Locking a User in OIM Identity Manager Self Service Admin Console Integrated with OID 11g Fails with: IAM-3050166 : An error occurred while performing lock user operation. Can't find resource for bundle java.util.PropertyResourceBundle, key IAM-3050042 (Doc ID 2043580.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1.7.0 and later
Identity Manager - Version 11.1.2.2.5 and later
Oracle Fusion Financials Common Module Cloud Service - Version 11.1.8.0.0 to 11.1.8.0.0 [Release 1.0]
Information in this document applies to any platform.

Symptoms

Error returned when attempting to lock user from Oracle Identity Manager (OIM) Identity Manager Self Service Admin Console integrated with Oracle Internet Directory (OID) 11g as backend LDAP:

IAM-3050166 : An error occurred while performing lock user operation. Can't find resource for bundle java.util.PropertyResourceBundle, key IAM-3050042

Or:

The Lock operation failed. pwdaccountlockedtime attribute has duplicate value.


This error occurs if a user already has a value present for attribute 'pwdfailuretime', or the user is currently locked.

OIM trace shows:

[APP: oim#11.1.2.0.0] Could not modify entry.[[javax.naming.directory.AttributeInUseException: [LDAP: error code 20 - pwdaccountlockedtime attribute has duplicate value.];

OID debugged log shows:

2015-06-16T20:54:42 * Adding (grp)access=20, Avail access: 20, Req access=20
2015-06-16T20:54:42 * Available access: 20, Requested access=20 Result=Allowed
2015-06-16T20:54:42 * gslaudeaAttributesEvaluation:Operation id:(15) Attribute Access              to entry (uid=test,cn=Users,cn=oracleAccounts,dc=mycompany,dc=com) allowed
2015-06-16T20:54:42 * Replacing pwdfailuretime in gslsbmApplyModtoEntry()
2015-06-16T20:54:42 * Replacing pwdaccountlockedtime in gslsbmApplyModtoEntry()
2015-06-16T20:54:42 * [gsldmruUpdSingleAttrVal]: ORA-1 : ORA-00001: unique constraint (ODS.ST_PWDACCOUNTLOCKEDTIME) violated encountered
END
]]


Already validated that the pwdMaxFailure for OID and Oracle Virtual Directory (OVD) adapters are set to the same value as indicated in <Document 1952992.1>.

The issue reproduces via command line directly to a standalone OID with 11.1.1.7.0 with <Patch 16482304> applied, as well as in OID with Bundle Patch 11.1.1.7.7 or 11.1.1.7.3.

Steps to Reproduce via command line:
1. Apply Patch 16482304 on top of OID 11.1.1.7.0.

2. Apply the following ldif file to a test user using ldapmodify, for example:

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms