This discussion is archived
4 Replies Latest reply: Apr 10, 2012 6:32 PM by 929209 RSS

Registration problem with LDAP Security Adapter for Siebel

929209 Newbie
Currently Being Moderated
Hi, this is Sielbel 8.1.1.6
the OS is linux Redhat 5.3 and database is Oracle 11.2.0

I use OpenLDAP for LDAP server.

while i use LDAP Security Adapter for security on siebel, while i register a new user on esales_enu, I failed at the last step. it said in the debug lof of OpenLDAP.like this

4f824c29 <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
4f824c29 bdb_add: no write access to parent


what should I do to solve this problem?
  • 1. Re: Registration problem with LDAP Security Adapter for Siebel
    WSiebel Pro
    Currently Being Moderated
    OpenLDAP has not been certified for Siebel 8.1.1. Check below for a list of certified ldap servers:

    http://docs.oracle.com/cd/E11886_01/V8/CORE/SRSP_81/SRSP_81_AncillaryPrograms2.html#wp1033102

    That being said, I did some research about the error you have received. A possible cause is that the applicationuser ldap account does not have permissions to create new ldap accounts under the basedn tree you have defined in your LDAP Security Adapter profile. You can find information about those parameters here:

    http://docs.oracle.com/cd/E14004_01/books/Secur/Secur_ConfigParams3.html#wp1106424

    If that does not help, consider increasing logging for the security adapter and posting the logs here. Also provide further logging from openldap.

    Thanks,

    Wilson
  • 2. Re: Registration problem with LDAP Security Adapter for Siebel
    929209 Newbie
    Currently Being Moderated
    Hi, WSiebel .
    thanks for your reply.
    my config like the following.
    I pasted the 4 following items for the config and log information here.


    1, the ldap server config file is slapd.conf, like the following:
    #
    # See slapd.conf(5) for details on configuration options.
    # This file should NOT be world readable.
    #
    include /usr/local/etc/openldap/schema/core.schema
    include /usr/local/etc/openldap/schema/cosine.schema
    include /usr/local/etc/openldap/schema/inetorgperson.schema
    # Define global ACLs to disable default read access.

    # Do not enable referrals until AFTER you have a working directory
    # service AND an understanding of referrals.
    #referral ldap://root.openldap.org

    pidfile /usr/local/var/run/slapd.pid
    argsfile /usr/local/var/run/slapd.args

    # Load dynamic backend modules:
    # modulepath /usr/local/libexec/openldap
    # moduleload back_bdb.la
    # moduleload back_hdb.la
    # moduleload back_ldap.la

    # Sample security restrictions
    # Require integrity protection (prevent hijacking)
    # Require 112-bit (3DES or better) encryption for updates
    # Require 63-bit encryption for simple bind
    # security ssf=1 update_ssf=112 simple_bind=64

    # Sample access control policy:
    # Root DSE: allow anyone to read it
    # Subschema (sub)entry DSE: allow anyone to read it
    # Other DSEs:
    # Allow self write access
    # Allow authenticated users read access
    # Allow anonymous users to authenticate
    # Directives needed to implement policy:
    # access to dn.base="" by * read

    # access to *
    # by self write
    # by users read
    # by anonymous auth
    #access to dn="cn=users,dc=cn,dc=oracle,dc=com"
    # by self write
    # by dn="uid=APPUSER,cn=users,dc=cn,dc=oracle,dc=com" write
    # by dn="uid=GUESTCST,cn=users,dc=cn,dc=oracle,dc=com" write
    # by dn="uid=SADMIN,cn=users,dc=cn,dc=oracle,dc=com" write
    # by users read
    # by anonymous auth
    # if no access controls are present, the default policy
    # allows anyone and everyone to read anything but restricts
    # updates to rootdn. (e.g., "access to * by * read")
    #
    # rootdn can always read and write EVERYTHING!

    # CA signed certificate and server cert entries:

    TLSCipherSuite HIGH:MEDIUM:+SSLv2
    TLSCACertificateFile /usr/local/var/openldap-data/ca.crt
    TLSCertificateFile /usr/local/var/openldap-data/server.crt
    TLSCertificateKeyFile /usr/local/var/openldap-data/server.key

    # Use the following if client authentication is required
    TLSVerifyClient demand
    # ... or not desired at all
    #TLSVerifyClient never




    #######################################################################
    # BDB database definitions
    #######################################################################

    database bdb
    suffix "dc=cn,dc=oracle,dc=com"
    rootdn "cn=root,dc=cn,dc=oracle,dc=com"
    # Cleartext passwords, especially for the rootdn, should
    # be avoid. See slappasswd(8) and slapd.conf(5) for details.
    # Use of strong authentication encouraged.
    rootpw {SSHA}z2kmQaYQEMoJlEfCAZQkjk83/dphmC1U
    # The database directory MUST exist prior to running slapd AND
    # should only be accessible by the slapd and slap tools.
    # Mode 700 recommended.
    directory /usr/local/var/openldap-data
    # Indices to maintain
    index objectClass eq


    2, the user in the ldapserver is the following:
    dc=cn,dc=oracle,dc=com
    dc=cn
    objectClass=dcObject
    objectClass=organization
    o=cn

    cn=root,dc=cn,dc=oracle,dc=com
    cn=root
    objectClass=organizationalRole

    cn=users,dc=cn,dc=oracle,dc=com
    cn=users
    objectClass=groupOfUniqueNames
    uniqueMember=cn=test,dc=cn,dc=oracle,dc=com

    uid=APPUSER,cn=users,dc=cn,dc=oracle,dc=com
    cn=APPUSER
    uid=APPUSER
    objectClass=top
    objectClass=person
    objectClass=organizationalPerson
    objectClass=inetOrgPerson
    userPassword=APPUSER
    sn=APPUSER

    uid=GUESTCST,cn=users,dc=cn,dc=oracle,dc=com
    cn=GUESTCST
    uid=GUESTCST
    objectClass=top
    objectClass=person
    objectClass=organizationalPerson
    objectClass=inetOrgPerson
    userPassword=GUESTCST
    sn=GUESTCST

    uid=orcladmin,cn=users,dc=cn,dc=oracle,dc=com
    cn=orcladmin
    uid=orcladmin
    objectClass=top
    objectClass=person
    objectClass=organizationalPerson
    objectClass=inetOrgPerson
    userPassword=orcladmin
    sn=orcladmin

    uid=SADMIN,cn=users,dc=cn,dc=oracle,dc=com
    cn=SADMIN
    uid=SADMIN
    objectClass=top
    objectClass=person
    objectClass=organizationalPerson
    objectClass=inetOrgPerson
    userPassword=SADMIN
    sn=SADMIN



    3, the esales_enu log file said the following:

    GenericLog GenericError 1 000008f84f727db4:0 2012-04-10 14:54:14 [AUDIT_LOG]: Global audit cache load successful.
    ObjMgrLog Error 1 000008f84f727db4:0 2012-04-10 14:54:21 (cthd.cpp (3321)) SBL-UIF-00335: We are unable to process your request. This is most likely because you used the browser BACK or REFRESH button to get to this point.
    eProdCfgLog eProdCfgLog 0 000008f84f727db4:0 2012-04-10 14:54:22 VOD Broker File Cache Location for ISSCTXTOBJBR/ISS_SIGNAL: /home/oracle/siebel/gtwysrvr/fs/ISS_OBrkCache/ISSCTXTOBJBR/ISS_SIGNAL/ENU
    eProdCfgLog eProdCfgLog 0 000008f84f727db4:0 2012-04-10 14:54:22 VOD Broker File Cache Location for ISSCTXTOBJBR/ISS_VAR_MAP: /home/oracle/siebel/gtwysrvr/fs/ISS_OBrkCache/ISSCTXTOBJBR/ISS_VAR_MAP/ENU
    ObjMgrBusCompLog Error 1 000008f84f727db4:0 2012-04-10 14:54:22 (bcfile.cpp (1619)) SBL-UIF-00230: The file 0-3G9AN&Siebel eChannel.spf could not be found on any specified file system.
    ObjMgrLog Error 1 000008f84f727db4:0 2012-04-10 14:54:24 (cthd.cpp (3321)) SBL-UIF-00335: We are unable to process your request. This is most likely because you used the browser BACK or REFRESH button to get to this point.
    ObjMgrSRFLog Error 1 000008f84f727db4:0 2012-04-10 14:54:24 (objdef.cpp (14022)) SBL-DAT-00260: There is no menu item definition at position '1' specified as the parent for menu item 'FAQ Catalog RootSubCategory List Applet (eService)' in menu 'Base'.
    ObjMgrLog Error 1 000008f84f727db4:0 2012-04-10 14:54:27 (cthd.cpp (3321)) SBL-UIF-00335: We are unable to process your request. This is most likely because you used the browser BACK or REFRESH button to get to this point.
    GenericLog GenericError 1 000008f84f727db4:0 2012-04-10 14:54:49 (secmgr.cpp (3740) err=4597526 sys=0) SBL-SEC-10006: The authentication system cannot find the user with the specified username. Please check that you have entered the username correctly or contact your system administrator for assistance.
    ObjMgrLog Error 1 000008f84f727db4:0 2012-04-10 14:54:49 (cthd.cpp (3321)) SBL-UIF-00335: We are unable to process your request. This is most likely because you used the browser BACK or REFRESH button to get to this point.
    ObjMgrLog Error 1 000008f84f727db4:0 2012-04-10 14:54:54 (cthd.cpp (3321)) SBL-UIF-00335: We are unable to process your request. This is most likely because you used the browser BACK or REFRESH button to get to this point.
    ObjMgrLog Error 1 000008f84f727db4:0 2012-04-10 14:54:56 (cthd.cpp (3321)) SBL-UIF-00335: We are unable to process your request. This is most likely because you used the browser BACK or REFRESH button to get to this point.
    ObjMgrLog Error 1 000008f84f727db4:0 2012-04-10 14:55:01 (cthd.cpp (3321)) SBL-UIF-00335: We are unable to process your request. This is most likely because you used the browser BACK or REFRESH button to get to this point.
    ObjMgrMiscLog Error 1 000008f84f727db4:0 2012-04-10 14:55:01 (busobj.cpp (1654)) SBL-DAT-00222: An error has occurred creating business component 'Admin SEA Application' used by business object 'User Registration'.

    Please ask your systems administrator to check your application configuration.
    ObjMgrMiscLog Error 1 000008f84f727db4:0 2012-04-10 14:55:01 (busobj.cpp (1654)) SBL-DAT-00222: An error has occurred creating business component 'Admin SEA Application' used by business object 'User Registration'.

    Please ask your systems administrator to check your application configuration.
    ObjMgrMiscLog Error 1 000008f84f727db4:0 2012-04-10 14:55:01 (busobj.cpp (1654)) SBL-DAT-00222: An error has occurred creating business component 'Admin SEA Application' used by business object 'User Registration'.

    Please ask your systems administrator to check your application configuration.
    GenericLog GenericError 1 000008f84f727db4:0 2012-04-10 14:55:02 (secmgr.cpp (4653) err=4597538 sys=0) SBL-SEC-10018: Insufficient access
    GenericLog GenericError 1 000008f84f727db4:0 2012-04-10 14:55:02 (secmgr.cpp (4701) err=4597521 sys=0) SBL-SEC-10001: An internal error has occurred within the authentication subsystem for the Siebel application. Please contact your system administrator for assistance.
    GenericLog GenericError 1 000008f84f727db4:0 2012-04-10 14:55:02 (secmgr.cpp (4319) err=4597521 sys=0) SBL-SEC-10001: An internal error has occurred within the authentication subsystem for the Siebel application. Please contact your system administrator for assistance.
    ObjMgrBusCompLog Error 1 000008f84f727db4:0 2012-04-10 14:55:02 (sqlobj.cpp (38157)) SBL-DAT-00474: Invalid operation while not in update mode.
    ObjMgrBusCompLog Error 1 000008f84f727db4:0 2012-04-10 14:55:02 (buscomp.cpp (33488)) SBL-DAT-00565: An internal error has occurred within the authentication subsystem for the Siebel application. Please contact your system administrator for assistance.
    ObjMgrBusServiceLog Error 1 000008f84f727db4:0 2012-04-10 14:55:02 (userreg.cpp (2547)) SBL-DAT-00565: An internal error has occurred within the authentication subsystem for the Siebel application. Please contact your system administrator for assistance.
    ObjMgrLog Error 1 000008f84f727db4:0 2012-04-10 14:55:02 (stepexec.cpp (1572)) SBL-BPR-00162: Error invoking service 'User Registration', method 'WriteUserInformation' at step 'Write to BusComp'.
    ObjMgrLog Error 1 000008f84f727db4:0 2012-04-10 14:55:02 (cthd.cpp (3321)) SBL-UIF-00335: We are unable to process your request. This is most likely because you used the browser BACK or REFRESH button to get to this point.
    ObjMgrLog Error 1 000008f84f727db4:0 2012-04-10 14:55:03 (cthd.cpp (3321)) SBL-UIF-00335: We are unable to process your request. This is most likely because you used the browser BACK or REFRESH button to get to this point.


    4, while openldap debug log said the following:

    4f83d946 <= send_search_entry: conn 1002 exit.
    4f83d946 bdb_search: 10 does not match filter
    4f83d946 bdb_search: 11 does not match filter
    4f83d946 send_ldap_result: conn=1002 op=1 p=3
    4f83d946 send_ldap_response: msgid=2 tag=101 err=0
    ber_flush2: 14 bytes to sd 13
    4f83d946 connection_get(13): got connid=1002
    4f83d946 connection_read(13): checking for input on id=1002
    ber_get_next
    ber_get_next: tag 0x30 len 92 contents:
    4f83d946 op tag 0x63, time 1334040902
    ber_get_next
    4f83d946 conn=1002 op=2 do_search
    ber_scanf fmt ({miiiib) ber:
    4f83d946 >>> dnPrettyNormal: <uid=GUESTCST,cn=users,dc=cn,dc=oracle,dc=com>
    4f83d946 <<< dnPrettyNormal: <uid=GUESTCST,cn=users,dc=cn,dc=oracle,dc=com>, <ui                        d=guestcst,cn=users,dc=cn,dc=oracle,dc=com>
    ber_scanf fmt (m) ber:
    ber_scanf fmt ({M}}) ber:
    4f83d946 ==> limits_get: conn=1002 op=2 self="uid=appuser,cn=users,dc=cn,dc=orac le,dc=com" this="uid=guestcst,cn=users,dc=cn,dc=oracle,dc=com"
    4f83d946 => bdb_search
    4f83d946 bdb_dn2entry("uid=guestcst,cn=users,dc=cn,dc=oracle,dc=com")
    4f83d946 => send_search_entry: conn 1002 dn="uid=GUESTCST,cn=users,dc=cn,dc=orac le,dc=com"
    ber_flush2: 55 bytes to sd 13
    4f83d946 <= send_search_entry: conn 1002 exit.
    4f83d946 send_ldap_result: conn=1002 op=2 p=3
    4f83d946 send_ldap_response: msgid=3 tag=101 err=0
    ber_flush2: 14 bytes to sd 13
    4f83d946 connection_get(13): got connid=1002
    4f83d946 connection_read(13): checking for input on id=1002
    ber_get_next
    ber_get_next: tag 0x30 len 5 contents:
    4f83d946 op tag 0x42, time 1334040902
    ber_get_next
    4f83d946 ber_get_next on fd 13 failed errno=0 (Success)
    4f83d946 conn=1002 op=3 do_unbind
    4f83d946 connection_close: conn=1002 sd=13
    4f83d946 slap_listener_activate(8):
    4f83d946 >>> slap_listener(ldap:///)
    4f83d946 connection_get(13): got connid=1003
    4f83d946 connection_read(13): checking for input on id=1003
    ber_get_next
    ber_get_next: tag 0x30 len 62 contents:
    4f83d946 op tag 0x60, time 1334040902
    ber_get_next
    4f83d946 conn=1003 op=0 do_bind
    ber_scanf fmt ({imt) ber:
    ber_scanf fmt (m}) ber:
    4f83d946 >>> dnPrettyNormal: <uid=APPUSER,cn=users,dc=cn,dc=oracle,dc=com>
    4f83d946 <<< dnPrettyNormal: <uid=APPUSER,cn=users,dc=cn,dc=oracle,dc=com>, <uid =appuser,cn=users,dc=cn,dc=oracle,dc=com>
    4f83d946 do_bind: version=3 dn="uid=APPUSER,cn=users,dc=cn,dc=oracle,dc=com" met hod=128
    4f83d946 bdb_dn2entry("uid=appuser,cn=users,dc=cn,dc=oracle,dc=com")
    4f83d946 do_bind: v3 bind: "uid=APPUSER,cn=users,dc=cn,dc=oracle,dc=com" to "uid =APPUSER,cn=users,dc=cn,dc=oracle,dc=com"
    4f83d946 send_ldap_result: conn=1003 op=0 p=3
    4f83d946 send_ldap_response: msgid=1 tag=97 err=0
    ber_flush2: 14 bytes to sd 13
    4f83d946 connection_get(13): got connid=1003
    4f83d946 connection_read(13): checking for input on id=1003
    ber_get_next
    ber_get_next: tag 0x30 len 79 contents:
    4f83d946 op tag 0x63, time 1334040902
    ber_get_next
    4f83d946 conn=1003 op=1 do_search
    ber_scanf fmt ({miiiib) ber:
    4f83d946 >>> dnPrettyNormal: <cn=users,dc=cn,dc=oracle,dc=com>
    4f83d946 <<< dnPrettyNormal: <cn=users,dc=cn,dc=oracle,dc=com>, <cn=users,dc=cn,                        dc=oracle,dc=com>
    ber_scanf fmt ({mm}) ber:
    ber_scanf fmt ({M}}) ber:
    4f83d946 ==> limits_get: conn=1003 op=1 self="uid=appuser,cn=users,dc=cn,dc=orac le,dc=com" this="cn=users,dc=cn,dc=oracle,dc=com"
    4f83d946 => bdb_search
    4f83d946 bdb_dn2entry("cn=users,dc=cn,dc=oracle,dc=com")
    4f83d946 search_candidates: base="cn=users,dc=cn,dc=oracle,dc=com" (0x00000003) scope=2
    4f83d946 => bdb_dn2idl("cn=users,dc=cn,dc=oracle,dc=com")
    4f83d946 <= bdb_dn2idl: id=5 first=3 last=11
    4f83d946 => bdb_equality_candidates (objectClass)
    4f83d946 => key_read
    4f83d946 <= bdb_index_read: failed (-30988)
    4f83d946 <= bdb_equality_candidates: id=0, first=0, last=0
    4f83d946 => bdb_equality_candidates (uid)
    4f83d946 <= bdb_equality_candidates: (uid) not indexed
    4f83d946 bdb_search_candidates: id=5 first=3 last=11
    4f83d946 bdb_search: 3 does not match filter
    4f83d946 bdb_search: 8 does not match filter
    4f83d946 bdb_search: 9 does not match filter
    4f83d946 bdb_search: 10 does not match filter
    4f83d946 bdb_search: 11 does not match filter
    4f83d946 send_ldap_result: conn=1003 op=1 p=3
    4f83d946 send_ldap_response: msgid=2 tag=101 err=0
    ber_flush2: 14 bytes to sd 13
    4f83d946 connection_get(13): got connid=1003
    4f83d946 connection_read(13): checking for input on id=1003
    ber_get_next
    ber_get_next: tag 0x30 len 37 contents:
    4f83d946 op tag 0x63, time 1334040902
    ber_get_next
    4f83d946 conn=1003 op=2 do_search
    ber_scanf fmt ({miiiib) ber:
    4f83d946 >>> dnPrettyNormal: <>
    4f83d946 <<< dnPrettyNormal: <>, <>
    ber_scanf fmt (m) ber:
    ber_scanf fmt ({M}}) ber:
    4f83d946 => send_search_entry: conn 1003 dn=""
    ber_flush2: 50 bytes to sd 13
    4f83d946 <= send_search_entry: conn 1003 exit.
    4f83d946 send_ldap_result: conn=1003 op=2 p=3
    4f83d946 send_ldap_response: msgid=3 tag=101 err=0
    ber_flush2: 14 bytes to sd 13
    4f83d946 connection_get(13): got connid=1003
    4f83d946 connection_read(13): checking for input on id=1003
    ber_get_next
    ber_get_next: tag 0x30 len 37 contents:
    4f83d946 op tag 0x63, time 1334040902
    ber_get_next
    4f83d946 conn=1003 op=3 do_search
    ber_scanf fmt ({miiiib) ber:
    4f83d946 >>> dnPrettyNormal: <>
    4f83d946 <<< dnPrettyNormal: <>, <>
    ber_scanf fmt (m) ber:
    ber_scanf fmt ({M}}) ber:
    4f83d946 => send_search_entry: conn 1003 dn=""
    ber_flush2: 50 bytes to sd 13
    4f83d946 <= send_search_entry: conn 1003 exit.
    4f83d946 send_ldap_result: conn=1003 op=3 p=3
    4f83d946 send_ldap_response: msgid=4 tag=101 err=0
    ber_flush2: 14 bytes to sd 13
    4f83d946 connection_get(13): got connid=1003
    4f83d946 connection_read(13): checking for input on id=1003
    ber_get_next
    ber_get_next: tag 0x30 len 94 contents:
    4f83d946 op tag 0x63, time 1334040902
    ber_get_next
    4f83d946 conn=1003 op=4 do_search
    ber_scanf fmt ({miiiib) ber:
    4f83d946 >>> dnPrettyNormal: <uid=GUESTCST,cn=users,dc=cn,dc=oracle,dc=com>
    4f83d946 <<< dnPrettyNormal: <uid=GUESTCST,cn=users,dc=cn,dc=oracle,dc=com>, <ui                        d=guestcst,cn=users,dc=cn,dc=oracle,dc=com>
    ber_scanf fmt (m) ber:
    ber_scanf fmt ({M}}) ber:
    4f83d946 ==> limits_get: conn=1003 op=4 self="uid=appuser,cn=users,dc=cn,dc=orac le,dc=com" this="uid=guestcst,cn=users,dc=cn,dc=oracle,dc=com"
    4f83d946 => bdb_search
    4f83d946 bdb_dn2entry("uid=guestcst,cn=users,dc=cn,dc=oracle,dc=com")
    4f83d946 => send_search_entry: conn 1003 dn="uid=GUESTCST,cn=users,dc=cn,dc=orac le,dc=com"
    ber_flush2: 122 bytes to sd 13
    4f83d946 <= send_search_entry: conn 1003 exit.
    4f83d946 send_ldap_result: conn=1003 op=4 p=3
    4f83d946 send_ldap_response: msgid=5 tag=101 err=0
    ber_flush2: 14 bytes to sd 13
    4f83d946 connection_get(13): got connid=1003
    4f83d946 connection_read(13): checking for input on id=1003
    ber_get_next
    ber_get_next: tag 0x30 len 193 contents:
    4f83d946 op tag 0x68, time 1334040902
    ber_get_next
    4f83d946 conn=1003 op=5 do_add
    ber_scanf fmt ({m) ber:
    ber_scanf fmt ({m{W}}) ber:
    ber_scanf fmt ({m{W}}) ber:
    ber_scanf fmt ({m{W}}) ber:
    ber_scanf fmt ({m{W}}) ber:
    ber_scanf fmt (}) ber:
    4f83d946 >>> dnPrettyNormal: <uid=ALEXWANG2080,cn=users,dc=cn,dc=oracle,dc=com>
    4f83d946 <<< dnPrettyNormal: <uid=ALEXWANG2080,cn=users,dc=cn,dc=oracle,dc=com>, <uid=alexwang2080,cn=users,dc=cn,dc=oracle,dc=com>
    4f83d946 bdb_dn2entry("uid=alexwang2080,cn=users,dc=cn,dc=oracle,dc=com")
    4f83d946 => bdb_dn2id("uid=alexwang2080,cn=users,dc=cn,dc=oracle,dc=com")
    4f83d946 <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
    4f83d946 bdb_referrals: tag=104 target="uid=ALEXWANG2080,cn=users,dc=cn,dc=oracl e,dc=com" matched="cn=users,dc=cn,dc=oracle,dc=com"
    4f83d946 oc_check_required entry (uid=ALEXWANG2080,cn=users,dc=cn,dc=oracle,dc=c om), objectClass "inetOrgPerson"
    4f83d946 oc_check_allowed type "uid"
    4f83d946 oc_check_allowed type "cn"
    4f83d946 oc_check_allowed type "sn"
    4f83d946 oc_check_allowed type "objectClass"
    4f83d946 oc_check_allowed type "structuralObjectClass"
    4f83d946 bdb_dn2entry("uid=alexwang2080,cn=users,dc=cn,dc=oracle,dc=com")
    4f83d946 => bdb_dn2id("uid=alexwang2080,cn=users,dc=cn,dc=oracle,dc=com")
    4f83d946 <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
    4f83d946 bdb_add: no write access to parent
    4f83d946 send_ldap_result: conn=1003 op=5 p=3
    4f83d946 send_ldap_response: msgid=6 tag=105 err=50
    ber_flush2: 39 bytes to sd 13
    4f83d946 connection_get(13): got connid=1003
    4f83d946 connection_read(13): checking for input on id=1003
    ber_get_next
    ber_get_next: tag 0x30 len 37 contents:
    4f83d946 op tag 0x63, time 1334040902
    ber_get_next
    4f83d946 conn=1003 op=6 do_search
    ber_scanf fmt ({miiiib) ber:
    4f83d946 >>> dnPrettyNormal: <>
    4f83d946 <<< dnPrettyNormal: <>, <>
    ber_scanf fmt (m) ber:
    ber_scanf fmt ({M}}) ber:
    4f83d946 => send_search_entry: conn 1003 dn=""
    ber_flush2: 50 bytes to sd 13
    4f83d946 <= send_search_entry: conn 1003 exit.
    4f83d946 send_ldap_result: conn=1003 op=6 p=3
    4f83d946 send_ldap_response: msgid=7 tag=101 err=0
    ber_flush2: 14 bytes to sd 13
    4f83d946 connection_get(13): got connid=1003
    4f83d946 connection_read(13): checking for input on id=1003
    ber_get_next
    ber_get_next: tag 0x30 len 5 contents:
    4f83d946 op tag 0x42, time 1334040902
    ber_get_next
    4f83d946 ber_get_next on fd 13 failed errno=0 (Success)
    4f83d946 conn=1003 op=7 do_unbind
    4f83d946 connection_close: conn=1003 sd=13
  • 3. Re: Registration problem with LDAP Security Adapter for Siebel
    WSiebel Pro
    Currently Being Moderated
    Per log files provided I assume this setting for siebel LDAP Security adapter profile:

    basedn = cn=users,dc=cn,dc=oracle,dc=com
    applicationuser = uid=APPUSER,cn=users,dc=cn,dc=oracle,dc=com

    Per error messages below:

    GenericLog GenericError 1 000008f84f727db4:0 2012-04-10 14:55:02 (secmgr.cpp (4653) err=4597538 sys=0) SBL-SEC-10018: Insufficient access

    4f83d946 => bdb_dn2id("uid=alexwang2080,cn=users,dc=cn,dc=oracle,dc=com")
    4f83d946 <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
    4f83d946 bdb_add: no write access to parent

    I understand that application user APPUSER does not have permission to create alexwang2080 account under baseDN cn=users,dc=cn,dc=oracle,dc=com. The error "No matching key/data pair found" is expected because ldap security adapter checks if user exists before creating it.

    Perform a test and log into openldap using APPUSER credentials and try to create a ldap account under cn=users,dc=cn,dc=oracle,dc=com tree. If that fails you will need to add privileges for APPUSER so this user can create accounts under basedn.

    If above does not help, increase logging per Doc ID 477959.1 on support.oracle.com and send the updated log files. Also include a list of the parameters under ldap security adapter profile.

    Thanks,

    Wilson
  • 4. Re: Registration problem with LDAP Security Adapter for Siebel
    929209 Newbie
    Currently Being Moderated
    thanks,
    I add the access to the following users, and it works fine now.

    access to dn.subtree="cn=users,dc=cn,dc=oracle,dc=com"
    by dn="uid=APPUSER,cn=users,dc=cn,dc=oracle,dc=com" write
    by dn="uid=GUESTCST,cn=users,dc=cn,dc=oracle,dc=com" write
    by dn="uid=SADMIN,cn=users,dc=cn,dc=oracle,dc=com" write
    by self write
    by users read
    by anonymous auth

    yes, the problem is the user APPUSER doesnot have permission to write record to the base dn.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points