If your database cannot read its enterprise domain information in Oracle Internet Directory, then check the following:
Use Oracle Enterprise Manager to check that the database is a member of exactly one enterprise domain, and add it to one if it is not.
Check that the database can see its domain, by entering one of the following at the command line:
If the database connects to the directory over SSL, then use
ldapsearch -h directory_host -p directory_SSLport -U 3 -W "file:database_wallet_path" -Q -b "cn=OracleContext, realm_DN" "objectclass=orclDBEnterpriseDomain" Please enter SSL wallet password: wallet_password
where wallet_password is the password to the wallet, which enables you to open or change the wallet.
If the database connects to the directory by using password authentication, then use
ldapsearch -h directory_host -p directory_port -D database_DN -q -b "cn=OracleContext, realm_DN" "objectclass=orclDBEnterpriseDomain" Please enter bind password: database_directory_password
where database_directory_password is the password in the database wallet, which is the database's password to Oracle Internet Directory.
The ldapsearch command should return exactly one enterprise domain.
If no domain is returned and Oracle Enterprise Manager shows the database as a member of a domain, then restart the database. Restarting the database updates the cached value for the enterprise domain.
If more than one domain is returned, then use Oracle Enterprise Manager to remove the database from the additional domain.
Check that the database can read the enterprise domain subtree and thus can read its enterprise roles and mappings, by entering one of the following at the command line:
If the database connects to the directory over SSL, then use
ldapsearch -h directory_host -p directory_SSLport -U 3 -W "file:database_wallet_path" -Q -b "cn=OracleContext, realm_DN" "objectclass=orclDBEnterpriseRole" Please enter SSL wallet password: wallet_password
where wallet_password is the password to the wallet, which enables you to open or change the wallet.
If the database connects to the directory by using password authentication, then use
ldapsearch -h directory_host -p directory_port -D database_DN -q -b "cn=OracleContext, realm_DN" "objectclass=orclDBEnterpriseRole" Please enter bind password: database_directory_password
where database_directory_password is the password in the database wallet, which is the database password to Oracle Internet Directory.
This ldapsearch should return all of the enterprise roles that you have created for this domain. If it does not, then use Oracle Enterprise Manager to create enterprise roles and mappings.
Use Oracle Enterprise Manager to set or reset the user authentication policy for the relevant enterprise domain. See "Configuring User Authentication Types and Enabling Current User Database Links" for information about setting the user authentication policy for an enterprise domain.