One user does not see any content in the Portal.
Situation:
Users are registered in an Oracle Virtual Directory (OVD) for authentication.
Users are registered in an Oracle Internet Directory (OID) for authorization.
Groups are registered in the same OID.
The custom Portal application and UCM point to the OID for user store and group membership
WebCenter Framework 11.1.1.3
UCM 10.1.3.5.1
Analysis:
For viewing content, two groups are defined in OID, one for employees (for the Intranet) and one for customers (for the Extranet)
Analysis showed that the user cannot see any content in UCM as well.
The profile of the user does not show that the user is member of the group Employees, to which he is added in OID.
The UCM server log and server output did not show anything which could lead to the cause of the issue.
To be better abled to view what is logged, I added th line UseRedirectedOutput=true to the UCM config.cfg (located in
I also check which Active Sections were defined in the System Audit Information page of UCM (Administration | System Audit Information)
Only the sections system, idocscript, requestaudit, resourceloader were active (which is pretty standard I think)
Since we had some problems regarding a specific user account, I added userprofile and userstorage, selected save and restarted UCM to make the changes effective.
Thanks to the UseRedirectedOutput, a IdcServerNT.log was created in the
userstorage Thread-1 Start user storage query for user john.doe@portal.com.
userstorage Thread-1 Created user object for user john.doe@portal.com
userstorage Thread-1 Expired=false isNewUser=true for john.doe@portal.com
userstorage Thread-1 Loaded record from database for john.doe@portal.com
userstorage Thread-1 Retrieving attributes (type=EXTERNAL) for john.doe@portal.com
userstorage Thread-1 Provider PortalLDAPProvider matches dUserSourceOrgPath
userstorage Thread-1 Checking Default UserProvider PortalLDAPProvider
userstorage Thread-1 LdapProvider.checkCredentials() started
userstorage Thread-1 user: john.doe@portal.com
userstorage Thread-1 authenticateUser: false
userstorage Thread-1 User is new to this provider.
userstorage Thread-1 DN cn=john.doe.,cn=Users,dc=PORTAL,dc=COM found in local data.
userstorage Thread-1 Unable to load extended info for cn=john.doe.,cn=Users,dc=PORTAL,dc=COM. Reason: !csLdapUnableToBindToObject
We noticed a couple of things.
First of all, the DN of the user contains a period after his name. This is not the way the user is registered in OVD or OID. Therefore, the line stating that th extended info cannot be loaded is correct.
Second, UCM states it loaded a record from the database and uses dUserSourceOrgPath in some way.
Solution:
A query on the USERS table in the OCSERVER schema learned that the dUserSourceOrgPath contained the DN with the additional period, which is used by the LDAP Provider.
A query on the USERS table in the OCSERVER schema learned that the dUserSourceOrgPath contained the DN with the additional period, which is used by the LDAP Provider.
An update of this column fixed the issue.
But how was the situation created?
Apparently the creation of the user in OID was incorrect once (including the period) but the entry in OID was deleted and recreated correctly.
But in between these changes, the user had logged onto the system, creating the record in the USERS table, with the incorrect dUserSourceOrgPath :(
So if you change the DN of a user (or any other replicated attributes like full name or email address) be aware of the fact that UCM holds that data in a local table.
