OID 11g: Replacing a CA-Related / Certificate Binary Attribute on One OID Replicates as an "Add" Operation on the Replica OID Instead of a "Modify", and an Additional Value is Added So the Entry Ends Up with Two Attributes (Doc ID 1607018.1)

Last updated on AUGUST 14, 2022

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.

Symptoms

Oracle Internet Directory (OID) 11g with LDAP based replication configured.

OID replication is adding multiple Certificate Authority (CA) related / certificate binary attributes on the replica OID, such as usercertificate;binary, certificaterevocationlist;binary and authorityrevocationlist;binary, instead of replacing the attribute value as it is being done on the originating OID.

The issue can be reproduced with the following steps (this is a simplified example using dummy values for demonstration only):

1. Create a test CA entry in the Supplier/Primary OID, for example:

dn: cn=ca,cn=users,dc=<COMPANY>,dc=com
objectclass: cRLDistributionPoint
cn: ca
certificaterevocationlist;binary:: <FIRST BASE64 ENCODED STRING>

Apply the above file with:

Changes

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

OID 11g: Replacing a CA-Related / Certificate Binary Attribute on One OID Replicates as an "Add" Operation on the Replica OID Instead of a "Modify", and an Additional Value is Added So the Entry Ends Up with Two Attributes (Doc ID 1607018.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!