My Oracle Support Banner

ODSEE - Replication Changelog Error When Configuring Attribute Encryption in Multiple Primary/Supplier Replication (Doc ID 1510957.1)

Last updated on JANUARY 30, 2022

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.3.1 SP1 DPS6.3.1.1 to [Release 6.0 to 11gR1]
Information in this document applies to any platform. The procedures detailed in the 6.3 Administration guide are incorrect and are what causes this problem. The database cache files and the transactional logs should not be removed.


The procedure described in 11G Administration Guide should be followed instead,


After performing the procedures outlined below, the following error is encountered

[04/Dec/2012:12:36:51 -0700] - DEBUG - conn=-1 op=-1 msgId=-1 -  Backend Instance: <DB_NAME>
[04/Dec/2012:12:36:51 -0700] - ERROR<4633> - Command line - conn=-1 op=-1 msgId=-1 - Argument error Suffix to be imported contains encrypted attributes: missing key db password.
usage: ns-slapd ldif2db -D instancedir [-d debuglevel] [-n backend_instance_name] [-e] [-O] [-g uniqueid_type] [--namespaceid uniqueID] [-Y keydb-pwd] [-y keydb-pwd-file] [-X][{-s includesuffix}*] [{-x excludesuffix}*] {-i ldif-file}*
Note: either "-n backend_instance_name" or "-s includesuffix" is required.
/<DS_INSTALL>/dsee6/ds6/lib/64/ns-slapd ldif2db -D /<DS_INSTANCE> -s dc=<SUFFIX> -i /<LDIF_NAME>.ldif failed: err=1
Failed to import data: err=1

[04/Dec/2012:12:38:57 -0700] - Sun-Java(tm)-System-Directory/ B2011.1116.2249 (64-bit) starting up
[04/Dec/2012:12:38:57 -0700] - DEBUG - conn=-1 op=-1 msgId=-1 -  libdb: file unknown (meta pgno = 0) has LSN [1][855510].
[04/Dec/2012:12:38:57 -0700] - DEBUG - conn=-1 op=-1 msgId=-1 -  libdb: end of log is [1][2432]
[04/Dec/2012:12:38:57 -0700] - DEBUG - conn=-1 op=-1 msgId=-1 -  libdb: /<DS_INSTANCE>/db/oracle/cl5dc_<CHANGELOG_NAME>.db3: unexpected file type or format
[04/Dec/2012:12:38:57 -0700] - ERROR<8266> - Replication  - conn=-1 op=-1 msgId=-1 - Internal error  Failed to open changelog file for replica ....., DB error 22 - Invalid argument
[04/Dec/2012:12:38:57 -0700] - INFORMATION - NSMMReplicationPlugin - conn=-1 op=-1 msgId=-1 -  Could not send consumer <HOSTNAME:PORT> the bind request
[04/Dec/2012:12:38:57 -0700] - INFORMATION - NSMMReplicationPlugin - conn=-1 op=-1 msgId=-1 -  Failed to connect to replication consumer <HOSTNAME:PORT>
[04/Dec/2012:12:38:57 -0700] - ERROR<8318> - Repl. Transport  - conn=-1 op=-1 msgId=-1 -  [S] Bind failed with response: Failed to bind to remote (900).

The following procedures were performed as outlined in the "Encrypting Attribute Values" section of the ODSEE administration guide

If the suffix on which you want to configure attribute encryption contains any entries whatsoever, you must first export the contents of that suffix to an LDIF file.

If the suffix contains encrypted attributes and you plan to re-initialize the suffix using the exported LDIF file, you can leave the attributes encrypted in the exported LDIF

1) Export data


After following these procedures, the import fails with a corrupted Replication changelog.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.