OVD 11g Sorted Search Returns Incomplete Results. OVD Log Error: javax.naming.CommunicationException: bad record MAC Root exception is javax.net.ssl.SSLException: bad record MAC
(Doc ID 1928654.1)
Last updated on MAY 31, 2024
Applies to:
Oracle Virtual Directory - Version 11.1.1.4.0 to 11.1.1.6.0 [Release 11g]Information in this document applies to any platform.
Symptoms
Oracle Virtual Directory (OVD) 11.1.1.4.0.
An application, which runs a server-side sort search request on "cn=*" for all internal users, intermittently (sometimes even frequently) returns incomplete or truncated results.
This affects mostly SSL connections from join adapters.
Tuning OVD, JVM and upgrading jdk version does not help.
OVD log main error:
javax.naming.CommunicationException: bad record MAC Root exception is javax.net.ssl.SSLException: bad record MAC
at com.sun.jndi.ldap.LdapCtx.getSearchReply(LdapCtx.java:1898)
at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:111)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
at com.octetstring.vde.backend.jndi.JNDIEntrySet.hasMoreInternal(JNDIEntrySet.java:408)
at com.octetstring.vde.backend.jndi.JNDIResultBuffer.loadAnEntry(JNDIResultBuffer.java:95)
at com.octetstring.vde.backend.jndi.JNDIResultBuffer.run(JNDIResultBuffer.java:131)
Caused by: javax.net.ssl.SSLException: bad record MAC
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1581)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:850)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:746)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at com.octetstring.vde.backend.jndi.OvdJndiInputStream.read(OvdJndiInputStream.java:60)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:258)
at java.io.BufferedInputStream.read(BufferedInputStream.java:317)
at com.sun.jndi.ldap.Connection.run(Connection.java:808)
at java.lang.Thread.run(Thread.java:619)
The logs may also sometimes show other exceptions such as connection resets, LDAP response read timed outs, and/or size limit exceptions, e.g.:
javax.naming.InterruptedNamingException: Interrupted during LDAP operation
at com.sun.jndi.ldap.Connection.readReply(Connection.java:441)
at com.octetstring.vde.backend.jndi.ConnectionHandle.handleError(ConnectionHandle.java:449)
at com.octetstring.vde.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:290)
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] Size Limit Exception detected: [LDAP: error code 4 - Sizelimit Exceeded]
The issue can sometimes be reproduced via command line, for example:
While there could be infrastructure/connectivity issues from OVD to the backends, OVD is returning incomplete sorted search results as though it were fully successful, instead of returning an appropriate error.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |