Archive for the ‘Oracle Portal’ Category

Microsoft AD and OID synchronization not happening

Support team reported an issue where they were not able to see some of the new users created in AD (Active Directory) flowing to OID (Oracle Internet Directory)
I started looking into the issue. I checked ODI synchronization services (odisrv process)

Logged into the infra tier and ran the command

$ $ORACLE_HOME/ldap/bin/ldapcheck

Checking Oracle Internet Directory Processes ...ALL

Process oidmon is Alive as PID 30596
Process oidldapd is Alive as PID 30603
Process oidldapd is Alive as PID 30609
Not Running ---- Process oidrepld
Process odisrv is Alive as PID 17381

then checked the ldap synchronization log ($ORACLE_HOME/ldap/oid/log/_.aud
and this showed last successful synchronization happened on 23rd Feb 2015
No Errors were seen in the ldap trace file, oidsrv log or oidmon log.
I looked into the highest COMMITTED USN in the AD

$ ldapsearch -h  -b "" -s base "objectclass=*" highestcommittedusn

And searched for highest committed USN from the DIP profile

$ ldapsearch -h  -p  -D "cn=orcladmin" -w  -b "cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory" -s sub "objectclass=*" > /tmp/PROD_DIP_Profile.txt

$ grep -i "orclodipcondirlastappliedchgnum" /tmp/PROD_DIP_Profile1.txt
$ orclodipcondirlastappliedchgnum=0

So there was huge difference between the highestCommittedUSN between AD and that in the DIPprofile.
This is the reason Synchronization got stopped.

I followed below steps to make this synchronization work again.
1) Stop the odisrv process
$ oidctl connect= server=odisrv instance=1 stop
2) Disable the DIP profile
– Set the DISPLAY
– Open a VNC sessions and run the below command

Login to oid console with user as “cn=orcladmin”
Go to Integration Server
Select the profile which should be something like <OID_SID>_PortalImport
Edit the same and make it “Disable”










You can check this by running the below command on Infra Node.
ldapsearch –h [oid_hostname with fully qualified domain] –p 389 –D “cn=orcladmin” –w –b “orclodipAgentName=xxxx_PortalImport,cn=subscriber profile ,cn=changelog subscriber,cn=oracle internet directory” –s base “objectclass=*” orclodipagentcontrol

3) update the Highest committed USN in the DIP profile with that obtained from AD
— Now again edit the same profile and go into ‘Status’ Tab
— Update the value against “Last Applied Change Number” with the value obtained above from AD









4) Enable the profile again
— Edit the Profile and make it enable

5) Move the old and existing odisrv log, odimon log, synchronization log ($ORACLE_INFRA_HOME/ldap/oid/log/*.aud and *.trc)
6) Start the odisrv process

$oidctl connect==[tns_alias] server=odisrv instance=1 configset=1 flags=”host=[oid_hostname with fully qualified domain] port=389″ start
7) Run “ldapcheck” command to see the odisrv process.


Process oidmon is Alive as PID 28339
Process oidldapd is Alive as PID 28347
Process oidldapd is Alive as PID 28361
Not Running ---- Process oidrepld
Process odisrv is Alive as PID 28348

Now again search for Highest Committed USN in AD and in DIP profile and it matches.

This resolved the issue and synchronization resumed between Microsoft AD and OID.


How to change “orcladmin” user password when it is expired

December 9, 2014 Leave a comment
  • Login to $ORACLE_HOME/bin (Infra Home)
    • Make sure vnc process is running and DISPLAY variable is configured to the VNC port
  • export DISPLAY=<server_name>:<port_no>
  • Invoke the script -oidamin
    • $ ./oidadmin
  • Now login to the GUI (onVNC) with the following credential
    • User = “cn=orcladmin”
    • Password = default it is the same as that of “ias_admin”
  • Once logged in, navigate as below
  • Entry Management
    • cn=OracleContext
      • dc=com
      • dc=abc <domain_name>
        • cn=Users
        • cn=<orcladmin>
  • Click on cn=<orcladmin>
  • Scroll to the bottom in “Properties” tab
  • Look for the attribute “userpassword”
  • Update the value with the password and then click on “Apply”
Categories: Oracle Portal Tags:

Deleting duplicate users in Oracle Portal

In one of our PROD application (Oracle portal), user reported that he is not able to login and getting some weird error message. Later on while troubleshooting, it was found that this is happening due to duplicate user in OID.

      How to remove the duplicate user from Oracle portal

Step1 : Login to Portal using ‘orcladmin’ accound and query the problematic user and you will see 2 entries for the same user
Step2 : Login to OID database using ‘portal’ user

a)Query wwsec_person$ table – this table is populated ONLY when the user logs into the portal
b)DELETE the entry from wwsec_person$ table. If there is an error while deleting the user, disable the below triggers, delete the record and then enable the trigger again
Step3 : Remove the entry from LDAP using ldapdelete command
-ldapdelete -h -D “cn=orcladmin” -w -p -v “”
Step4 : Confirm by running the ldapsearch command on the Infra tier
-ldapsearch -h -p -D “cn=orcladmin” -w -b ” -s base “objectclass=*” orclobjectguid

Now the user must be made to synch again with OID. This can be verified from LDAP log.

Categories: Oracle Portal