforcing Server Default
Access Policy
23:58:20 * gslaudeaAttributesEvaluation:Operation id:(7) Attribute Access to entry
(cn=portal,cn=users,dc=<COMPANY>,dc=com) not allowed
23:58:20 * gslaudekModsEvaluation: Access to attributes not allowed
23:58:20 * INFO : gsleswrASndResult2 RESULT = 50 nentries=0
NOTE: The following command can also be used to reproduce the same error:
-w <portal app dn pwd> -b "cn=portal,cn=users,dc=<COMPANY>,dc=com" -a userpassword -v <portal user pwd>
Where <portal app dn pwd> can be obtained by using solution steps 1-3 from <Note 312154.1>.
Both PROD and DEV OID's are at same version/patchset. Both OID's have same aci's for cn=users,dc=<COMPANY>,dc=com and cn=portal,cn=users,dc=<COMPANY>,dc=com (default aci's).
Both OID's return the same results from ldapsearch membership check for the portal app dn account, i.e.:
"(uniquemember=orclapplicationcommonname=portal.081215.010901.834742000,cn=portal,cn=products,cn=ora
clecontext)" dn
Also verified both nodes against <Note 270620.1>.
Changes
PROD OID has been reinstalled/rebuilt.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |