Corporation Network Router User Manual
Troubleshooting Enterprise User Security
12-28 Oracle Database Advanced Security Administrator's Guide
ORA-28272: Domain policy does not allow password-authenticated GLOBAL
users
Action: Use Enterprise Security Manager to set the user authentication policy
for this enterprise domain to Password or ALL.
ORA-28273: No mapping for user login name to LDAP distinguished name exists
Action: Check the following:
1. Check that a user entry exists in Oracle Internet Directory for your user.
2. UseEnterprise Security Managerto check thata user search base containing
this user is listed in the identity management realm that you are using.
3. Check that the user entry contains the right login name:
– Use Enterprise Security Manager Console to find the login name
attribute that is configured for the directory in your realm, and
– Check that the name provided during the attempted user database
login is the value for that attribute in the user directory entry.
4. If you have an exclusive schema for the global user in the database, then
check that the DN in the database matches the DN of the user entry in
Oracle Internet Directory.
ORA-28274: No ORACLE password attribute corresponding to user login name
exists
Action: Check the following:
1. Check that the user entry in the directory has the orcluser object class. If
it does not, then perform the following steps:
– Use Oracle Internet Directory Self-Service Console to check that the
default object classes for new user creation include orcluser, and then
– Use Enterprise Security Manager Console or Oracle Internet Directory
Self-Service Console to re-create the user, or
– Add the orcluser and the orcluserV2 object classes.
2. Check that there is a value for the attribute orclpassword in the user
entry. If there is no value, then reset the user's directory password
(userpassword attribute). This should prompt Oracle Internet Directory
to regenerate the database password verifier for the user.