Skip Headers
Oracle® Identity Management Integration Guide
10g Release 2 (10.1.2)
  Go To Documentation Library
Go To Product List
Solution Area
Go To Table Of Contents
Go To Index


C.5 Troubleshooting Integration with Microsoft Active Directory

This section contains these topics:

C.5.1 Debugging the Active Directory Connector

You can debug the Active Directory connector by using the oditest and DIP Tester utilities described in "Troubleshooting Synchronization".

To troubleshoot the Active Directory connector:

  • Run oditest and enter the profile name as the value of the directory synchronization profile argument

  • Examine the $ORACLE_HOME/ldap/odi/log/AgentChgImp.trc and $ORACLE_HOME/ldap/odi/log/AgentChgImp.aud files in a text editor for pertinent information

If more than one profile is enabled, then DIP Tester can be run against each of them.

See Also:

MetaLink Note: 276481.1—Troubleshooting Oracle Directory Integration and Provisioning Synchronization Issues available on Oracle MetaLink at

C.5.2 Debugging Windows Native Authentication

Once you have configured Windows native authentication (see "Configuring Windows Native Authentication"), you can enable logging for this feature at run time. Open the opmn.xml file, located in $ORACLE_HOME/opmn/conf, and add the following parameter:

-Djazn.debug.log.enable = {true | false}

Assigning a value of true to the parameter enables debugging while assigning a value of false disables it.

The boldface text in the following example show where you should place the parameter in opmn.xml:

<process-type id="OC4J_SECURITY" module-id="OC4J">
    <variable id="DISPLAY" value=""/>
    <variable id="LD_LIBRARY_PATH" value="/private/ora1012/OraHome1/lib"/>
    <category id="start-parameters">
      <data id="java-options" value="-server -Djazn.debug.log.enable=true
      config/java2.policy -Djava.awt.headless=true -Xmx512m
      <data id="oc4j-options" value="-properties"/>
    <category id="stop-parameters">
      <data id="java-options" value="      
      OraHome1/j2ee/OC4J_SECURITY/config/java2.policy  -Djava.awt.headless=true"/>

The log is written to the file OC4J~OC4J_SECURITY~default_island~1, found at $ORACLE_HOME/opmn/logs.

See Also:

MetaLink Note: 283268.1—Troubleshooting Oracle Application Server Single Sign-On Windows Native Authentication available on Oracle MetaLink at

C.5.3 Troubleshooting the Microsoft Active Directory External Authentication Plug-in

If you are experiencing unknown errors, then you can enable plug-in debugging as explained in "Debugging the Windows NT External Authentication Plug-in".

See Also:

MetaLink Note: 277382.1—How to Configure the Oracle Internet Directory External Authentication Plug-In for Authentication via Microsoft Active Directory available on Oracle MetaLink at