1 2 Previous Next 15 Replies Latest reply: Aug 17, 2004 1:59 AM by 382654 RSS

    ORA-28030: Server encountered problems accessing LDAP directory

    135084
      Hello,

      I am new babie to OID and have configured it and dataabse is registered to OID. I wanted to create a shared schema so I followed the steps at http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96573/asomeus.htm#1012472

      I have created enterprise role and users as indicated in the above link. However, now I am trying to connect to one of the OID user/enterprise user which is mapped to shared schema and I am getting this error:

      SQL> conn suhail/welcome1@win_db
      ERROR:
      ORA-28030: Server encountered problems accessing LDAP directory service


      I have not setup any Wallet, is this necessary to setup Wallet before I can connect to database using OID user?

      Any help would be highly appreciated.

      Thanks

      Suhail
        • 1. Re: ORA-28030: Server encountered problems accessing LDAP directory
          135084
          Is there any one who can answer to this question? In other words, does Oracle have any document for configuring OID, EUS to connect OID users to database. I donot see a single one. Oracle has done a poor job in this area. They say, follow some chapters in Oracle Advanced Security and then Oracle Internet directory, I donot think this is the right way to implement a s/w. I am highly frustrated with this OID implementation and is planning to abondone it all together and we will use the existing e-Dir LDAP.

          Thanks

          Suhail
          • 2. Re: ORA-28030: Server encountered problems accessing LDAP directory
            382654
            You will need Metalink access - you can access various documents on this subject :
            e.g. Document id: 185275.1 Example of Setting up Enterprise User Security
            191137 Troubleshooting Enterprise User Security
            189260.1 How to configure TCPS & create a DN certificate

            Yes you do have to have a wallet / certificate - you can get a 21 day trial one from www.thawte.com

            It is very complicated to set this up!!
            • 3. Re: ORA-28030: Server encountered problems accessing LDAP directory
              135084
              Thanks Steve for your prompt response. When OID and EUS works together then why Oracle has implementation steps dispersed on several diferent documents, some on OAS ,some on OID adminsitration. I will follow the Metalink Notes ,which you mentioned, as a last chance to configure OID.

              Thanks

              Suhail
              • 4. Re: ORA-28030: Server encountered problems accessing LDAP directory
                382654
                No problems

                Let me know how you get on I may be able to help further.
                • 5. Re: ORA-28030: Server encountered problems accessing LDAP directory
                  135084
                  Steve,

                  Thank you for your help. As you mentione, I followed the Metalink Notes and now I am having this problem:

                  SQL> connect scott/tiger@win_dbssl
                  ERROR:
                  ORA-28862: SSL connection failed


                  I have configured the wallet, created certificated imported certificate back from http://www.thawte.com. My Oracle_home is c:\9idb and wallet files are stored under c:\9idb\wallet, there are two files ewallet.p12 and cwallet.sso , here are my sqlnet, tnsnames and listener files:

                  ----------SQLNET.ORA---------------
                  # SQLNET.ORA Network Configuration File: c:\9idb\network\admin\sqlnet.ora
                  # Generated by Oracle configuration tools.

                  WALLET_LOCATION =
                  (SOURCE =
                  (METHOD = FILE)
                  (METHOD_DATA =
                  (DIRECTORY = c:\9idb\Wallet)
                  )
                  )

                  SQLNET.AUTHENTICATION_SERVICES= (BEQ,TCPS,NTS)
                  SSL_CLIENT_AUTHENTICATION = TRUE
                  SSL_VERSION = 3.0
                  NAMES.DIRECTORY_PATH= (TNSNAMES)

                  TRACE_LEVEL_SERVER=16
                  TRACE_DIRECTORY_SERVER=c:\9idb\ssltrace
                  TRACE_FILE_SERVER=ssl_srvr

                  TRACE_LEVEL_CLIENT=16
                  TRACE_DIRECTORY_CLIENT=c:\9idb\ssltrace
                  TRACE_UNIQUE_CLIENT=on
                  TRACE_FILE_CLIENT=ssl_client


                  -----LISTENER.ORA---------------------------
                  # LISTENER.ORA Network Configuration File: c:\9idb\network\admin\listener.ora
                  # Generated by Oracle configuration tools.

                  WALLET_LOCATION =
                  (SOURCE =
                  (METHOD = FILE)
                  (METHOD_DATA =
                  (DIRECTORY = C:\9idb\Wallet)
                  )
                  )

                  LISTENER =
                  (DESCRIPTION_LIST =
                  (DESCRIPTION =
                  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC2))
                  )
                  (DESCRIPTION =
                  (ADDRESS = (PROTOCOL = TCP)(HOST = RLZAFRA-NT2K-1)(PORT = 1521))
                  )
                  (DESCRIPTION =
                  (ADDRESS = (PROTOCOL = TCPS)(HOST = RLZAFRA-NT2K-1)(PORT = 2484))
                  )     

                  )


                  SID_LIST_LISTENER =
                  (SID_LIST =
                  (SID_DESC =
                  (SID_NAME = PLSExtProc)
                  (ORACLE_HOME = c:\9idb)
                  (PROGRAM = extproc)
                  )
                  (SID_DESC =
                  (GLOBAL_DBNAME = win_db)
                  (ORACLE_HOME = c:\9idb)
                  (SID_NAME = windb)
                  )
                  (SID_DESC =
                  (SID_NAME = SPICE)
                  (ORACLE_HOME = C:\9idb)
                  (PROGRAM = hsodbc)
                  )
                  (SID_DESC =
                  (SID_NAME = EXCEL)
                  (ORACLE_HOME = C:\9idb)
                  (PROGRAM = hsodbc)
                  )
                  )

                  SSL_CLIENT_AUTHENTICATION = FALSE


                  ---------------TNSNAMES.ORA------------------
                  # TNSNAMES.ORA Network Configuration File: c:\9idb\network\admin\tnsnames.ora
                  # Generated by Oracle configuration tools.

                  GRILL =
                  (DESCRIPTION =
                  (ADDRESS_LIST =
                  (ADDRESS = (PROTOCOL = TCP)(HOST = RLZAFRA-NT2K-1)(PORT = 1521))
                  )
                  (CONNECT_DATA =
                  (SID = SPICE)
                  )
                  (HS = OK)
                  )
                  WIN_DB =
                  (DESCRIPTION =
                  (ADDRESS_LIST =
                  (ADDRESS = (PROTOCOL = TCP)(HOST = RLZAFRA-NT2K-1)(PORT = 1521))
                  )
                  (CONNECT_DATA =
                  (SERVER = DEDICATED)
                  (SERVICE_NAME = win_db)
                  )
                  )

                  WIN_DBSSL =
                  (DESCRIPTION =
                  (ADDRESS_LIST =
                  (ADDRESS = (PROTOCOL = TCPS)(HOST = RLZAFRA-NT2K-1)(PORT = 2484))
                  )
                  (CONNECT_DATA =
                  (SERVER = DEDICATED)
                  (SERVICE_NAME = win_db)
                  )
                  )

                  ----END-----------------------


                  So, I have SSL service called win_DBSSL and now using scott/tiger, I should be able to connect, but could not.


                  Any idea, what is missing now. In metalink, Note.166492.1 Oracle Advanced Security SSL Troubleshooting Guide , they are suggesting that in NT/Windows environment, this error may occur if the listener or server are not run as the same user who created the wallet. What does this mean, who is the user for wallet. I am logging with my username to windows , I have installed Oracle db and OID on the samel local drive. So why do this matter even?

                  Thanks for your help.

                  Suhail
                  • 6. Re: ORA-28030: Server encountered problems accessing LDAP directory
                    382654
                    When you installed Oracle in the first place (here I am talking from my perspective - I have only done this on Unix and Linux) You must have set up an administrative User / Group such as ORACLE or DBA or some such - this is what they mean by the same user --- ? fun eh!

                    Look at Troubleshooting SSL note 166492.1 (I know another one)

                    You have created a second (Oracle) listener haven't you? one for SSL on a different Port to the standard Oracle Listener also have you set up a second OID configset?

                    Can't recall all the details but I know these both feature as things you have to do to get this to work!
                    • 7. Re: ORA-28030: Server encountered problems accessing LDAP directory
                      135084
                      No, I have only one listener, one listener listen todifferent port and port # 2484 belongs to SSL, do I have to create a seperate listener inthis case?

                      Here is the part of listener.ora file..


                      LISTENER =
                      (DESCRIPTION_LIST =
                      (DESCRIPTION =
                      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC2))
                      )
                      (DESCRIPTION =
                      (ADDRESS = (PROTOCOL = TCP)(HOST = RLZAFRA-NT2K-1)(PORT = 1521))
                      )
                      (DESCRIPTION =
                      (ADDRESS = (PROTOCOL = TCPS)(HOST = RLZAFRA-NT2K-1)(PORT = 2484))
                      )

                      )
                      • 8. Re: ORA-28030: Server encountered problems accessing LDAP directory
                        382654
                        Yes you need 2 listeners (can't remember which document tells you this = but you do need 2!!)

                        My listener.ora file looks like this :
                        LISTENER_LDAP =
                        (DESCRIPTION_LIST =
                        (DESCRIPTION =
                        (ADDRESS = (PROTOCOL = TCP)(HOST = myhost)(PORT = 9010))
                        )
                        (DESCRIPTION =
                        (ADDRESS = (PROTOCOL = TCPS)(HOST = myhost)(PORT = 2483)
                        )
                        )
                        )

                        LISTENER =
                        (DESCRIPTION_LIST =
                        (DESCRIPTION =
                        (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
                        )
                        (DESCRIPTION =
                        (ADDRESS = (PROTOCOL = TCP)(HOST = myhost)(PORT = 1521))
                        )
                        SID_LIST_LISTENER =
                        (SID_LIST =
                        (SID_DESC =
                        (SID_NAME = PLSExtProc)
                        (ORACLE_HOME = /oracle/product/ias902i)
                        (PROGRAM = extproc)
                        )
                        (SID_DESC =
                        (GLOBAL_DBNAME = iasdb.myhost)
                        (ORACLE_HOME = /oracle/product/ias902i)
                        (SID_NAME = iasdb) # where OID is
                        )
                        (SID_DESC =
                        (GLOBAL_DBNAME = master)
                        (ORACLE_HOME = /oracle/product/ias902i)
                        (SID_NAME = master) # the 'enterprise' / user DB
                        )
                        )

                        SID_LIST_LISTENER_LDAP =
                        (SID_LIST =
                        (SID_DESC =
                        (GLOBAL_DBNAME = master)
                        (ORACLE_HOME = /oracle/product/ias902i)
                        (SID_NAME = master)
                        )
                        (SID_DESC =
                        (GLOBAL_DBNAME = iasdb.hostname)
                        (ORACLE_HOME = /oracle/product/ias902i)
                        (SID_NAME = iasdb)
                        )
                        )

                        SSL_CLIENT_AUTHENTICATION = FALSE

                        Obviously your hostname and database names apart from the OID one would probably be different!

                        Dont forget you will also need to start your second listener - On unix I do this with the command:
                        lsnrctl start listener_ssl (you can see I called mine that above)

                        Phew ;-)
                        • 9. Re: ORA-28030: Server encountered problems accessing LDAP directory
                          382654
                          Sorry got the start listener conmmand wrong (ARRGGGH)

                          Should be lsnrctl start listener_ldap ...

                          Pah should be locked away!
                          • 10. Re: ORA-28030: Server encountered problems accessing LDAP directory
                            135084
                            Thanks Steve, for all your help. I have created a new listener for SSLm but I still have problem,now its this.

                            SQL> connect scott/tiger@win_dbssl
                            ERROR:
                            ORA-28862: SSL connection failed

                            I had started both listeners.

                            One more thing, on my laptop ( XP based machine) I was able to configure OID , WALLET etc but somehow on WINDOWS2000 I am facing problem. On XP machine, I have not even created another listener, just one listener and it works OK there.
                            Here is my listener.ora file looks like now on Windows2000.

                            # LISTENER.ORA Network Configuration File: c:\9idb\network\admin\listener.ora
                            # Generated by Oracle configuration tools.

                            WALLET_LOCATION =
                            (SOURCE =
                            (METHOD = FILE)
                            (METHOD_DATA =
                            (DIRECTORY = C:\9idb\wallet)
                            )
                            )

                            LISTENER =
                            (DESCRIPTION_LIST =
                            (DESCRIPTION =
                            (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC2))
                            )
                            (DESCRIPTION =
                            (ADDRESS = (PROTOCOL = TCP)(HOST = RLZAFRA-NT2K-1)(PORT = 1521))
                            )
                            )

                            LISTENER_SSL =
                            (DESCRIPTION_LIST =
                            (DESCRIPTION =
                            (ADDRESS = (PROTOCOL = TCPS)(HOST = RLZAFRA-NT2K-1)(PORT = 2484))
                            )     

                            )

                            SID_LIST_LISTENER_SSL =
                            (SID_LIST =
                            (SID_DESC =
                            (GLOBAL_DBNAME = win_db)
                            (ORACLE_HOME = c:\9idb)
                            (SID_NAME = windb)
                            )

                            )


                            SID_LIST_LISTENER =
                            (SID_LIST =
                            (SID_DESC =
                            (SID_NAME = PLSExtProc)
                            (ORACLE_HOME = c:\9idb)
                            (PROGRAM = extproc)
                            )
                            (SID_DESC =
                            (GLOBAL_DBNAME = win_db)
                            (ORACLE_HOME = c:\9idb)
                            (SID_NAME = windb)
                            )
                            (SID_DESC =
                            (SID_NAME = SPICE)
                            (ORACLE_HOME = C:\9idb)
                            (PROGRAM = hsodbc)
                            )
                            (SID_DESC =
                            (SID_NAME = EXCEL)
                            (ORACLE_HOME = C:\9idb)
                            (PROGRAM = hsodbc)
                            )
                            )

                            SSL_CLIENT_AUTHENTICATION = FALSE
                            • 11. Re: ORA-28030: Server encountered problems accessing LDAP directory
                              135084
                              Thanks, I was able to solve the problem. I was not importing CA Test Root certificate. First we have to import CA Root test and then the user certificate.

                              Thanks

                              Suhail
                              • 12. Re: ORA-28030: Server encountered problems accessing LDAP directory
                                135084
                                Helo Steve,

                                This is again Suhail. On Windows environment, OID setup is OK , it was a proog of concept. Now, we are planning to configure OID on the UNIX environment. In unix we have on one box several Oracle database running, so we have decided to install OID in a new database under a new Oracle_Home. So other dataabse are in a separte home and OID db is on another home.

                                In this scenario do I still have to configure wallet for OID databse. From your listner file, it seems to me that you donot have wallet setup for OID database, becauae there is no WALLET entry in your listener.ora. I have setup the wallet for the other oracle_home where I have 3 other databases.

                                Let me know if this is the wrong setup.

                                Thanks

                                Suhail

                                • 13. Re: ORA-28030: Server encountered problems accessing LDAP directory
                                  382654
                                  Hi Suhail,

                                  I think you will be OK with what you say, no I don't have a wallet for OID though when I set it up (Which was quite a while ago now) I wasn't convinced whether or not I needed it!

                                  As long as you remember that your databases have to be registered with OID which you do via DBCA or ESM you should be OK, though I have not actually done it with multiple databases yet, mine was proof of concept as was yours.

                                  Good Luck!!

                                  The only advice I can offer really is if you can try it out see what if any problems you get and go from there!

                                  PS you can also save the cost of a thawte certificate you can use OpenSSL I have now done this and it works - if you're interested I can point you at some documentation on how to achieve it.
                                  • 14. Re: ORA-28030: Server encountered problems accessing LDAP directory
                                    135084
                                    So OID on a seperate home should not create any problem. I am in the process of installing the OID on a seperate home and then will try to register other databases. However, let me know if I am correct, I should create wallet for each database or one wallet per oracle home will work. I also have some other oracle 8.17 application running on some other box and we have to register those databases to OID too.

                                    Yes , please point me to the document to certify authority using OPenSSl. I know this site http://www.openssl.org/, do I need Apache setup for this on my Unix box?

                                    Thanks

                                    Syed
                                    1 2 Previous Next