Cannot login to OAM console after upgrading OID to 10.1.4.3
Hi all,
I have performed the OID upgrade to 10.1.4.3 today. Till then, OAM was working perfectly fine. Soon after the upgrade, I restarted OID and OAM services and it went without any errors.
When I accessed the OAM consoles either (Identity or Access), it throws an error saying Invalid Credential. The Access Server logs show the error given below.
Directory is unreachable, down, or incorrect connection parameters were specified” function^LoadDBEntrySetSorted() dn^ou=Oblix, <DN>”
I am sure that login details are not changed at all.
It seems that this is a known issue with OID 10.1.4.3 when we use it as user store for OAM, tuning is required!
Workaround:
Need to modify certain attributes of few object classes as shown below.
$ORACLE_HOME/bin/ldapmodify –h <OID host> -p <OID port> –D cn=orcladmin –w <OID superuser password> -v <EOF
dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
replace: orclinmemfiltprocess
orclinmemfiltprocess:(|(!(obuseraccountcontrol=*))(obuseraccountcontrol=activated))
orclinmemfiltprocess:(|(obuseraccountcontrol=activated)(!(obuseraccountcontrol=*)))
orclinmemfiltprocess:(obapp=groupservcenter)(!(obdynamicparticipantsset=*))
orclinmemfiltprocess:(objectclass=oblixworkflowinstance)
orclinmemfiltprocess:(objectclass=inetorgperson)
orclinmemfiltprocess:(objectclass=oblixorgperson)
orclinmemfiltprocess:(objectclass=oblixworkflowstepinstance)
EOF
You can also copy it in ldif and run the ldapmodify from OID machine. Now, I am able to access the OAM consoles fine.
Helpful Articles:
Metalink article 558040.1.
PS: The workaround was suggested by a person called Gopi Goalla, Thanks to him!!
About the Author Mahendra
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com