My Oracle Support Banner

OID 11g Java External Authentication Plugin With Command Line oidexcfg Fails with Exception: javax.naming.directory.InvalidAttributeValueException (Doc ID 1451687.1)

Last updated on OCTOBER 04, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.
***Checked for relevance on 15-MAY-2014***

Symptoms

Oracle Internet Directory (OID) 11g, i.e., 11.1.1.5.

Attempting to configure OID External Authentication Plugin to authenticate users against a remote LDAP directory server, e.g., Active Directory (AD), by following documentation:

Oracle® Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform 11g Release 1 (11.1.1) Part Number E10031-04
  Chapter 17 Configuring Synchronization with a Third-Party Directory
     https://docs.oracle.com/middleware/11119/dip/administer/odip_config_integration.htm#OIMIG1566



Running the following command:

java -classpath $CLASSPATH oracle.ldap.extplg.oidexcfg -h myoidhost.mycompany.com -p 3060 -D "cn=orcladmin" -w <password> -t ad

Returns error:

Exception: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 -Admin Domain restricts modification of Attribute: orclnormdn .]; remaining name 'cn=oidexplg_bind_ad,cn=plugin,cn=subconfigsubentry'

Depending on what is entered in the plugin configuration, the error can occur on different attributes, such as:

Exception: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - Admin Domain restricts modification of Attribute: createtimestamp .]; remaining name 'cn=oidexplg_bind_ad,cn=plugin,cn=subconfigsubentry' when updating OID.
Please correct the error(s) and rerun this configuration tool

And if following forum or community threads that may suggest to modify the OID schema and change these operational attributes, i.e., unchecking their "Read-only" flag, or changing the "Usage" to "User Applications", the error attribute may be:

Exception: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - Admin Domain restricts modification of Attribute: orclguid .]; remaining name 'cn=oidexplg_bind_ad,cn=plugin,cn=subconfigsubentry' when updating OID.
Please correct the error(s) and rerun this configuration tool



Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.