You may face the following issue with EUS and OUD. When trying to authenticate using sqlplus, the authentication fails and sqlplus displays:
ORA-28030: Server encountered problems accessing LDAP directory service
Unfortunately, OUD access logs do not help a lot as you can find only the following:
[23/Feb/2016:13:48:29 +0100] CONNECT conn=73 from=10.166.139.54:30238 to=10.166.139.64:1636 protocol=LDAPS [23/Feb/2016:13:48:29 +0100] DISCONNECT conn=73 reason="Client Disconnect"
This type of error happens when the database is not able to find its credentials in its wallet. To troubleshoot, first check which wallet is picked by the database, then make sure that the wallet contains the DN and password for the database.
- Enable the database logs to find the wallet location
Edit $ORACLE_HOME/network/admin/sqlnet.ora and add the following lines:DIAG_ADR_ENABLED=OFF TRACE_DIRECTORY_SERVER=/path/to/logs/server TRACE_LEVEL_SERVER=16 TRACE_LEVEL_CLIENT=16 TRACE_DIRECTORY_CLIENT=/path/to/logs/client
- run the sqlplus command and examine the logs in /path/to/logs/server. They will contain references to WALLET_LOCATION and display the path used to find the wallet.
- If the path is not consistent with your expectations (by default the wallet is in $ORACLE_BASE/admin/$ORACLE_SID/wallet), edit $ORACLE_HOME/network/admin/sqlnet.ora and add the following lines:
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /path/to/db/wallet) ) )
- Make sure that the specified wallet is an auto-login wallet (the wallet directory must contain a cwallet.sso file):
$ ls /path/to/db/wallet cwallet.sso ewallet.p12
- Make sure that the specified wallet contains a DN and password for the database (they were generated by dbca when the database was registered in the LDAP server):
$ mkstore -wrl /path/to/db/wallet -viewEntry ORACLE.SECURITY.DN Oracle Secret Store Tool : Version 11.2.0.2.0 - Production Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. Enter wallet password: ******** ORACLE.SECURITY.DN = cn=orcl11gr2,cn=OracleContext,dc=eusovd,dc=com $ mkstore -wrl /path/to/db/wallet -viewEntry ORACLE.SECURITY.PASSWORD Oracle Secret Store Tool : Version 11.2.0.2.0 - Production Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. Enter wallet password: ******** ORACLE.SECURITY.PASSWORD = <password generated by dbca>
- If it is not the case, you can re-run dbca and choose to generate a new password. dbca will then create the ORACLE.SECURITY.DN and ORACLE.SECURITY.PASSWORD entries in the wallet.
Thanks for the great article and helped me narrow down our issue. We still had the same connect/disconnect issue after going through all of the steps above. The other item that needed to be done in our case was add both OUD servers to into the /etc/hosts file on the db server. An alternative to this (just haven’t tested it yet) is to configure forward and reverse lookups for the OUD hosts in DNS.
LikeLike
Hi Blanc, I tried to create wallet using orapki and added self-signed certificate of OUD to database. But I still getting same issue.
[oracle@MSCLIN104:/home/oracle] > sqlplus user.1@oudtest
SQL*Plus: Release 12.2.0.1.0 Production on Fri Sep 7 12:23:44 2018
Copyright (c) 1982, 2016, Oracle. All rights reserved.
ERROR:
ORA-28030: Server encountered problems accessing LDAP directory service
Enter user-name: ^C
LikeLike
Hi,
unfortunately I left the OUD/EUS project more than 2 years ago and my knowledge is probably out of date now. You can contact subject matter experts on the OUD Forum: https://community.oracle.com/community/technology_network_community/fusion_middleware/identity_management/oracle_directory_server_enterprise_edition_sun_dsee/content
LikeLike
lets talk in OUD/EUS Forums. Please post there,
LikeLike