Oracle Database B10772-01 Administrator's Manual page 339

Use Database Configuration Assistant to reset the database password used
5.
to authenticate the database to Oracle Internet Directory. This resets it both
locally in the database wallet, and remotely in the database entry in Oracle
Internet Directory.
Check that the database wallet has auto login enabled. Either use Oracle
6.
Wallet Manager, or check that there is a cwallet.sso file in $ORACLE_
HOME/admin/<ORACLE_SID>/wallet/.
Use the password stored in the database wallet to check that the database
7.
can bind to Oracle Internet Directory:
– Use the mkstore command line utility to retrieve the database
password from the wallet by using the following syntax:
mkstore -wrl <database wallet location> -viewEntry
ORACLE.SECURITY.PASSWORD
Use the password returned from mkstore in the following ldapbind:
–
ldapbind -h <directory host> -p <non-SSL directory port> -D
"<database DN>" -w <password returned by mkstore>
Check to ensure the database belongs to only one enterprise domain.
8.
The mkstore utility is for troubleshooting purposes only.
Note:
The name and functionality of this tool may change in the future. In
10g Release 1 (10.1), Oracle supports only the viewEntry mode.
ORA-28271: No permission to read user entry in LDAP directory service
Action: Check the following:
Use Enterprise Security Manager to check that a user search base containing
1.
this user is listed in the user search base attribute of the realm that you are
using.
Check the ACL on the User Search Base in Oracle Internet Directory to
2.
ensure that the verifierServices group has read permission on the
user entry, and that this permission is not prevented by an ACL between
the User Search Base entry and the user entry in the directory tree.
Check that the enterprise domain is in the password-accessible domains
3.
group for that realm Oracle Context.
Enterprise User Security Configuration Tasks and Troubleshooting 12-27
Troubleshooting Enterprise User Security