In my current project, I am working on some Oracle products including the new 11g Fusion Middleware components such as Oracle WebCenter, Oracle UCM, etc.
The project involves integrated existing Oracle components such as Oracle Single Sign Server and Oracle Internet Directory with Oracle 11g Fusion Middleware applications.
By default, Oracle WebCenter Spaces application is configured to use an embedded Ldap store for policy credentials which is not suitable for production environments. One of my tasks was to configure Oracle WebLogic and WebCenter Spaces application so that Policy and Credential Store would be hosted at an external Ldap store, in our case it was Oracle Internet Directory 10.1.4.3.
This version of OID in our case was a patched version of OID from 10.1.2.3. We first patched it to version 10.1.4.0.1 and then applied other patches to bring the version to 10.1.4.3 which is the support version of OID by Oracle WebCenter Spaces.
We followed the following documentation from Oracle http://download.oracle.com/docs/cd/E12839_01/webcenter.1111/e12405/wcadm_security.htm#BGBCFDJI to handle configuration changes to move the Policy and Credential store.
When we re-started the WebLogic Domain Server, we started getting bunch of Access Denied exceptions. Due to these exceptions, WebLogic server was never fully started.
Here is the stack trace of the error we were getting:
<[LDAP: error code 53 - Function Not Implemented]
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Function Not Implemented]; remaining name 'cn=base_domain,cn=JPSContext,cn=root_webcenter'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3114)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
at oracle.security.jps.internal.common.ldap.util.JpsLdapCommonUtil.search(JpsLdapCommonUtil.java:181)
at oracle.security.jps.internal.policystore.util.PolicyStoreRefreshUtil.fillAppsFromDomain(PolicyStoreRefreshUtil.java:591)
at oracle.security.jps.internal.policystore.util.PolicyStoreRefreshUtil.getApplicationsList(PolicyStoreRefreshUtil.java:194)
at oracle.security.jps.internal.policystore.ldap.PolicyStoreRefreshManager.getApplicationsList(PolicyStoreRefreshManager.java:383)
at oracle.security.jps.internal.policystore.ldap.PolicyStoreRefreshManager.scanApplicationPolicies(PolicyStoreRefreshManager.java:461)
at oracle.security.jps.internal.policystore.util.PolicyStoreRefreshThread.run(PolicyStoreRefreshThread.java:79)
>
After working with Oracle Support for 3 weeks, we got an and answer that this had to do with indexing of certain data column in OID schema.
Oracle Support had given us another documentation that actually had steps for cataloging/indexing of these columns that the first document had no reference.
Here is the link to the document that talks about the needed indexing http://download.oracle.com/docs/cd/E14571_01/core.1111/e12037/oam.htm#sthref701. Once we created the indexes, WebLogic was able to start up successfully and we were able to use the Policy and Credential store effectively with WebCenter Spaces.
I thought posting this here because Oracle Support was very slow (3 weeks) to point us to this document. We made recommendations that the first document be updated to have a reference to the second document.
The project involves integrated existing Oracle components such as Oracle Single Sign Server and Oracle Internet Directory with Oracle 11g Fusion Middleware applications.
By default, Oracle WebCenter Spaces application is configured to use an embedded Ldap store for policy credentials which is not suitable for production environments. One of my tasks was to configure Oracle WebLogic and WebCenter Spaces application so that Policy and Credential Store would be hosted at an external Ldap store, in our case it was Oracle Internet Directory 10.1.4.3.
This version of OID in our case was a patched version of OID from 10.1.2.3. We first patched it to version 10.1.4.0.1 and then applied other patches to bring the version to 10.1.4.3 which is the support version of OID by Oracle WebCenter Spaces.
We followed the following documentation from Oracle http://download.oracle.com/docs/cd/E12839_01/webcenter.1111/e12405/wcadm_security.htm#BGBCFDJI to handle configuration changes to move the Policy and Credential store.
When we re-started the WebLogic Domain Server, we started getting bunch of Access Denied exceptions. Due to these exceptions, WebLogic server was never fully started.
Here is the stack trace of the error we were getting:
After working with Oracle Support for 3 weeks, we got an and answer that this had to do with indexing of certain data column in OID schema.
Oracle Support had given us another documentation that actually had steps for cataloging/indexing of these columns that the first document had no reference.
Here is the link to the document that talks about the needed indexing http://download.oracle.com/docs/cd/E14571_01/core.1111/e12037/oam.htm#sthref701. Once we created the indexes, WebLogic was able to start up successfully and we were able to use the Policy and Credential store effectively with WebCenter Spaces.
I thought posting this here because Oracle Support was very slow (3 weeks) to point us to this document. We made recommendations that the first document be updated to have a reference to the second document.
Comments