OID 11g oidcmprec Compare / Reconcile of Whole/Entire DIT Tree Includes "cn=subregistrysubentry" "cn=subconfigsubentry" "cn=oracle internet directory" and Overwrites / Deletes / Breaks Target OID: Missing Components, orclsslwallet Certificate Information

(Doc ID 2086347.1)

Last updated on OCTOBER 19, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

Compare and reconcile using oidcmprec tool of the entire DIT of Oracle Internet Directory (OID) 11g, e.g., 11.1.1.7 or 11.1.1.9, includes instance entries such as "cn=oid1,cn=osdldapd,cn=subconfigsubentry", so it can overwrite the destination server's existing and working configuration, in particular the attribute holding the ssl wallet information, orclsslwallet, where the destination instance ssl mode connections can then become unusable as all the certificate information on the destination OID is overwritten with the certificate data from the source node.

For example compare an entire directory with:


The oidcmprec reconcile of the entire DIT can also overwrite or delete entire components configuration on the target OID, e.g., if the source OID only has one oid1 component, but the target / destination OID has an oid2 and oid4, then oidcmprec reconcile will delete oid2 and oid4 and replace it with just oid1 on the target OID to match the source. This would then result on an outage as the original configuration/ports on the target OID are now missing, and the target OID cannot be accessed after startup.

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms