There are 2 nodes of OAM, OID in our production environment. When the first node services are down i.e., OAM and OID, the applications or webgate should talk to 2nd node OAM service which is already configured in OAM access servers for failover, but that is not happening.
However, the status of services OAM, OID are pretty much ALIVE. So this has put me in doubt. Bouncing OID and OAM applications did not solve the problem. So I had stop OAM services first to ensure whether my LDAP is working fine. Below is the error when I execute ldapbind command.
[oracle@host bin]$ ./ldapbind
Cannot connect to the LDAP server
[oracle@host bin]
I got a clue here that there is some issue with OID and when I checked the ldap logs, I found the error shown below.
2011/02/14:19:05:01 * Main:0 * sgslunlListen: Bind failed (port=389), OS error=(13)
2011/02/14:19:05:01 * Main:0 * FATAL * main * Dispatcher Process unable to bind to port
Cause:
After some research I found that this issue is because of the permission change for files oidldapd, oidmon and oidrepld (not sure how) . You can find these commands at location $ORACLE_HOME/bin. The existing permissions are given below:
[oracle@host bin]$ ls -ltr oidldapd
-rwxrwxrwx 1 root oinstall 2747063 Oct 12 15:21 oidldapd
[oracle@host bin]$ ls -ltr oidmon
-rwxrwxrwx 1 oracle oinstall 1695043 Dec 29 20:43 oidmon
[oracle@host bin]$ ls -ltr oidrepld
-rwxrwxrwx 1 oracle oinstall 1847833 Dec 29 20:43 oidrepld
What is the action plan?
The actual permissions for these commands should be as shown below.
oidldapd:
-rws--x--- root dba
oidmon:
-rws--x--- oracle dba
oidrepld:
-rws--x--- oracle dba
I logged in as root user and executed the below command at the location $ORACLE_HOME/bin.
chmod 4710 oidldapd
chmod 4710 oidmon
chmod 4710 oidrepld
Stopped OID process as shown below.
./opmnctl stopproc process-type=OID
Searched for ldap processes using the command given below.
ps -ef | grep oidldap
killed those processes which are ALIVE.
Stopped the oidmon process as shown below at the location $ORACLE_HOME/bin.
./oidmon connect=<oid_db> stop
Searched for oid process as shown below and killed live processes.
ps -ef | grep oid
Started the OID component now as shown below.
./opmnctl startproc process-type=OID
Then, tried ldapbind command and it worked like a charm!!!!
[oracle@host bin]$ ./ldapbind
bind successful
Helpful notes:
Metalink Article: 1172775.1
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com