User's Manual
Troubleshooting Enterprise User Security
Enterprise User Security Configuration Tasks and Troubleshooting 12-33
4. Check that the LDAP_DIRECTORY_ACCESS parameter is set to SSL in the
database initialization parameters file.
5. Check that the database wallet has auto login enabled. Either use Oracle
Wallet Manager, or check that there is a cwallet.sso file in $ORACLE_
HOME/admin/<ORACLE_SID>/wallet/.
6. Use the mkstore command line utility to check that the database wallet
has the database DN in it by using the following syntax:
mkstore -wrl <database_wallet_location> -viewEntry ORACLE.SECURITY.DN
If the wallet does not contain the database DN, then use Database
Configuration Assistant to re-register the database with Oracle Internet
Directory.
7. Check that the database can bind to Oracle Internet Directory by using its
wallet with the following ldapbind:
ldapbind -h <directory_host> -p <directory_SSLport> -U 3 -W
"file:<database wallet_location>" -P <wallet_password>
8. Check to ensure the database belongs to only one enterprise domain.
ORA-28301: Domain policy has not been registered for SSL authentication
Action: Use Enterprise Security Manager to set the user authentication policy
for this enterprise domain to include SSL.
ORA-28862: SSL handshake failed
Action: See Chapter 7, "Configuring Secure Sockets Layer Authentication" for
information about configuring your SSL connection.
NO-GLOBAL-ROLES Checklist
If the enterprise user can connect to the database, but a
select * from session_roles returns no global roles, then check the
following:
Note: The mkstore utility is for troubleshooting purposes only.
The name and functionality of this tool may change in the future. In
10g Release 1 (10.1), Oracle supports only the viewEntry mode.