Unable to call fnd_ldap_wrapper . create_user / update_user ORA-20001

This post covers steps on how to troubleshoot “Unable to call fnd_ldap_wrapper . create_user / update_user” issues. This is similar to issue I discussed here in May 2009

Setup – E-Business Suite (11i/R12) integrated with OID/SSO
Issue– Error while creating/updating user in EBS 11i/R12 – Unable to call fnd_ldap_wrapper . create_user | update_user

This error could be because of many reasons , to name few
1) More Secure Password Policy in OID compared to E-Business Suite
2) User already exists in OID but missing in E-Business Suite
3) apps user does not have privileges to access dbms_ldap package.
4) AppsDN password expired in OID (password expiry in OID)
5) OID or DIP server not running

To narrow down issue, enable debug in Apps and then search for issues around error message.

How to troubleshoot fnd_ldap_wrapper issues ?

Step 1 : Enable Profile Option Debug

System Administrator -> Profile -> System -> set profile option “FND: Debug Log Enabled” to Yes

Step 2 : Reproduce Issue

Step 3 : Check logs in FND_LOG_MESSAGES table

SQL> select module||’ ‘||message_text , timestamp from apps.fnd_log_messages where timestamp > (sysdate – 1) order by timestamp;

fnd.plsql.oid. fnd_ldap_user. create_user: ORA-31202:DBMS_LDAP: LDAP client/server error: UnKnown Error Encountered
. Server Plug-in OCI failure 12-Aug-09

Step 4 : Search for issue mentioned in message_text from apps.fnd_log_messages (In my case ORA-31202 – Server Plug-in OCI failure which was caused by custom plug-in OID for ldapadd event)

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

7 comments

Subhajit says October 14, 2009

In many of the cases, I have also seen that this error comes up when ping is not working from the E-Biz db node to the ldap and MR server.

‘ORA-2001’ is reported in fnd debug logs.

The OID Diagnostics report also shows the following message :

“DBMS_LDAP: PL/SQL – Init Failed. ”

So make sure the /etc/hosts file of E-Biz has the entries of the LDAP and MR server and is able to resolve their hostnames.

Thanks
Subhajit

Harmeet says April 26, 2010

Hi Atul,

How to check if “AppsDN password expired in OID”??

Thanks,
Harmeet

Narendra says May 30, 2011

Hi Atul,

I am integrating demantra, EBS, SSO/OID.

while creating a new user in EBS it is showing the following error :

Unable to call fnd_ldap_wrapper.create_user due to the following reason:
ORA-20001:Unable to call fnd_ldap_wrapper.create user due to the following reason:
An unexpected error occured.Please contact your system administrator.(USER_NAME=NARENDRA) (USER_NAME=NARENDRA).

And also I am not able to syschronize the users in EBS and Demantra.

Any solution to this issue ?

Thanks and Regards,
Narendra.Challa

Atul Kumar says May 30, 2011

@ Narendra,
This could be for number of reasons, to find root cause enable debug as mentioned above and check in FND_LOG_MESSAGES

kjj1983 says October 8, 2011

Hi Atul –

I am having a hard time provisioning to ebusiness suite 12; it is SSO enabled with OID as the LDAP Repository.

I am able to
1.provision userid testuser1 to OID.
2.provision userid oimuser1 to ebusiness (I have not enabled SSO in the connector configuration at this point)

When I try to provision user oimuser1 to OID, it says a duplicate entry already exists.

Unabled to call fnd_ldap_wrapper.create_user due to the following reason:
ORA-20001: Unabled to call fnd_ldap_wrapper.create_user due to the following reason:
A user with the given username already exists. Please choose a different username.. (USER_NAME=OIMTEST2). (USER_NAME=OIMTEST2).
ORA-06512: at “APPS.APP_EXCEPTION”, line 72
ORA-06512: at “APPS.FND_USER_PKG”, line 1038
ORA-06512: at “APPS.FND_USER_PKG”, line 1196
ORA-06512: at “APPS.FND_USER_PKG”, line 1315
ORA-06512: at line 1
I also tried connector config with SSO Enabled parameters.
SSO Enabled – Yes
SSO IT Resource – OID IT Resource (resource name of OID)
SSO Identifier – orclGUID
SSO Login Attribute – uid

While provisioning the user to ebiz (sso enabled) – I provided the SSO Userid, same as idm user id, it gave me error it does not exist.
And if I leave the field blank- it gives me error stating Input field is blank.

Please help

Kalpesh says August 31, 2012

In my case issue was on OID side.

Added ACL to tree containing users.

ref. metalink note 307627.1

subhajit says August 31, 2012

Hi Kalpesh

Is the metadata repository in your case 11g version?

Add Your Reply