This note apply to Oracle Portal 10.1.4.
When a user is deleted then re-created in OID, the internally generated orclguid value for the user entry changes. Portal stores the orclguid value for the user in the Portal wwsec_person$.guid field and if the value stored does not match the orclguid value in OID then the following error will occur when the user tries to login:
Error: Internal error (WWC-00006)
Unexpected error encountered in wwsec_app_priv.process_signon (User-Defined Exception) (WWC-41417)
There is a conflict with your assigned user name. There is a user entry with this name, but with a different globally unique identifier, which must be resolved before you can log on with this name. Notify your administrator. (WWC-41742)
If the OID is synchronized with other LDAP (eg. AD) and not enabled the Referential Integrity this error occur after delete and re-create user entry in AD, because the DIP process will delete in OID but not in Portal (wwsec_person$). Then when the user next logs into Portal a wwsec_person$ does not match the orclguid value in OID.
If the OID is synchronized with other LDAP, the better solution is enabled the Referential Integrity.
To verify if the user entry is in portal tables, see :
select * from portal.wwsec_person$ where user_name=upper(‘<USERNAME>’);
To see the complete DN :
select DN from portal.wwsec_person$ where user_name=upper(‘<USERNAME>’);
To solve this problem follow bellow:
1. Delete user entry from OID, put the complete DN entry after “-v” :
Example:
$ORACLE_HOME/bin/ldapdelete -h host.domain -D "cn=orcladmin" -w <password> -p 389 -v "cn=name.lastname,ou=users,cn=Users,dc=domain,dc=subdomain" Returned: deleting entry: "cn=name.lastname,ou=users,cn=Users,dc=domain,dc=subdomain" entry removed
2. Delete user entry in Oracle Portal :
First try to delete without disable triggers :
delete from portal.wwsec_person$ where user_name=upper('<USERNAME>'); commit;
If return error, run with disabled triggers and enable after run :
alter TRIGGER portal.wwsec_pers_brd_trg DISABLE; alter TRIGGER portal.wwsec_pers_ard_trg DISABLE; delete from portal.wwsec_person$ where user_name=upper('<USERNAME>'); commit; alter TRIGGER portal.wwsec_pers_brd_trg ENABLE; alter TRIGGER portal.wwsec_pers_ard_trg ENABLE;
3. Re-create user in Portal :
If OID is synchronized with other LDAP, you can simply modify any field/properties of user entry in LDAP (e.g. telephonenumber) and DIP process will add new entry in OID. You can see this log at : $ORACLE_HOME/ldap/odi/log/.aud
See:
Tue Aug 23 10:32:58 BRT 2011 - Audit Log Start 233432534 : Success : ADD : cn=name.lastname,ou=users,cn=Users,dc=domain,dc=subdomain
If OID is not synchronized with other LDAP, please add user from Oracle Portal tool :
http://<URL of Infrastructure>:<port>/oiddas
or
https://<URL of Infrastructure>:<port>/oiddas
To enable Referential Integrity see :
http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15991/ref_integ.htm
Good Luck !
Much appreciated for the information and share!
Great documentation, this was my exact issue ! Your instructions were right on the money and fixed my issue – a search in the Oracle Support site didn’t even give me the answer.
thanks again as i have been looking for this answer for a long time!!!
Tim McMurdo
ERP Administrator
Sierra Wireless
Thanks for sharing this information.