USER-SCHEMA ERROR Checklist

If your database cannot read the user schema, then check the following:

  1. If this is an SSL-authenticated enterprise user, then ensure that the correct user wallet is being used by checking the following:

    • There is no WALLET_LOCATION parameter value in the client sqlnet.ora file, and

    • The TNS_ADMIN parameter is set properly so that the correct sqlnet.ora file is being used.

  2. Check that the schema was created in the database as a global user, by using the following syntax:

    CREATE USER username IDENTIFIED GLOBALLY AS ' ';

    or by using the following syntax:

    CREATE USER username IDENTIFIED GLOBALLY AS '<DN>';

  3. Suppose the following is true:

    • The user schema is an exclusive schema (created with the CREATE USER username IDENTIFIED GLOBALLY AS 'user_DN'; syntax), and

    • This is an SSL-authenticated user.

    Then, ensure that the DN in the user wallet matches the DN that was used in the CREATE USER statement.

    Use Oracle Wallet Manager to view the DN in the user wallet.

    Use the following syntax to view the DN that was used with the CREATE USER statement:

    SELECT EXTERNAL_NAME FROM DBA_USERS WHERE USERNAME='schema';

  4. If you are using a shared schema, then check the following:

    • Use Oracle Enterprise Manager to ensure that you have created a user-schema mapping either for the entire enterprise domain or for the database.

    • If the user-schema mapping is intended to apply to this database (not to the entire enterprise domain), then check that the database can read its own entry and subtree in the directory.

      To check this, enter the following ldapsearch command for your database-to-directory connection type:

      • If the database connects to the directory over SSL, then use

        ldapsearch -h directory_host -p directory_SSLport -U 3 -W "file:database_wallet_path" -Q -b "database_DN" "objectclass=*"
Please enter SSL wallet password: wallet_password

        where wallet_password is the password to the wallet, which enables you to open or change the wallet.

      • If the database connects to the directory by using password authentication, then use

        ldapsearch -h directory_host -p directory_port -D database_DN -q -b "database_DN" "objectclass=*"
Please enter bind password: database_directory_password

        where database_directory_password is the database bind password returned by a utility like mkstore.

      You should see the database entry and the relevant mapping.

    • If the user-schema mapping applies to the entire enterprise domain rather than to only this individual database, then see "DOMAIN-READ-ERROR Checklist".