Wednesday, December 5, 2012

ORA-28030: Server encountered problems accessing LDAP directory service

This error may occur while logging into oracle database using oracle internet directory (OID) authentication. First thing to do is to dump actual error:

SQL>alter system set events '28033 trace name context forever, level 9';
regenerate the error
SQL>alter system set events '28033 trace name context off';

if trace output is

kzld found pwd in wallet

KZLD_ERR: Failed to bind to LDAP server. Err=-1
KZLD_ERR: -1
KZLD is doing LDAP unbind
KZLD_ERR: failed from kzldob_open_bind.

then probably there is problem with the OID server connection parameters. Check parameters in ldap.ora:

#mkstore -wrl -viewEntry ORACLE.SECURITY.DN
Enter wallet password:
ORACLE.SECURITY.DN =
#mkstore -wrl  -viewEntry ORACLE.SECURITY.PASSWORD
Enter wallet password:

ORACLE.SECURITY.PASSWORD =


#ldapbind -h -p 389 -D  -w ""

if output produces error then correct the problem. if output is "bind successful" then check forward and reverse DNS lookup of :

#ping 
PING  () XX bytes of data.
...

#host 

it reverse dns is not successful or reverse DNS is different from the one in ldap.ora then you should correct this. A workaround is to put IP and DNS entry of directory server in /etc/hosts file. 

if trace output is

kzld_discover received ldaptype: OID
KZLD_ERR: failed to get cred from wallet
KZLD_ERR: Failed to bind to LDAP server. Err=28032
KZLD_ERR: 28032
KZLD is doing LDAP unbind
KZLD_ERR: found err from kzldini.

then check sqlnet.ora and be sure that wallet path is defined in it:

WALLET_LOCATION=
  (SOURCE=
      (METHOD=file)
      (METHOD_DATA=
         (DIRECTORY=)))