My Oracle Support Banner

OIM Not Able To Lock Any User - InvalidAttributeValueException LDAP: Error Code 21 After Processing Replace Oblockedon (Doc ID 2002556.1)

Last updated on NOVEMBER 22, 2019

Applies to:

Oracle Access Manager - Version and later
Oracle Virtual Directory - Version and later
Identity Manager - Version and later
Information in this document applies to any platform.


Not able to lock any user from the OIM admin console with LDAP sync option enabled for Active Directory (AD). All other actions like create, update, disable and enable user are working fine but only lock/unlock user is not working.
the following error occurs.

[2015-02-12T13:25:42.387-05:00] [xxxxx] [TRACE] [] [oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement] [tid: xxx[ACTIVE].ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <USER>] [ecid: <ECID>] [SRC_CLASS: oracle.ods.virtualization.engine.util.VDELogger] [APP:xxxxx] [SRC_METHOD: debug] Entry to modify after processing: replace: oblockedon[[
oblockedon: 20150212132542z

[2015-02-12T13:25:42.389-05:00] [xxxxx] [WARNING] [OVD-40082] [oracle.ods.virtualization.engine.backend.jndi.ad1.ConnectionHandle] [tid: [ACTIVE].ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <USER>] [ecid: <ECID>] [APP: xxxxxx] Could not modify entry.[[ [LDAP: error code 21 - 00000057: LdapErr: DSID-0C090B8A, comment: Error in attribute conversion operation, data 0, v1db1]; remaining name 'CN=<USERNAME>,OU=<OU>,CN=Users,DC=<COMPANY>,DC=com'



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.