My Oracle Support Banner

"dsadm re-index" Command Coredumps When A VLV Index With Encrypted Attributes Are Configured (Doc ID 1451113.1)

Last updated on MAY 17, 2018

Applies to:

Oracle Directory Server Enterprise Edition - Version 11.1.1.5.0 to 11.1.1.5.2 [Release 11gR1]
Oracle Solaris on SPARC (64-bit)
Oracle Solaris on x86-64 (64-bit)

Symptoms

ODSEE 11.1.1.5.0 Solaris, Security/SSL

When attempting to re-index a VLV index from the command line, a core file is generated by the DSADM command. the following error occurs.

 

bash-3.00# dsadm reindex -l -t "Sort sn givenname uid" /space/instances/dp-openssl-ca-test-50389/ dc=ssltest,dc=example,dc=com 
[26/Dec/2011:18:01:40 -0700] - DEBUG - conn=-1 op=-1 msgId=-1 - Backend Instance: ssltest 
[26/Dec/2011:18:01:40 -0700] - ssltest: Indexing VLV: Sort sn givenname uid 
[26/Dec/2011:18:01:40 -0700] - ssltest: Index buffer bucket size: 0 
[26/Dec/2011:18:01:40 -0700] - index ssltest: Start processing. 
[26/Dec/2011:18:01:40 -0700] - ERROR- Encryption - conn=-1 op=-1 msgId=-1 - Internal error Missing security initialization required by attribute encryption. 
[26/Dec/2011:18:01:40 -0700] - ERROR- Encryption - conn=-1 op=-1 msgId=-1 - Internal error Cannot encrypt/decrypt: missing crypto key for mechanism ckm_rc2_cbc. 
[26/Dec/2011:18:01:40 -0700] - ERROR- Backend Database - conn=-1 op=-1 msgId=-1 - Encryption plugin (ckm_rc2_cbc): failed to decrypt. 
[26/Dec/2011:18:01:40 -0700] - ERROR- Encryption - conn=-1 op=-1 msgId=-1 - Internal error Missing security initialization required by attribute encryption. 
[26/Dec/2011:18:01:40 -0700] - ERROR- Encryption - conn=-1 op=-1 msgId=-1 - Internal error Cannot encrypt/decrypt: missing crypto key for mechanism ckm_rc2_cbc. 
[26/Dec/2011:18:01:40 -0700] - ERROR- Backend Database - conn=-1 op=-1 msgId=-1 - Encryption plugin (ckm_rc2_cbc): failed to decrypt. /opt/odsee-11gR1p1/dsee7/lib/64/ns-slapd db2index -D /space/instances/dp-openssl-ca-test-50389 -s dc=ssltest,dc=example,dc=com -T Sort sn givenname uid dumps core Failed to generated indexes: err=-2 

 

 

 

The issue can be reproduced at will with the following steps:

1. Configure encrypted attributes within your suffix.

2. Set up VLV indexes for the same suffix (does not matter if you use encrypted attributes or not)

3. Import data into suffix

4. Attempt dsadm re-index of the VLV index, process crashes producing a core file.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.