APPS Blogs

This is a very simple issue but answer looks quite unrelated to the problem.

I was trying to run an ldif file that will modify certain attribute and objectclass.

I was giving the user details without quotes in ldap_modify command as shown below and it throws Insufficient access error.

[oracle@hostname bin]$ ./ldapmodify -h hostname -p 389 -D cn=orcladmin -W password -f oid_tuning.ldif
modifying entry cn=dsaconfig,cn=configsets,cn=oracle internet directory
ldap_modify: Insufficient access

When I tried with quotes as shown below, it worked like a charm!

[oracle@hostname bin]$ ./ldapmodify -h hostname -p 389 -D “cn=orcladmin” -w password -f oid_tuning.ldif
modifying entry cn=dsaconfig,cn=configsets,cn=oracle internet directory

The error looks like a user lock or access privileges issue, but the answer is quite simple. Anyhow, feel like it would be useful.

Share This

Oracle Retail provides a full suite of applications that can cover the requirements of the modern retailer. If you visit the Oracle Retail homepage you will be amazed by the variety of the applications that are available.

When a retailer decides to go ahead with Oracle Retail they have to decide which applications they need and what the order of installation will be. The decision for the first question the is entirely up to the retailer. For the second question can be a little bit more complicated. The order in which the various applications will be installed can determine the success or failure of the entire project. There are dependencies between projects and they need to be defined in advance. There are always constraints from the customer side that affect the order of the installation.

According to Oracle Retail the ideal order of installation of the entire Oracle Retail application suite is the following:

1. Oracle Retail Merchandising System (RMS), Oracle Retail Trade Management (RTM), Oracle Retail Sales Audit (ReSA)
2. Oracle Retail Service Layer (RSL)
3. Oracle Retail Extract, Transform, Load (RETL)
4. Oracle Retail Active Retail Intelligence (ARI)
5. Oracle Retail Warehouse Management System (RWMS)
6. Oracle Retail Allocation
7. Oracle Retail Invoice Matching (ReIM)
8. Oracle Retail Price Management (RPM)
9. Oracle Retail Central Office (ORCO)
10. Oracle Retail Back Office (ORBO)
11. Oracle Retail Store Inventory Management (SIM)
12. Oracle Retail Integration Bus (RIB)
13. Oracle Retail Point-of-Service (ORPOS)
14. Oracle Retail Analytics Applications
15. Oracle Retail Advanced Inventory Planning (AIP)
16. Oracle Retail Predictive Application Server (RPAS)
17. Oracle Retail Data Warehouse (RDW)
18. Oracle Retail Workspace (ORW)

This post covers changes in Oracle Access Manager from 10g (10.1.4.X) to 11g (11.1.1.X).

Oracle Access Manager (OAM) : is Access Management Product acquired from Oblix in 2005. 

• Oblix COREid (6, 7) and OAM 10g is written in C++where as OAM 11g is J2EE application deployed on Oracle WebLogic Server (10.3.3+)
• There are two main OAM components in OAM 10g, Access System(Access Server, WebGate and Policy Manager) and Identity System (Identity Server and WebPass). In OAM 11g there is NO “Identity System Component“. Identity related functions are moved to Oracle Identity Manager(OIM) 11g. (OIM is user provisioning and reconciliation product acquired from Thor Xellerate)
• There is NO identityXML interface or Workflow in OAM 11g.
• Access Server in 10g is now called as OAM Server in 11g
• Policy Manager in 10g is now called as OAM Administration Console in 11g
• AccesssGate and WebGate in 10g are now called as OAM Agents in 11g
• Directory Profiles in 10g are now called as User-Identity Store in 11g
• In OAM 10g configurations are stored in LDAP servers where as in OAM 11g configurations are stored in xml file (under webloigic domain) - $DOMAIN_HOME/config/fmwconfig/oam-config.xml
• In OAM 10g Policies are stored in LDAP server where as in OAM 11g you have option to store them either in XML file or in Database.
• In OAM 10g Sessions used to be stateless where as in OAM 11g, user sessions are stateful and stored on Server in OAM 11g (It is possible to leverage Coherence for distributed caching of session data). For more information on Oracle Coherence (earlier Tangosol) click here
• In OAM 11g (by default) Policy Data & User session datais stored in single database (details under $DOMAIN_HOME/config/jdbc/oam-db-jdbc.xml) under one schema however it is possible to configure OAM Policy Data in to one database and user session data in another database. 
• OAM Server (Access Server in 10g) in OAM 11g is deployed on WebLogic Managed Server (oam_server1 - default port 14100)
• In OAM 11g, OAM Administration Console(Policy Manager in 10g) is deployed on WebLogic Admin Server (default port 7001)
• URL for OAM Administration Console is http://server:7001/oamconsole (default username/password created during domain creation in weblogic)
• OAM 11g User Interface (UI) is based on Application Development Framework (ADF)
• Three type of Web Agents are supported in OAM 11g -
  a) AccessGate/WebGate from 11g
  b) AccessGate/WebGate from 10g (for backward compatibility) and
  c) mod_osso for Oracle 10g Single Sign-On integration  

. 

For step by step installation of Oracle Access Manager (OAM) 11g click here

Previous in series Related Posts for Access Manager

1. Integration Steps - 10g AS with OAM (COREid)
2. OAS - OAM (Access Manager / Oblix COREid) Integration Architecture
3. Oblix COREid and Oracle Identity Management
4. Installing Oracle Access Manager (Oblix COREid / Netpoint)
5. Oracle Access Manager (Oblix COREid) 10.1.4.2 Upgrade
6. Access Manager: WebGate Request Flow
7. Introduction to Oracle Access manager : Identity and Access System - WebPass , Webgate, Policy Manager
8. Certified Directory Server (AD, OID, Tivoli, Novell, Sun or OVD) and their version with Oracle Access Manager
9. Install Oracle Access Manager (OAM) 10.1.4.3 Identity Server, WebPass, Policy Manager, Access Server, WebGate
10. Multi-Language or multi-lingual Support/Documentation for Oracle Access Manager (OAM)
11. OAM Policy Manager Setup Issue “Error in setting Policy Domain Root” : OAM with AD and Dynamic Auxiliary Class
12. OAM 10.1.4.3 Installation Part II - Indentity Server Installation
13. OAMCFGTOOL : OAM Configuration Tool for Fusion Middleware 11g (SOA/WebCenter) Integration with OAM
14. Oracle Access Manager Installation Part III : Install WebPass
15. OAM : Access Server Service Missing when installing Access Manager with ADSI for AD on Windows
16. OAM : Create User Identity - You do not have sufficient rights : Create User Workflow
17. Password Policy in Oracle Access Manager #OAM
18. Changes in Oracle Access Manager 11g R1 (11.1.1.3)

Share This

There is a known issue when Oracle Access Manager components such as WebPass, Policy Manager and WebGates are installed on Oracle HTTP Server.

Typically, while installing the WebPass (say) , the httpd.conf of HTTP Server will be pointed out and after the webpass configurations are updated in the httpd.conf, the Http Server should be restarted.

The below error was encountered in Apache error log while restarting HTTP Server

/u01/osinfra/Apache/Apache/logs/httpd.pid overwritten — Unclean shutdown of previous Apache run?
*** glibc detected *** realloc(): invalid size: 0×0819e4a8 ***

This is because of the perl module in the Apache server.

Edit the httpd.conf and edit the below line.

LoadModule perl_module libexec/libperl.so

Attempt to start the HTTP Server is succesful.

Share This

Applications Release 12 users can configure their environments to delegate user authentication to an external Single Sign-On 10g instance. In this optional configuration, Single Sign-On validates E-Business Suite user credentials against an external Oracle Internet Directory instance. Oracle Single Sign-On (SSO) and Oracle Internet Directory (OID) 10g version 10.1.2.3 are now certified with Oracle E-Business Suite Release 12 (12.1.2) on the IBM: Linux on System z platform. This platform was recently announced as a fully certified R12 platform - this is the first certification of an optional external technology component for the platform. Steven Chan http://blogs.oracle.com/stevenChan/about.html

Download Here

Problem One of my clients was complaining about error “You Have Insufficient Privileges For The Current Operation” while Line Drill down from GL Journal screen. Internet explorer version was 6.0.2900 with Java 6 update 21. Oracle suggestion in METALINK note “1106048.1“ is Uninstall all updates on Java 6 which are more than 15. What does [...]

I was on an integration assignment between Home Grown Project System and Oracle Payable. A big gap which I faced there was how to maintain single source of Account Code Combinations. We had following options to manage this issue. Built a View of GL_CODE_COMBINATIONS table and pass Combination and ID from Oracle to Custom System [...]

Few days back one of my friend was asking me that how can She add corporate logo on standard purchase order template . here is solution with screen shots. same solution is also there on METALINK but missing a major step How to Change Company Logo on Standard Purchase Order Template

What are types of Siebel User Interfaces? Following two Types of Siebel User Interfaces are available – High Interactivity Mode (HI) – Standard Interactivity Mode (SI) HI and SI user interfaces are designed to serve two different group of user. High Interactivity Mode (HI) HI is available for employee applications like Siebel Sales. It is [...]

First Step to Siebel . In next post i will write about Interfaces , Components and Architecture. Download Link

I was working on one client site for AME setup with Purchase Requisition. I finished setup for AME transaction Type “Purchase Requisition Approval”. When requester was submitting requisition system initially shows that it’s in process but after one minute requester was getting notification “No approver found for Purchase Requisition”. I checked from AME Test Workbench [...]

Hi Guys, I was on Siebel Training last month financed by my employer (thanks to them) . In fact it was my first interaction with Siebel vanilla Application earlier i worked with Oracle CRM only. I found Siebel very good for Business User. I am thinking to share with you guys what i learned during [...]

To implement Oracle Daily Business Intelligence it’s required to implement Company Cost Center at Organization definition level. Oracle Provided a API for this, in this document I will share the sample script to update company cost center by executing this script. Link To Download File

How to Create Position Hierarchy by Using APIs

Our Oracle Forms team has consolidated a large number important fixes on top of Forms and Reports version 10.1.2.3.0 into a new bundle patch. This patch is available for download now under the ungainly title of: * MLR Tracking Bug for Forms 10.1.2.3.0 Bundle Patch (Patch 9593176) This bundle patch is now certified with EBS Release 12 for all supported platforms except Linux on IBM System z. Prasad Akkiraju

As part of the BPEL worklist integration with Oracle Single Sign-on, we’ll generate the osso.conf in infra tier as shown below.

./ssoreg.sh -oracle_home_path $ORACLE_HOME -config_mod_osso TRUE -site_name LBR_Hostname:7777 -remote_midtier config_file $ORACLE_HOME/Apache/Apache/conf/osso/worklist/osso.conf  -mod_osso_url http://LBR_Hostname:7777

Then the osso.conf file will be used in mid-tier (BPEL worklist) for performing few configurations. This will be followed by a restart of HTTP Server and OC4J processes.

We encountered the below error while restarting the HTTP Server of BPEL server.

$ORACLE_HOME/Apache/Apache/bin/apachectl start: execing httpd
Syntax error on line 7 of $ORACLE_HOME/Apache/Apache/conf/mod_osso.conf:
SSO server version v3.0 is not supported

The root cause of the issue is the infra tier version. If the Infra tier is upgraded to 10.1.4.3, then the ssoreg.sh should be run with an additional parameter -sso_partner_version v1.4 as shown below.

./ssoreg.sh -oracle_home_path $ORACLE_HOME -config_mod_osso TRUE -site_name LBR_Host:7777 -remote_midtier config_file $ORACLE_HOME/Apache/Apache/conf/osso/worklist/osso.conf  -mod_osso_url http://LBR_Host:7777
-sso_partner_version v1.4

However, this is not applicable if you are using Infra Tier version with 10.1.4.0.1.

Helpful articles:

Metalink article : 809743.1

Share This

I have recently done the BPEL worklist integration with Oracle Single Sign-on. Check this post for integration process.

I did not witness any issues in a development environment. However, when I replicated the same integration process in a product environment, I found the difference.

I have followed this metalink note for 753087.1 BPEL OSSO integration. During the BPEL worklist registration process, the -site_name is given as myhost.mydomain.com. This means the BPEL worklist port number is not used here and it was not mentioned whether it is the individual BPEL server hostname or the load balance router URL.

Many attempts used with registering the individual BPEL server name with OSSO were invain using ssoreg.sh.

I was skeptical from the beginning as to register whether with the LBR or individual server. Conceptually, the Load balancer is not intelligent enough to route it to OSSO server, it is the individual BPEL servers which are registered with OSSO who could do it. Well, this is my perception!

When I register with individual BPEL server, I was getting the below error when I access the BPEL worklist using the URL http://soa.domain.com:7777/integration/worklistapp/

There was no helpful errors in OC4J logs and hence found very difficult to troubleshoot.

I have gone through few configuration files of BPEL worklist server to check what URL the server is accepting/using. One of the files is Wf_client_config.xml located under $ORACLE_HOME/bpel/system/services/config.

The URL that it is pointing is the LBR and not the individual BPEL server as shown below.

<identityService>
<soapEndPoint>http://LBR.hostname:7777/integration/services/IdentityService/identity</soapEndPoint>
</identityService>

………………….
………………….

I read this metalink article 739686.1 just to get to know few more things about this integration troubleshooting. I found that -site_name is used as hostname.domain:bpel_port and this is something which is not mentioned in the basic metalink article we were following 753087.1 .

Now I got some clue to register the BPEL as LBR hostname including the bpel port.

So, I used the below script to run using ssoreg.sh.

./ssoreg.sh -oracle_home_path $ORACLE_HOME -config_mod_osso TRUE -site_name LBR.hostname:7777 -remote_midtier -config_file $ORACLE_HOME/Apache/Apache/conf/osso/worklist/osso.conf  -mod_osso_url http://LBR.hostname:7777
-sso_partner_version v1.4

When I did so, the SSO worked like a gem!

Note: The BPEL worklist port in our case is 7777, hence change it as per your application.

Share This

This is a generic error that everybody will come across, but it may be for different process like HTTP_Server, OC4J_SECURITY etc.,

In my case, I got it while restarting/stopping the HTTP_Server as shown below.

[oracle@mahendra.domain.com bin]$ ./opmnctl stopall
opmnctl: stopping opmn and all managed processes…
=======================
opmn id=mahendra.domain.com:7017
2 of 3 processes stopped.

ias-instance id=oasinfra.mahendra.domain.com
++++++++++++++++++++++++++++
—————————————-
ias-component/process-type/process-set:
HTTP_Server/HTTP_Server/HTTP_Server

Error
–> Process (pid=6047)
time out while waiting for a managed process to stop
Log:
/u01/osinfra/opmn/logs/HTTP_Server~1

opmnctl: graceful stop of processes failed, trying forceful shutdown…

Even the shutdown was not successful as shown below.

[oracle@mahendra.domain.com bin]$ ./opmnctl shutdown
opmnctl: shutting down opmn and all managed processes…
Unacceptable request: OPMN is terminating
<?xml version=’1.0′ encoding=’ISO-8859-1′?>
<response>
<opmn id=”mahendra.domain.com:7017″ http-status=”406″ http-response=”OPMN is terminating”>
</opmn>
</response>

Then I checked the status of opmnctl processes as shown below.

[oracle@mahendra.domain.com bin]$ ./opmnctl status

Processes in Instance: oasinfra.mahendra.domain.com
——————-+——————–+———+———
ias-component      | process-type       |     pid | status
——————-+——————–+———+———
DSA                | DSA                |     N/A | Down
LogLoader          | logloaderd         |     N/A | Down
dcm-daemon         | dcm-daemon         |     N/A | Down
OC4J               | OC4J_SECURITY      |     N/A | Down
HTTP_Server        | HTTP_Server        |    6047 | Stop
OID                | OID                |     N/A | Down

All the processes except HTTP_Server were down and even several attempts to stop HTTP Server alone could not succeed.

So, I have checked the process id that the HTTP_Server is being assigned to as shown below.

[oracle@mahendra.domain.com bin]$ ./opmnctl status -l

Processes in Instance: oasinfra.mahendra.domain.com
——————-+——————–+———+—–
ias-component      | process-type       |     pid | status   |        uid |  memused |    uptime | ports
——————-+——————–+———+—–
DSA                | DSA                |     N/A | Down     |        N/A |      N/A |       N/A | N/A
LogLoader          | logloaderd         |     N/A | Down     |        N/A |      N/A |       N/A | N/A
dcm-daemon         | dcm-daemon         |     N/A | Down     |        N/A |      N/A |       N/A | N/A
OC4J               | OC4J_SECURITY      |     N/A | Down     |        N/A |      N/A |       N/A | N/A
HTTP_Server        | HTTP_Server        |    6047 | Stop     | 1912078433 |    12328 |  00:23:20 | N/A
OID                | OID                |     N/A | Down     |        N/A |      N/A |       N/A | N/A

So, I have searched for the process identifier as shown below and it is to be killed.

[oracle@mahendra.domain.com bin]$ ps -ef | grep  1912078433
oracle    6047     1  0 12:08 ?        00:00:00 /u01/osinfra/Apache/Apache/bin/httpd -d /u01/osinfra/Apache/Apache -U 1912078433
oracle   10820 27210  0 12:31 pts/4    00:00:00 grep 1912078433

Killing the process as shown below.

[oracle@mahendra.domain.com bin]$ kill -9 6047

Few seconds later, the opmnctl processes showed not connected as shown below.

[oracle@mahendra.domain.com bin]$ ./opmnctl status
Unable to connect to opmn.
Opmn may not be up.

Now, I have started the opmnctl processes and this time I am through.

Share This

It’s that time of the year again — Oracle OpenWorld time — and it’s my pleasure to announce our regular Oracle bloggers meetup again this year. We all know that Oracle community has grown this year so we expect to see folks from all the different technologies including MySQL, Java, Sun hardware folks in [...]