Cannot login to OAM console after upgrading OID to 10.1.4.3

Hi all,

I have performed the OID upgrade to 10.1.4.3 today. Till then, OAM was working perfectly fine. Soon after the upgrade, I restarted OID and OAM services and it went without any errors.

When I accessed the OAM consoles either (Identity or Access), it throws an error saying Invalid Credential. The Access Server logs show the error given below.

Directory is unreachable, down, or incorrect connection parameters were specified” function^LoadDBEntrySetSorted() dn^ou=Oblix, <DN>”

I am sure that login details are not changed at all.

It seems that this is a known issue with OID 10.1.4.3 when we use it as user store for OAM, tuning is required!

Workaround: 

Need to modify certain attributes of few object classes as shown below.

$ORACLE_HOME/bin/ldapmodify –h <OID host> -p <OID port> –D cn=orcladmin –w <OID superuser password> -v <EOF
dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
replace: orclinmemfiltprocess
orclinmemfiltprocess:(|(!(obuseraccountcontrol=*))(obuseraccountcontrol=activated))
orclinmemfiltprocess:(|(obuseraccountcontrol=activated)(!(obuseraccountcontrol=*)))
orclinmemfiltprocess:(obapp=groupservcenter)(!(obdynamicparticipantsset=*))
orclinmemfiltprocess:(objectclass=oblixworkflowinstance)
orclinmemfiltprocess:(objectclass=inetorgperson)
orclinmemfiltprocess:(objectclass=oblixorgperson)
orclinmemfiltprocess:(objectclass=oblixworkflowstepinstance)
EOF

You can also copy it in ldif and run the ldapmodify from OID machine. Now, I am able to access the OAM consoles fine.

Helpful Articles:

Metalink article 558040.1.

PS: The workaround was suggested by a person called Gopi Goalla, Thanks to him!!

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

8 comments
Atul Kumar says August 23, 2010

Mahendra,
Good to see workaround, I wish if you could elaborate more on solution or fix you applied.

Looking at LDIF you are changing attribute orclinmemfiltprocess for entity/object cn=dsaconfig,cn=configsets,cn=oracle internet directory

Is it possible to explain why We have to do this and what does above actually means (specially for those who are new to LDAP/OID)

Thanks in advance for these wonderful and very useful posts.

Reply
Mahendra says September 21, 2010

Atul,

This ldif typically tunes the OID for performance. Not sure what exactly it does internally, but it adds/replaces certain attributes of orclinmemfiltprocess object class.

Reply
grandpree says January 25, 2013

Atul,

I wanted to change the login details of OID superuser like password. But have OAM user store and policy store already configured. How to reset the OID credentials in OAM after OID super user password change activity? Please help

Reply
Mahendra says January 25, 2013

@grandpree,

I presume you’re using OAM 10g. If so, was there any error in OAM logs after changing OID super user password?

-Mahendra

Reply
grandpree says January 25, 2013

I am unable to bring up the OAM services up and running after changing the OID super user admin password. OAM version is 10.1.4.3

Reply
grandpree says January 25, 2013

OAM running on windows OS

Reply
Mahendra says January 25, 2013

Can you please paste the error from the logs?

Reply
Add Your Reply