Oracle Database B10772-01 Administrator's Manual page 342

Troubleshooting Enterprise User Security
ORA-28271: No permission to read user entry in LDAP directory service
ORA-28292: No domain policy registered for Kerberos-based authentication
ORA-28290: Multiple entries found for the same Kerberos principal name
ORA-28291: No Kerberos principal value found
12-30 Oracle Database Advanced Security Administrator's Guide
Cause: Indicates a problem with the connection between the database and the
directory.
Action: See the actions listed for resolving
LDAP directory service"
password-authenticated enterprise users.
Action: See the actions listed for resolving
user entry in LDAP directory service"
section for password-authenticated enterprise users.
Action: Perform the following actions:
Use Enterprise Security Manager to set the user authentication policy for
1.
this enterprise domain to KERBEROS or ALL.
See "DOMAIN-READ-ERROR Checklist"
2.
Cause: The Kerberos principal name for this user is not unique within the user
search base containing this user.
Action: Use Oracle Internet Directory Self-Service Console to change the
Kerberos principal name, or to change the other copies so that it is unique.
Action: Check the following:
Check that the user entry in the directory has the krbprincipalname
1.
attribute.
If it does not have the krbprincipalname attribute, then check the
following:
– Check that the default attributes for new user creation by using Oracle
Internet Directory Self-Service Console include krbprincipalname,
and then
– Use Enterprise Security Manager Console or Oracle Internet Directory
Self-Service Console to create the user again, or
– Add the orclcommonattributes object class.
"ORA-28030: Problem accessing
on page 12-26 in the troubleshooting section for
"ORA-28271: No permission to read
on page 12-27 in the troubleshooting
on page 12-35