Integrate Weblogic With Active Directory Using LDAPS

In this post i will show how to integrate weblogic with active directory under LDAPS Port 636 and now using the 389, This is usually will work on different version of weblogic in my case i am using weblogic 12C.

I tried to make this article as simple as it’s, since i faced different issue during this and couldn’t find any articles or Oracle Support document that related to any of the issue i faced so i am writing this blog to share it and could be useful for people.

Weblogic Server comes with an Embedded LDAP Server which acts as the Default Provider for authentication, authorization and role mapping .Since authentication is based on JAAS ( Java Authentication and Authorization Service), we can have external providers as well one of these external provider is Active directory authentication. 

Important note :- Before start any of these steps you should ask your system administrator to create active directory user the purpose of this use only to read active directory information and system administrator should provide you with distinguished name (DN) for this user, and Assign it to Administrator Group. This is required as Active Directory gives connection only to Admin User.


  • to enable the port you have to do different things before start doing the configuration from weblogic side, since we are using SSL Port and not the unsecured one you have to import the certificate first, the certificate could be provided to you by the system administrator, in my case to avoid any wasting of time i used Jdeveloper to import the certificate because the Jdeveloper having the capability to connect to the LDAP server in both way (636 or 389 ) once you are connected you can import the certificate.
  •  Now after importing the certificate go the weblogic server and run the below command i choose to save my certificate under #WLS_HOME/wlserver/server/lib :

keytool -import -trustcacerts -alias NEWAD -file Certifcate_name  -keystore NEWAD.jks -storepass Oracle123

    •  Alias  : the alternative name for the certificate you can choose yours but make it clear.
    • file : the certificate location where you imported from Jdeveloper or by system admin.
    • keystore : the output file and should be JKS format.
    • storepass : the password for the imported certificate.
  • once you are done from the above steps, shutdown the adminserver and managed server using the console of the weblogic and edit the or setDomainEnv.cmd depend on your operating system then add the below lines ( the location of the JKS file)


  • Now start the AdminServer, the following steps should be done before testing anything.
  • as you see from the below picture choose custom keystore and start fill the information which is the location for the JKS without putting the file, the password for the certificate that you choose it while importing. 
  • After that you should modify the SSL part, this time you have to remember the alias and the password like the below :-
  • Under Security Realms on the left panel choose providers > New providers 
  • Weblogic having different external provider > but we want Active Directory, make sure to choose the right one.
  • Some changes should be done after the provider created which is the order and flag of the  provider , for the order the Active directory provider should come first and flag should be SUFFICIENT.
  • Start fill the information like the below which AD Host, Active directory user ( Should be created first ), Password for the user, User Base DN and in the last Group Base DN ” Don’t change anything else” and check on SSL enabled.
  • For testing and if the provider working or not, under user and groups you should be able to see the AD users and groups now in the weblogic.
Some of the errors that i face during the configuration which is related to certificate in general, i shared these error to allow people to understand what kind of errors they will face and how to solve it:

  • Error [Security:090834]No LDAP connection could be established. ldaps://HOST:636 Cannot connect to the LDAP server 

  • [Security:090294]could not get connection

  • Caused by: java.lang.reflect.InvocationTargetException

  • Caused by: netscape.ldap.LDAPException: General SSLEngine problem (91); Cannot connect to the LDAP server
  • Caused by: General SSLEngine problem
  • Caused by: PKIX path building failed
  • Caused by: unable to find valid certification path to requested target

Thank you

ORA-12154: TNS:could not resolve the connect identifier specified” error during DBCA

While trying to install Oracle Database 11gR2 on Windows 2012R2 I faced the following error :-

ORA-12154: TNS:could not resolve the connect identifier specified” error during DBCA

After checking the logs and investigate about the issue  :-

The password was containing “@” after removed it from the password everything works perfectly.


CRS-5013 RAC 12c

When starting Oracle RAC 12c the following error appears :-

[root@—— bin]# ./crsctl check cluster
CRS-4535: Cannot communicate with Cluster Ready Services
CRS-4530: Communications failure contacting Cluster Synchronization Services daemon
CRS-4534: Cannot communicate with Event Manager

CRS-5013: Agent “ORAROOTAGENT” failed to start process “/grid/app/” for action “start”: details at “(:CLSN00008:)” in “/grid/app/oracle/diag/crs/……/crs/trace/ohasd_orarootagent_root.trc”

The cause :- DB Node was reboot.

To solve this issue :-

CRS-2672: Attempting to start ‘ora.crf’ on CRS-2674: Start of ‘ora.crf’ on failed CRS-2679: Attempting to clean ‘ora.crf’ on (Doc ID 1902447.1)

Osama’ Class not Found

Aug 24, 2016 2:23:57 PM weblogic.nodemanager.server.AbstractServerManager log
INFO: Server output log file is ‘/u01/Oracle/Middleware/domains/mserver/STAGEDQ/servers/EDQ_INS1_SIPEDQ1/logs/EDQ_INS1_SIPEDQ1.out’ Server failed to start up. See server output log for more details.
        at weblogic.nodemanager.server.AbstractServerManager.start(
        at weblogic.nodemanager.server.ServerManager.start(
        at weblogic.nodemanager.server.Handler.handleStart(
        at weblogic.nodemanager.server.Handler.handleCommand(
Aug 24, 2016 2:26:00 PM weblogic.nodemanager.server.Handler handleStart
WARNING: Exception while starting server ‘EDQ_INS1_SIPEDQ1’ Server failed to start up. See server output log for more details.
        at weblogic.nodemanager.server.AbstractServerManager.start(
        at weblogic.nodemanager.server.ServerManager.start(
        at weblogic.nodemanager.server.Handler.handleStart(
        at weblogic.nodemanager.server.Handler.handleCommand(

The above is EDQ Cluster Error, Fresh installation after searching inside the logs i found the following :-

‘’ Class not Found

This is simply happened because StartScriptEnabled property in file was set to ‘false’. therefore must set to true Hangs after upgrading to EBS R12.2.4 Any idea ?

Let me tell you what is going on here , maybe you have some idea that can help, the scenario like the following :-

I installed Oracle E-business suite on Linux 64bit Operating system version 6.7 without any issue and the EBS version was R12.2.0 and the default database version which is

But i choose to upgrade to EBS R12.2.4 and Oracle database 12c both done without any issues or even small error in the logs , auto config done successfully without any issue as well, the application started without any single error.

But when trying to access to the EBS application Link

I tried to compile the JSP but :-

[oracle@ammebs scripts]$ tail -f /u01/oracle/tbdlamm/fs_ne/EBSapps/log/adop/16/apply_20160114_142741/20518047/log/u20518047.log
enumerating jsps…7829
updating dependency…6473
parsing jsp…6473
writing deplist…7829
initializing compilation:
eliminating children…5954 (-1875)
searching uncompiled…5682 (2253 were stale)
translating and compiling:
searching untranslated…5622 (3369 were stale)
translating jsps… 85% complete: 4800/5622 ETA: 53s
translating jsps…5622/5622 in 7m31s
compiling jsps… 

The Logs shows only this error :-


I increased the apache timeout in the context file for nothing .

When access the EBS Application Link :-

From RFC 2068 Hypertext Transfer Protocol — HTTP/1.1:
10.4.5 404 Not Found

The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address. 

I opened SR and now it’s 45  days without any solution !!!!

Any idea

Thank you guys 🙂

Import hangs On index level.

Today some customer contact me complaining that they are trying to sync the development with UAT, when i check the issue everything was normal for the first time, but the alert logs indicate that database could complete the checkpoint.

so this what i did to make the import faster ( which i completed it as well ) :-

  • Change database to no archive mode.
  • increase sga_target temporary.
  • use parallel command depend on cpu core.
  • Use commit=N with import parameters.
  • you can exclude indexes by exclude=indexes but i don’t prefer this at all.
  • increase db_cache_size.
This simple steps that could help someone to make import little faster or solve hang issue.
let me know if you need anything 🙂
Merry Christmas guys 

Oracle Open World 2015 review

As all of you know Oracle open world 2015 finished before 2 days ago, and simply it’s was amazing, my trip started on OCT-21-2015 Wenseday and it’s was totally morning flight which mean i supposed to be in airport at 4:00 am because of to avoid miss my flight i didn’t sleep, the flight was from Jordan – Amman to Turkey – IST and then to SF, when i landed in IST i met my old friend Gurcan Orhan this man is awesome, he managed everything from our seats to waiting in the lounge but i have to say he spent 11 hours sleeping from IST- SF. meanwhile i was watching San Andres movie which i discovered later it was bad idea , in case you didn’t watch it’s movie talking about earthquake happened in San Francisco, actually i watched all the entertainment movie and i was thinking what i will go when i will be back home ? simply i watch San Andres again.

anyway we landed after 13 hours of flying and we met the great Tim Hall the great oracle guy i am sure this man is helping a lot of DBA with his amazing blog. so we took the shuttle “tim, Gurcan, Arup,cary , simon and me”.

Don’t forget this is was my first OOW15 as ACED :), so i attended ACED Breifing and meet my old friends there, during the two days i learnt alot of new things about Oracle that i can’t mention it here because the NDA, and i want to thanks Oracle ACE program to organizing all this and make it true so let’s skip this part.
OOW15 started on sunday with an amazing weather, attending session about RAC, Database just like arup said ” there is database and everything else” and sure the middleware sessions.
I had so much fun & learning, the funny thing that i met Deiby and nassyam for the first time and these guys are simply funny and crazy 🙂 i think we can be called the four musketeers “Me, Alex Zaballa, Deiby and Nassyam”
Let’s not forget the amazing friend all over the world such as : Bobby, Danny Bryant, Kellyn, Heli,  Steve , Kevin ,Mahir, kamran, sai ram, Joel and a lot of amazing people and friends but i can’t feel my fingers 🙂 
Also The ACE dinner on Sunday night was awesome,almost all the ACE’s in one place and we had so much there, in OOW I lost twice with F1 Simulation but i want one of these machine anyway.

and i noticed that i am not good at all when i am eating spicy food i spent my time like the following  one hand drink water the other one wiping my tears. thanks for Sai , Nassyam and Hariharaputhran.

there is so much to say about OOW15 but this is as quick review for it and if you have any more question about it you can ask me 🙂

Error : Cannot export Display Linux

There are different tools to do X11 forwarding on Windows one of them Xming it’s small software and very easy to use no need to do any special configuration only run the installation file.

But sometimes you are using this application and try to run the GUI on your desktop or laptop it’s working like you excepted, one simple solution to solve it.

I am using as ssh client Putty, before put the server ip from putty left panel

  • Connection > SSH > X11
  • Check X11 forwarding: [x] Enable X11 forwarding
  • Add to the “X display location” field: localhost:0.0

ORA-00845: MEMORY_TARGET not supported on this system

SQL> alter system set memory_max_target=2GB scope=spfile;
System altered.
SQL> alter system set memory_target=2GB scope=spfile;
System altered.

 SQL> startup ;

ORA-00845: MEMORY_TARGET not supported on this system

Check the following Space :-

ECATSTDB oracle: :/home/oracle\>df -h
Filesystem            Size  Used Avail Use% Mounted on
                       20G  3.3G   15G  18% /
                       90G   45G   41G  53% /Oracle
/dev/sda1              99M   18M   77M  19% /boot
tmpfs                 3.0G     0  3.0G   0% /dev/shm

Increase the space

mount -t tmpfs shmfs -o size=6144m /dev/shm

now startup the database.