DBMS_LDAP Retrieves Incorrect (Garbled) Custom Attribute Value from OID
(Doc ID 2036251.1)
Last updated on OCTOBER 09, 2019
Applies to:
Oracle Internet Directory - Version 9.0.4 and laterInformation in this document applies to any platform.
Symptoms
Unable to retrieve correct or expected value from custom attribute in Oracle Internet Directory (OID) via dbms_ldap.
Steps to Reproduce:
1. Create custom object class and attribute in OID, for example:
changetype: modify
add: attributetypes
attributetypes: ( 2.7.1.1 NAME 'customguid' DESC 'Guid' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
And its custom objectclass, e.g.:
changetype: modify
add: objectClasses
objectClasses: ( 2.7.7.8 NAME 'customperson' SUP top AUXILIARY MAY ( customguid ) )
2. Able to populate it via ldif file and ldapadd:
givenname: <GIVEN_NAME>
sn: <SUR_NAME>
userpassword: <PASSWORD>
mail: <USERNAME>@<COMPANY>.com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: CustomPerson
uid: <USERNAME>
cn: <USERNAME>
customguid: <CUSTOM_ATTRIBUTE_VALUE>>
Reviewed the following Note and ruled out any extraneous spaces or characters:
Output of Ldapsearch Seems Corrupt After Creating using Ldapadd Document 1619111.1
Tried using doublecolon in the ldif file, e.g., customguid:: <base64 encoded value>, but it makes no difference.
Tried deleting several users and recreating them using ldapadd, then resync'ng with EBS. Was then able to retrieve the correct value from both ldsearch and dbms_ldap using test scripts. However, a production database (DB) function using same dbms_ldap still returns the garbled value.
Also tried deleting all of the users from OID and recreating them with the original ldif files, but the results are the same; test scripts work but db function does not.
In Oracle Directory Services Manager (ODSM), now the value displays correctly (before recreating the users it looked like a string of pictures and squares and random characters).
Also saw the error in the following Note returned in certain test scenarios, though not recently:
Dbms_ldap.Get_values Fails With Ora-12703: This Character Set Conversion Is Not Supported Document 1128543.1
(Note: This attribute/value comes from another application which uses a 3rd party ldap server such as Novell eDirectory. External users authenticate against that directory and if/when successful are provisioned to OID. So there is no control over what is done to the eDir guid before it is sent over. That value is also stored in a table in another database (DB) as cross-reference; when not getting that same exact value back (i.e. it is garbled), the integration does not work.)
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |