DBMS_LDAP Retrieves Incorrect (Garbled) Custom Attribute Value from OID (Doc ID 2036251.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 9.0.4 to 11.1.1 [Release 10gR1 to 11g]
Information in this document applies to any platform.

Symptoms

Unable to retrieve correct or expected value from custom attribute in Oracle Internet Directory (OID) via dbms_ldap.

Steps to Reproduce:
1. Create custom object class and attribute in OID, for example:

dn: cn=subschemasubentry
changetype: modify
add: attributetypes
attributetypes: ( 2.7.1.1 NAME 'customguid' DESC 'eDir Guid' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )

And its custom objectclass, e.g.:

dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: ( 2.7.7.8 NAME 'CustomPerson' SUP top AUXILIARY MAY ( customguid ) )


2. Able to populate it via ldif file and ldapadd:

dn: cn=testuser,cn=Users,dc=mycompany,dc=com
givenname: testuser
sn: testuser
userpassword: mypassword
mail: testuser@mycompany.com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: CustomPerson
uid: testuser
cn: testuser
customguid: FueZs2ydsUj7nRbnmbNsnQ==



Reviewed the following Note and ruled out any extraneous spaces or characters:
Output of Ldapsearch Seems Corrupt After Creating using Ldapadd <Document 1619111.1>

Tried using doublecolon in the ldif file, e.g., customguid:: FueZs2ydsUj7nRbnmbNsnQ==, to no difference.

Tried deleting several users and recreating them using ldapadd, then resync'ng with EBS. Was then able to retrieve the correct value from both ldsearch and dbms_ldap using test scripts. However, a production database (DB) function using same dbms_ldap still returns the garbled value.

Also tried deleting all of the users from OID and recreating them with the original ldif files, but the results are the same; test scripts work but db function does not.

In Oracle Directory Services Manager (ODSM), now the value displays correctly (before recreating the users it looked like a string of pictures and squares and random characters).

Also saw the error in the following Note returned in certain test scenarios, though not recently:
Dbms_ldap.Get_values Fails With Ora-12703: This Character Set Conversion Is Not Supported <Document 1128543.1>

(Note: This attribute/value comes from another application which uses Novell eDirectory. External users authenticate against that directory and if/when successful are provisioned to OID. So there is no control over what is done to the eDir guid before it is sent over. That value is also stored in a table in another database (DB) as cross-reference; when not getting that same exact value back (i.e. it is garbled), the integration does not work.)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms