OID Attributes with Integer Match Unsearchable
(Doc ID 1073933.1)
Last updated on OCTOBER 16, 2019
Applies to:
Oracle Internet Directory - Version 10.1.4.3 and laterInformation in this document applies to any platform.
Symptoms
LDAP search with a filter on an "Integer" type attribute fails with LDAP Error Code 53, DSA is unwilling to perform. In this case the uidNumber attribute.
The uidNumber attribute (posixAccount objectclass) is required for OS/PAM Authentication; searches for the user account are done based on the uidNumber attribute.
The error in the server when the OS Authentication attempt (SSH) is made is similar to the following:
2 12:29:07 eek sshd[4332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<HOSTNAME> user=<USERNAME>
Feb 2 12:29:07 eek sshd[4332]: Accepted password for <USERNAME> from <IP_ADDRESS> port <PORT> ssh2
Feb 2 12:29:07 eek sshd[4332]: pam_unix(sshd:session): session opened for user <USERNAME> by (uid=0)
Feb 2 12:29:07 eek sshd[4332]: nss_ldap: could not search LDAP server - Server is unavailable
Feb 2 12:29:07 eek sshd[4332]: fatal: login_get_lastlog: Cannot find account for uid XXXX
Feb 2 12:29:07 eek sshd[4332]: pam_unix(sshd:session): session closed for user <USERNAME>
The same search was failing using a command line ldapsearch.
I
$ORACLE_HOME/bin/ldapsearch -h <OID_HOSTNAME> -p <PORT> -D cn=orcladmin -w <PASSWORD> -L -s sub -b "cn=users,dc=<COMPANY>,dc=com" uidnumber=<UID_NUMBER>
ERROR:
ldap_search: DSA is unwilling to perform
ldap_search: additional info: Function Not Implemented
Changes
OID has been upgraded from version 10.1.4.0.1 to version 10.1.4.3
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |