This appendix describes common problems that you might encounter when using Oracle Virtual Directory and explains how to solve them and also provide information on diagnosing problems. It contains the following topics:
This section describes common problems and solutions. It contains the following sections:
Oracle Directory Services Manager Failover Using Oracle HTTP Server is Not Transparent
Error Returned After Querying Oracle Virtual Directory Configured with LDAP Adapters
Error Returned After Querying Oracle Virtual Directory Configured with Database Adapters
This section describes how to solve several common problems invoking Oracle Directory Services Manager.
Problem: Cannot Invoke Oracle Directory Services Manager from Fusion Middleware Control
You attempt to invoke Oracle Directory Services Manager from Oracle Enterprise Manager Fusion Middleware Control by selecting Directory Services Manager from the Oracle Internet Directory menu in the Oracle Internet Directory target, then Data Browser, Schema, Security, or Advanced.
ODSM does not open. You might see an error message.
This is probably an installation problem. See Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
Problem: Cannot Invoke Oracle Directory Services Manager from a Web Browser
Attempting to invoke Oracle Directory Services Manager using a web browser fails.
Verify the Oracle Virtual Directory server is running. The Oracle Virtual Directory server must be running to connect to it from Oracle Directory Services Manager.
Verify you entered the correct credentials in the Server, Port, User Name and Password fields. You can execute an ldapbind command against the target Oracle Virtual Directory server to verify the server, user name, and password credentials.
Verify you are using a supported browser. Refer to the Oracle Identity Management Certification Information on the Oracle Technology Network Web site for information about supported browsers for Oracle Directory Services Manager. You can access the Oracle Technology Network Web site at:
Verify you specified the port of the Admin Listener—not the LDAP port—in the URL for Oracle Directory Services Manager.
Problem: Cannot Invoke Oracle Directory Services Manager from Fusion Middleware Control in Multiple NIC and DHCP Enabled Environment
The WebLogic Managed Server where Oracle Directory Services Manager is deployed has multiple Network Interface Cards or is DHCP enabled. Attempts to invoke Oracle Directory Services Manager from Oracle Enterprise Manager Fusion Middleware Control fail and return 404 errors.
Use the WebLogic Server Administration Console to change the listen address of the Managed WebLogic Server so that the IP address or hostname in the URL for Oracle Directory Services Manager is accessible.
Perform the following steps:
Using a web browser, access the WebLogic Server Administration Console.
In the left pane of the WebLogic Server Administration Console, click Lock & Edit to edit the server configuration.
In the left pane of the WebLogic Server Administration Console, expand Environment and select Servers.
On the Summary of Servers page, click the link for the WebLogic Managed Server where Oracle Directory Services Manager is deployed.
On the Settings page for the WebLogic Managed Server, update the Listen Address to the host name of the server where Oracle Directory Services Manager is deployed.
Click Save to save the configuration.
Click Activate Changes to update the server configuration.
In Internet Explorer 7, when you access Oracle Directory Services Manager in accessibility mode using only the keyboard, the cursor loses focus. This behavior has been observed under the following circumstances:
You access the directory in SSL-enabled mode and the server certificate appears.
You type an invalid password and the error dialog appears.
Press the Tab key nine times, then press the Enter key.
When you perform an Oracle Directory Services Manager failover using Oracle HTTP Server, the failover is not transparent. You see this behavior when you perform the following steps:
Oracle Directory Services Manager is deployed in a High Availability active-active configuration using Oracle HTTP Server.
Display an Oracle Directory Services Manager page using the Oracle HTTP Server name and port number.
Make a connection to an Oracle Virtual Directory server.
Work with the Oracle Virtual Directory server using the current Oracle Directory Services Manager Oracle HTTP Server host and port.
Shut down one managed server at a time using the WebLogic Server Administration Console.
Go back to the Oracle Directory Services Manager page and port, and the connection which was established earlier with Oracle Virtual Directory. When you do, a message is displayed advising you to reestablish a new connection to the Oracle Directory Services Manager page.
If you encounter this problem, perform the following steps:
In your web browser, exit the current Oracle Directory Services Manager page.
Launch a new web browser page and specify the same Oracle Directory Services Manager Oracle HTTP Server name and port.
Reestablish a new connection to the Oracle Virtual Directory server you were working with earlier.
See Also:
The Oracle Fusion Middleware High Availability Guide for more information about Oracle Directory Services Manager in High Availability configurations.
Oracle Directory Services Manager temporarily loses its connection to an Oracle Virtual Directory component that is using an Oracle RAC Database. Oracle Directory Services Manager might display a message such as Failure accessing Oracle database (oracle errcode=errcode), where errcode is one of the following values: 3113, 3114, 1092, 28, 1041, or 1012.
This error can occur during failover of the Oracle Database that the Oracle Virtual Directory component is using. The connection will be reestablished in less than a minute, and you will be able to continue without logging in again.
Oracle Virtual Directory is configured with LDAP Adapters and the entries are visible in the proxied LDAP servers. An LDAP err=1 operation error message returns after querying Oracle Virtual Directory from an LDAP client.
Verify the proxied LDAP servers are running. If they are not running, start them and query Oracle Virtual Directory again from the LDAP client.
Oracle Virtual Directory is configured with Database Adapters and the entries are visible in the proxied databases. An LDAP err=1 operation error message returns after querying Oracle Virtual Directory from an LDAP client.
Verify the proxied databases are running. If they are not running, start them and query Oracle Virtual Directory again from the LDAP client. If the operation error message returns again, verify the correct drivers for each database have been loaded into Oracle Virtual Directory as described in "Loading Libraries into the Oracle Virtual Directory Server".
OPMN pings to Oracle Virtual Directory may fail on busy systems, which causes OPMN to restart Oracle Virtual Directory. To prevent this situation, increase the ping interval to 60 seconds or more in $ORACLE_INSTANCE/config/OPMN/opmn/opmn.xml, as shown in the following example:
<process-type id="OVD" module-id="OVD">
<module-data>
<category id="start-options">
<data id="java-bin" value="$ORACLE_HOME/jdk/bin/java"/>
<data id="java-options" value="-server -Xms2056m -Xmx2056m -Dvde.soTimeoutBackend=0 -DdisableECID=1 -Didm.oracle.home=$ORACLE_HOME -Dcommon.components.home=$ORACLE_HOME/../oracle_common -Doracle.security.jps.config=$ORACLE_INSTANCE/config/JPS/jps-config-jse.xml"/>
<data id="java-classpath" value="$ORACLE_HOME/ovd/jlib/vde.jar$:$ORACLE_HOME/jdbc/lib/ojdbc6.jar"/>
</category>
</module-data>
<stop timeout="120"/>
<ping interval="60"/>
</process-type>
This topic provides information on how you can diagnose Oracle Virtual Directory problems and contains the following sections:
Using the Dump Transactions Plug-In to Gather Information About Data Transformation Errors
Monitoring the Oracle Virtual Directory Server Using Fusion Middleware Control Metrics
When an Oracle Virtual Directory error occurs, you can gather more information about what caused the error by performing the following steps:
Increase the log level to DEBUG by referring to Managing Oracle Virtual Directory Logging.
Repeat the task or procedure where you originally encountered the error.
Examine the log information generated using the DEBUG level.
Examining the exceptions logged to the Oracle Virtual Directory log file helps you identify errors in target directories and in custom plug-ins and adapters. For example, if you receive an LDAP error=1 message, you may examine the diagnostic log and find the cause of the error by a messages like host not found or out of memory.
You can access the diagnostic log in the following directory:
$ORACLE_INSTANCE/diagnostics/logs/OVD/COMPONENT_NAME/
The Dump Transactions plug-in generates a record of all transactions for each LDAP operation and logs the record to the Oracle Virtual Directory console log. You can configure the Dump Transactions plug-in to run on any log level. The Dump Transactions plug-in is particularly useful for diagnosing mapping and integration efforts while logic flows through the Oracle Virtual Directory system. You can use the Dump Transaction plug-in to analyze issues on a specific adapter without setting the entire server log level to a more verbose level. Think of the Dump Transactions plug-in as a protocol analyzer for Oracle Virtual Directory.
See Also:
"Dump Transactions Plug-In" for more information.When troubleshooting problems with a client application, in particular when you are trying to determine the cause of problems by using search results (such as missing attributes or entries), it is important to have a complete picture of what is happening with the operation.
The following method is recommended for troubleshooting problems in a production environment.
First, it is important to keep an Oracle Virtual Directory server instance (known as the DEBUG instance) available to rerun the operations. For example, the DEBUG instance could be an additional instance running on a production server that is not available to client applications because the server is running on a different port or network configuration.
Oracle Virtual Directory 11g enables you to easily run multiple instances of Oracle Virtual Directory server on the same system. Administrators should use the syncovdconfig tool to keep the production server configuration synchronized with the DEBUG instance (see "Copying Configuration Files Between Oracle Virtual Directory Servers Using syncovdconfig"). The DEBUG instance enables administrators to quickly debug any problems without sacrificing the production servers' performance.
Next, enable the access.log on the production server (see "Logging Considerations Specific to Oracle Virtual Directory"). If an issue arises, you can use the access.log to quickly determine which operations are being performed on the server.
The following example illustrates how to troubleshoot a search problem. In this scenario, an application administrator reports that a lookup of user data is missing certain attributes. You can troubleshoot this problem as follows:
On the production server, review the access.log to determine
What the search was looking for
Which application was bound to the search
Which search parameters (filter and scope) were used and what were the search results
Note:
If there are no results (for example, the nentries= value for a search is 0 and err=0), verify that the filter itself was properly formed. For example, if the administrator was trying to look for user jsmith based on the uid, be sure the filter is uid=jsmith and that it did not contain a typo such as uid=hsmith.On the DEBUG instance, set the diagnostic.log trace level to TRACE:32 (full logging) and add the Dump Transactions Plug-in to all adapters.
Rerun the search.
Note:
If it is necessary to replicate the login as the application, you might have to configure the Oracle Virtual Directory server so that this account uses a separate test entry (such as an entry that is stored in a Local Store Adapter entry) so that the Oracle Virtual Directory administrator does not have to know the application password.After running the search, review the DEBUG access.log to be sure the results are the same as those in PRODUCTION. Use the ECID value to link the data stored in the diagnostic.log with this particular search.
You can link the data by using the Log Manager in Enterprise Manager or, if administrators prefer reading logs on the command-line outside of Enterprise Manager, by using a tool like grep.
Using ECID for the query enables you to see all of the log data that Oracle Virtual Directory recorded for this particular operation. This log data includes
Routing choices, such as which adapters were selected for the operation
The data sent to Oracle Virtual Directory and the results recorded by the Dump Transaction
Additional data, such as ACL decisions, from running in TRACE:32
For example, a common problem in which applications do not see all expected attributes typically occurs because the ACL are blocking the results.
Oracle Virtual Directory's Performance Summary page in Oracle Enterprise Manager Fusion Middleware Control enables you to view a variety of metrics of the Oracle Virtual Directory Server in a time based context. You can use these metrics to monitor Oracle Virtual Directory and to help diagnose problems.
Note:
You can customize the metrics displayed on the Performance Summary page using the Metric Palette. Refer to the Oracle Fusion Middleware Administrator's Guide for more information on using the Metric Palette.To view the metrics on the Performance Summary page:
Log in to Oracle Enterprise Manager Fusion Middleware Control and navigate to the Oracle Virtual Directory target for which you want to view metrics.
Select Monitoring and then Performance Summary from the Oracle Virtual Directory menu. The Performance Summary page appears.
Table D-1 lists the metrics that are available for the Oracle Virtual Directory Server on the Performance Summary page:
Table D-1 OVD Metrics on the Fusion Middleware Control Performance Summary Page
| Metric | Description |
|---|---|
|
CPU Usage (%) |
Specifies the percentage of the CPU that Oracle Virtual Directory is using. |
|
Other CPU Usage (%) |
Specifies the percentage of the CPU that components other than Oracle Virtual Directory are using. |
|
CPU Idle Time (%) |
Specifies the percentage of the CPU Idle Time on the Oracle Virtual Directory host. |
|
Memory Usage (MB) |
Specifies the amount of memory consumed (in MB) by Oracle Virtual Directory Server. |
|
Memory Usage (%) |
Specifies the percentage of memory consumed by the Oracle Virtual Directory Server. |
|
Other Memory Usage (MB) |
Specifies the amount of memory consumed (in MB) by components other than Oracle Virtual Directory Server. |
|
Other Memory Usage (%) |
Specifies the percentage of memory consumed by components other than the Oracle Virtual Directory Server. |
|
Free Memory (MB) |
Specifies the amount of free memory (in MB) on the Oracle Virtual Directory Server host. |
|
Free Memory (%) |
Specifies the percentage of free memory on the Oracle Virtual Directory Server host. |
|
Total Memory (MB) |
Specifies the total available memory (in MB) on the Oracle Virtual Directory Server host. |
|
Heap Usage (MB) |
Specifies the JVM heap usage (in MB) of the Oracle Virtual Directory Server. |
|
Up Time (ms since Epoch) |
Specifies the amount of time (in milliseconds) that the Oracle Virtual Directory Server has been up and running. |
|
Start Time (ms since Epoch) |
Specifies the start time (milliseconds since Epoch) of the Oracle Virtual Directory Server. |
|
UpDown Status |
Specifies whether Oracle Virtual Directory is up and running or down and unavailable. |
|
Total No of Operations |
Specifies the total number of all LDAP operations that have been completed since the data last collection. |
|
Total No of Open Connections |
Specifies the total number of open connections to Oracle Virtual Directory Server. |
|
Total No of Users Currently Connected |
Specifies the total number of users that are currently connected to the Oracle Virtual Directory Server. |
|
Total No of IPs Currently Connected |
Specifies the total number of distinct IP Addresses that are currently connected to the Oracle Virtual Directory Server. |
|
Current Connections (User) |
Specifies the number of connections that are currently open for a particular user. |
|
Total Connections (User) |
Specifies the total number of connections opened by a particular user. |
|
Current Connections (IP) |
Specifies the number of current open connections from a particular IP Address. |
|
Total Connections (IP) |
Specifies the total number of connections from a particular IP Address. |
|
Minimum Time to complete a search request |
Specifies the minimum length of time Oracle Virtual Directory took to complete a search request since its last start. |
|
Maximum Time to complete a search request |
Specifies the maximum length of time Oracle Virtual Directory took to complete a search request since its last start. |
|
Average time to complete an LDAP search request |
Specifies the average length of time Oracle Virtual Directory took to complete an LDAP search request since its last start. |
|
Number of LDAP Search Requests |
Specifies the number of LDAP search requests since the last data collection. |
|
Number of LDAP Add Requests |
Specifies the number of LDAP add requests since the last data collection. |
|
Number of LDAP Binds Requests |
Specifies the number of LDAP bind requests since the last data collection. |
|
Number of LDAP Delete Requests |
Specifies the number of LDAP delete requests since the last data collection. |
|
Number of LDAP Modify Requests |
Specifies the number of LDAP modify requests since the last data collection. |
|
Number of LDAP Rename Requests |
Specifies the number of LDAP rename requests since the last data collection. |
|
Total Operations |
Specifies the total number of all LDAP operations since the last data collection. |
|
Enabled (Adapter) |
Specifies if an Oracle Virtual Directory Adapter is enabled or disabled. |
|
Operational Version (Adapter) |
Specifies the operational version of the Oracle Virtual Directory Adapters. |
|
Provisioned Version (Adapter) |
Specifies the provisioned version of the Oracle Virtual Directory Adapters. |
|
Type (Adapter) |
Specifies the type of the Adapter. |
|
Total No of Operations Renamed (Adapter) |
Specifies the total number of operations renamed by a particular Adapter. |
|
Total No of Operation Binds (Adapter) |
Specifies the total number of bind operations by a particular Adapter. |
|
Total No of Connections Reused (Adapter) |
Specifies the total number of connections reused by a particular Adapter. |
|
Total No of Connections Processed (Adapter) |
Specifies the total number of connections processed by a particular Adapter. |
|
Minimum Time taken to complete a search request (Adapter) |
Specifies the minimum length of time since the last Oracle Virtual Directory start that a particular Adapter took to complete an LDAP search request. |
|
Maximum Time taken to complete a search request (Adapter) |
Specifies the maximum length of time since the last Oracle Virtual Directory start that a particular Adapter took to complete an LDAP search request. |
|
Average Time taken to complete a search request (Adapter) |
Specifies the average length of time since the last Oracle Virtual Directory start that a particular Adapter took to complete an LDAP search request. |
|
Operations Count (Adapter) |
Specifies the total number of all operations performed by a particular Adapter. |
|
Add Operations (Adapter) |
Specifies the total number of add operations performed by a particular Adapter since the last data collection. |
|
Modify Operations (Adapter) |
Specifies the total number of modify operations performed by a particular Adapter since the last data collection. |
|
Search Operations (Adapter) |
Specifies the total number of search operations performed by a particular Adapter since the last data collection. |
|
Delete Operations (Adapter) |
Specifies the total number of delete operations performed by a particular Adapter since the last data collection. |
|
Open Connections (Adapter) |
Specifies the total number connections opened by a particular Adapter since the last data collection. |
You can find more solutions on My Oracle Support (formerly MetaLink) at http://metalink.oracle.com. If you do not find a solution for your problem, log a service request.
See Also:
Oracle Application Server Release Notes, available on the Oracle Technology Network: