OIM Not Able To Lock Any User - InvalidAttributeValueException LDAP: Error Code 21 After Processing Replace Oblockedon (Doc ID 2002556.1)

Last updated on SEPTEMBER 14, 2016

Applies to:

Oracle Access Manager - Version 11.1.2.2.0 and later
Oracle Virtual Directory - Version 11.1.1.7.0 and later
Identity Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

Not able to lock any user from the OIM admin console with LDAP sync option enabled for Active Directory (AD). All other actions like create, update, disable and enable user are working fine but only lock/unlock user is not working.
the following error occurs.

[2015-02-12T13:25:42.387-05:00] [oim_server1] [TRACE] [] [oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement] [tid: [ACTIVE].ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 008c4605071c394a:-3364302e:14b77028ed5:-8000-0000000000004a21,0] [SRC_CLASS: oracle.ods.virtualization.engine.util.VDELogger] [APP: oim#11.1.2.0.0] [SRC_METHOD: debug] Entry to modify after processing: replace: oblockedon[[
oblockedon: 20150212132542z
-

]]
[2015-02-12T13:25:42.389-05:00] [oim_server1] [WARNING] [OVD-40082] [oracle.ods.virtualization.engine.backend.jndi.ad1.ConnectionHandle] [tid: [ACTIVE].ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 008c4605071c394a:-3364302e:14b77028ed5:-8000-0000000000004a21,0] [APP: oim#11.1.2.0.0] Could not modify entry.[[
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - 00000057: LdapErr: DSID-0C090B8A, comment: Error in attribute conversion operation, data 0, v1db1]; remaining name 'CN=User Name,OU=Staff,CN=Users,DC=oracle,DC=com'

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms