DBMS_LDAP Retrieves Incorrect (Garbled) Custom Attribute Value from OID

(Doc ID 2036251.1)

Last updated on AUGUST 25, 2017

Applies to:

Oracle Internet Directory - Version 9.0.4 to 11.1.1 [Release 10gR1 to 11g]
Information in this document applies to any platform.

Symptoms

Unable to retrieve correct or expected value from custom attribute in Oracle Internet Directory (OID) via dbms_ldap.

Steps to Reproduce:
1. Create custom object class and attribute in OID, for example:

dn: cn=subschemasubentry
changetype: modify
add: attributetypes
attributetypes: ( 2.7.1.1 NAME 'customguid' DESC 'Guid' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )

And its custom objectclass, e.g.:

dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: ( 2.7.7.8 NAME 'CustomPerson' SUP top AUXILIARY MAY ( customguid ) )


2. Able to populate it via ldif file and ldapadd:

dn: cn=testuser,cn=Users,dc=example,dc=com
givenname: testuser
sn: testuser
userpassword: mypassword
mail: testuser@example.com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
objectclass: CustomPerson
uid: testuser
cn: testuser
customguid: <value>



Reviewed the following Note and ruled out any extraneous spaces or characters:
Output of Ldapsearch Seems Corrupt After Creating using Ldapadd Document 1619111.1

Tried using doublecolon in the ldif file, e.g., customguid:: <base64 encoded value>, but it makes no difference.

Tried deleting several users and recreating them using ldapadd, then resync'ng with EBS. Was then able to retrieve the correct value from both ldsearch and dbms_ldap using test scripts. However, a production database (DB) function using same dbms_ldap still returns the garbled value.

Also tried deleting all of the users from OID and recreating them with the original ldif files, but the results are the same; test scripts work but db function does not.

In Oracle Directory Services Manager (ODSM), now the value displays correctly (before recreating the users it looked like a string of pictures and squares and random characters).

Also saw the error in the following Note returned in certain test scenarios, though not recently:
Dbms_ldap.Get_values Fails With Ora-12703: This Character Set Conversion Is Not Supported Document 1128543.1

(Note: This attribute/value comes from another application which uses a 3rd party ldap server such as Novell eDirectory. External users authenticate against that directory and if/when successful are provisioned to OID. So there is no control over what is done to the eDir guid before it is sent over. That value is also stored in a table in another database (DB) as cross-reference; when not getting that same exact value back (i.e. it is garbled), the integration does not work.)

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms