B Troubleshooting Oracle Delegated Administration Services

This appendix describes how to troubleshoot Oracle Delegated Administration Services. It contains these topics:

Analyzing Log Files
Enabling Debugging
Troubleshooting the Self-Service Console
Troubleshooting Service Units
Need More Help?

Note:

You can also use Web browser diagnostics to identify basic problems with your Oracle Delegated Administration Services deployment, including whether the IP address and host name are valid or if a firewall is properly forwarding requests and responses. For more information, see the documentation for the Web browsers you plan to support in your Oracle Delegated Administration Services deployment.

B.1 Analyzing Log Files

If you encounter problems when deploying or running Oracle Delegated Administration Services, you should first examine the various log files that are generated by Oracle Delegated Administration Services and the various components that it requires. This section contains the following topics:

Oracle Delegated Administration Services Logs
Oracle Application Server Containers for J2EE Logs
Oracle HTTP Server Logs

B.1.1 Oracle Delegated Administration Services Logs

Oracle Delegated Administration Services logs most errors in the $ORACLE_HOME/ldap/log/das.log file. This is the file you should check first when troubleshooting problems with Oracle Delegated Administration Services.

Errors that occur when Oracle Delegated Administration Services first starts are recorded in the $ORACLE_HOME/opmn/logs/OC4J~OC4J_SECURITY~default_island~1 file, which is generated by Oracle Application Server Containers for J2EE. Check this file for error messages if the opmnctl utility hangs or generates command-line errors when attempting to start Oracle Delegated Administration Services.

B.1.2 Oracle Application Server Containers for J2EE Logs

Oracle Application Server Containers for J2EE is the servlet engine that receives Oracle Delegated Administration Services page requests. You can examine the servlet access log, named default-web-access.log, in the $ORACLE_HOME/j2ee/OC4J_SECURITY/log/OC4J_SECURITY_default_island_1 directory. You can also examine the application.log file, which contains run-time application errors, in the $ORACLE_HOME/j2ee/OC4J_SECURITY/application-deployments/oiddas/OC4J_SECURITY_default_island_1 directory.

B.1.3 Oracle HTTP Server Logs

Oracle HTTP Server receives requests for Oracle Delegated Administration Services pages and forwards each request to the appropriate component for further processing. For problems that may be related to Oracle HTTP Server, you can examine the log files located in the $ORACLE_HOME/Apache/Apache/logs directory. Specifically, you should examine the access_log and error_log files.

Note:

If Oracle HTTP Server is configured to rotate its log files, it appends a timestamp extension to the access_log and error_log files. Use the timestamp extension to find the most recent files.

B.2 Enabling Debugging

To enable or disable debugging for Oracle Delegated Administration Services, you modify the DEBUG and DEBUG_LEVEL flags in the $ORACLE_HOME/ldap/das/das.properties file. Table B-1 describes each flag.

Table B-1 Debugging Flags in the das.properties File

Flag Description Values Default Value

Flag	Description	Values	Default Value
`DEBUG`	Determines whether debugging is enabled	`true` `false`	`false`
`DEBUG_LEVEL`	Specifies the debugging level	`error` (logs all errors) `schema` (logs errors related to Oracle Internet Directory schema operations) `tracing` (logs detailed tracing information for various operations) `session` (logs information on operations involving the Oracle Delegated Administration Services connection pool or connection retrieval and release)	none

DEBUG

Determines whether debugging is enabled

true

false

DEBUG_LEVEL

Specifies the debugging level

error (logs all errors)

schema (logs errors related to Oracle Internet Directory schema operations)

tracing (logs detailed tracing information for various operations)

session (logs information on operations involving the Oracle Delegated Administration Services connection pool or connection retrieval and release)

none

The DEBUG_LEVEL flag is only interpreted if the DEBUG flag is assigned a value of true. Separate the value assigned to each flag with a vertical bar (|). For example, the following statements assign a value of true to the DEBUG flag and a value of tracing to the DEBUG_LEVEL flag:

DEBUG|true
DEBUG_LEVEL|tracing

After modifying the das.properties file, you must restart the Oracle Delegated Administration Services instance.

B.3 Troubleshooting the Self-Service Console

This section describes how to troubleshoot problems with the Self-Service Console. It contains these topics:

Login Problems
Other Error Messages

B.3.1 Login Problems

For problems logging in, examine the $ORACLE_HOME/ldap/log/das.log file.

See Also:

Oracle Application Server Single Sign-On Administrator's Guide for additional information on how to resolve login problems

B.3.2 Other Error Messages

This section describes other error messages you may encounter with the Self-Service Console.

500 Internal Server Error: Cause: Usually indicates that Oracle Delegated Administration Services has not been started correctly.; Action: Examine the $ORACLE_HOME/ldap/log/das.log file.

Warning: Page has Expired: Cause: Some Oracle Delegated Administration Services pages use the POST method to submit HTTP requests. Clicking the Back button to view a page that has been submitted with the POST method usually results in a warning message from the Web browser that the page has expired. In general, use of the back button on DAS pages is discouraged.; Action: Avoid using the Web browser's Back button. Instead, use the Go Back button or other navigation buttons and links that appear in the Self-Service Console.

Error: Cannot proceed. Please contact your Administrator to have your password reset!: Cause: This error occurs if a user attempts to reset their password before specifying a password hint.; Action: An administrator must reset the user's password by following the instructions in "Changing the Password of a User by Using the Self-Service Console". To prevent this error from occurring again, the user must then specify a password hint by following the instructions in "Changing Your Own Password and Password Hint".

B.4 Troubleshooting Service Units

Oracle Delegated Administration Services consists of a set of pre-defined, Web-based service units for performing directory operations on behalf of users. These units enable directory users to update their own information. This section contains these topics:

Pop-Up Window Blocking
Cross-Domain Invocation Issues

See Also:

Oracle Identity Management Application Developer's Guide for additional information on how to write custom applications to resolve the issues discussed in this section

B.4.1 Pop-Up Window Blocking

When an Oracle Delegated Administration Services service units tries to open a new Web browser window, the new window may not open if pop-up window blocking is enabled on a client's Web browser. To avoid pop-up window blocking, you need to write a custom application that opens a new window on a local application server, and then immediately redirects the page to the Oracle Delegated Administration Services service unit.

B.4.2 Cross-Domain Invocation Issues

Oracle Delegated Administration Services service units that need to return parameters to a calling page may fail due to cross-domain JavaScript security restrictions. To avoid such problems, you must write a custom Oracle Internet Directory application.

B.5 Need More Help?

You can find more solutions on Oracle MetaLink, http://metalink.oracle.com. If you do not find a solution for your problem, log a service request.

See Also:

Oracle Application Server Release Notes, available on the Oracle Technology Network: http://www.oracle.com/technology/documentation/index.html