Manualshelf

Corporation Network Router User Manual

ManualsBrandsOracle ManualsNetwork RouterOracle Database B10772-01
341342343344345346347348349350
Troubleshooting Enterprise User Security
Enterprise User Security Conguration Tasks and Troubleshooting 12-31
2. Check that there is a value for the attribute krbprincipalname in the
user entry. If there is no value, then use Oracle Internet Directory
Self-Service Console to enter one.
3. Use Enterprise Security Manager to check that the user search base
containing this user is listed in the realm Oracle Context that you are using.
4. Check that the ACL on the user search base attribute allows read and search
access to the krbprincipalname attributes by the verifierServices
group. This is set properly by default, but may have been altered.
ORA-28293: No matched Kerberos principal found in any user entry.
Action: Check the following:
1. Check that a user entry exists in Oracle Internet Directory for your user.
2. Use Enterprise Security Manager or ldapsearch to check that a user
search base containing this user is listed in the identity management realm
that you are using.
3. Check that the user entry in the directory contains the correct Kerberos
principal name by using the following steps:
Use Enterprise Security Manager Console to find the Kerberos principal
name attribute that is configured for the directory in your realm, and
Check that the correct Kerberos principal name appears in that attribute
in the user's directory entry.
4. If you have an exclusive schema for the global user in the database, check
that the DN in the database matches the DN of the user entry in Oracle
Internet Directory.
ORA-28300: No permission to read user entry in LDAP directory service
Action: Check that the database wallet contains the correct credentials for the
database-to-directory connection. The wallet DN should be the DN of the
database in Oracle Internet Directory. To retrieve the credentials, perform the
following steps:
1. Use the mkstore command line utility to retrieve the database password
for the wallet by using the following syntax:
mkstore -wrl <database wallet location> -viewEntry
ORACLE.SECURITY.PASSWORD -viewEntry ORACLE.SECURITY.DN