You may face the following issue with EUS and OUD. When trying to authenticate using sqlplus, the authentication fails and sqlplus displays:
ORA-28030: Server encountered problems accessing LDAP directory service
Unfortunately, OUD access logs do not help a lot as you can find only the following:
[23/Feb/2016:13:48:29 +0100] CONNECT conn=73 from=10.166.139.54:30238 to=10.166.139.64:1636 protocol=LDAPS [23/Feb/2016:13:48:29 +0100] DISCONNECT conn=73 reason="Client Disconnect"
This type of error happens when the database is not able to find its credentials in its wallet. To troubleshoot, first check which wallet is picked by the database, then make sure that the wallet contains the DN and password for the database.
- Enable the database logs to find the wallet location
Edit $ORACLE_HOME/network/admin/sqlnet.ora and add the following lines:
DIAG_ADR_ENABLED=OFF TRACE_DIRECTORY_SERVER=/path/to/logs/server TRACE_LEVEL_SERVER=16 TRACE_LEVEL_CLIENT=16 TRACE_DIRECTORY_CLIENT=/path/to/logs/client
- run the sqlplus command and examine the logs in /path/to/logs/server. They will contain references to WALLET_LOCATION and display the path used to find the wallet.
- If the path is not consistent with your expectations (by default the wallet is in $ORACLE_BASE/admin/$ORACLE_SID/wallet), edit $ORACLE_HOME/network/admin/sqlnet.ora and add the following lines:
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /path/to/db/wallet) ) )
- Make sure that the specified wallet is an auto-login wallet (the wallet directory must contain a cwallet.sso file):
$ ls /path/to/db/wallet cwallet.sso ewallet.p12
- Make sure that the specified wallet contains a DN and password for the database (they were generated by dbca when the database was registered in the LDAP server):
$ mkstore -wrl /path/to/db/wallet -viewEntry ORACLE.SECURITY.DN Oracle Secret Store Tool : Version 220.127.116.11.0 - Production Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. Enter wallet password: ******** ORACLE.SECURITY.DN = cn=orcl11gr2,cn=OracleContext,dc=eusovd,dc=com $ mkstore -wrl /path/to/db/wallet -viewEntry ORACLE.SECURITY.PASSWORD Oracle Secret Store Tool : Version 18.104.22.168.0 - Production Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. Enter wallet password: ******** ORACLE.SECURITY.PASSWORD = <password generated by dbca>
- If it is not the case, you can re-run dbca and choose to generate a new password. dbca will then create the ORACLE.SECURITY.DN and ORACLE.SECURITY.PASSWORD entries in the wallet.