My Oracle Support Banner

WebLogic Portal (WLP) LDAP and Database Out of Sync (Doc ID 1061447.1)

Last updated on SEPTEMBER 28, 2023

Applies to:

Oracle WebLogic Portal - Version 8.1 and later
Information in this document applies to any platform.

Purpose

There are times when WebLogic Portal's (WLP) Embedded LDAP (LDAP) and Database (DB) become "out of sync" and corrupted.  When the LDAP and DB do become out of sync it is difficult to determine the extent of the corruption.

The process of recovering from this corruption can be extremely tedious, time consuming and usually causes a loss of data. The data loss can include Users and Groups, Entitlements and Delegated Administration stored in the Embedded LDAP.

This corruption has been known to happen in all WLP versions from 8.1 through to 10.3.

Note: Starting with WLP 10.3.2, if the domain is configured to use the RDBMS Security Store (the WLP Domain Default), the LDAP directory data will no longer become out-of-sync as it will all be stored in the DB, however a small possibility will still remain regarding the Policy Store. When editing policy data, updates are made to the policy data tables as well as the WLP internal DB (policy_ref tables) and if these updates are interrupted before they can complete, an out-of-sync condition could occur. This will happen as the Policy Store does not allow XA transactions. However, since these tables are likely to exist on the same DB server and in the same schema, the exposure is very small.

See the last section in this document on migrating to the RDBMS Security Store in 10.3.2.


The purpose of this document is to help diagnose, troubleshoot and resolve issues related to the WLP LDAP and DB going out of sync.

Troubleshooting Steps

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Purpose
Troubleshooting Steps
 What is the cause of the corruption and how does the LDAP become out of sync with the DB?
 
How do you know when the LDAP and DB are out of sync?
 Recovering from the corruption
 What to do if the PortalSystemDelegator Role is corrupt (missing)
 
 Migration to the RDBMS Security Store when LDAP / DB is out of sync due to missing policies in LDAP (This option is only applicable for 10.3.2 and later versions)
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.