OID11g ODSM Changes / Corrupts Base64 Encoded Values of User Custom (octetString) Attributes When Viewing or Updating Other Attributes of User Entries (Doc ID 1947037.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.


Oracle Internet Directory (OID) 11g, e.g., with Oracle Directory Services Manager (ODSM).

After viewing user entries with custom (octetString) attributes and base64 encoded values in ODSM > Data Browser tab, switching to a different tab causes a popup window to appear with:

Save Popup

Apply updates to the following properties?


[Yes] [Cancel]

If the [Yes] button is selected, the above two custom attributes' values get changed to completely different values and are unusable afterwards (as these attributes are used for other applications logins, due to the incorrect values, the users are then unable to login).

If the [Cancel] button is selected, then the above attributes' values are not changed, but other wanted changes are not saved either.

Or, the popup may not appear when switching tabs, but any changes applied to other regular attribute of the user entry results in the custom attributes' values to be modified without the user selecting or updating them.


Steps to Reproduce:

1.  Create a custom objectclass and attribute(s), i.e., using ldif file and ldapmodify as per <Document 202137.1>, for example, with the ldif file below:

dn: cn=subschemasubentry
changetype: modify
add: attributetypes
attributetypes: ( 2.16.840.1.114027. NAME 'mycustomattribute1' EQUALITY octetStringMatch SYNTAX )

dn: cn=subschemasubentry
changetype: modify
add: attributetypes
attributetypes: ( 2.16.840.1.114027. NAME 'mycustomattribute1' EQUALITY octetStringMatch SYNTAX SINGLE-VALUE )

dn: cn=subschemasubentry
changetype: modify
add: objectclasses
objectclasses: ( 2.16.840.1.114027. NAME 'mycustomoc' SUP top AUXILIARY MAY ( mycustomattribute1 $ mycustomattribute2 ))

2.  Encode a value in base64 for the custom attribute, and load it (ldapadd) with an OID entry, for example:

dn: cn=myuser1,cn=users,dc=mycompany,dc=com
objectclass: top
objectclass: person
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: orcluser
objectclass: orcluserv2
objectclass: mytestoc1
cn: myuser1
sn: myuser1
uid: myuser1
givenname: myuser1
displayname: myuser1
description: myuser1
mail: myuser1@mycompany.com
orclisenabled: ENABLED
mycustomattribute1:: MIAEFFqMFzxv2OH4TPaouU8R9C2LLAKLMA ... <etc> ...

3.  Verify the custom attribute value is as above with command line ldapsearch using the -L argument, e.g.:

Note:  Starting over and selecting [Cancel] at the Save Popup window instead does not change the attribute value, but any other attribute changes are not saved either, so ODSM essentiallly cannot be used for this type of entry attributes modification.




Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms