OID 11g oidcmprec Compare/Reconcile of Whole/Entire DIT Includes Entries Such As "cn=subregistrysubentry", "cn=subconfigsubentry" or "cn=oracle internet directory", Which Can Overwrite and Break Existing orclsslwallet Certificate Information (Doc ID 2086347.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

Compare and reconcile using oidcmprec tool of the entire DIT of Oracle Internet Directory (OID) 11g, e.g., 11.1.1.7 or 11.1.1.9, includes instance entries such as "cn=oid1,cn=osdldapd,cn=subconfigsubentry", so it can overwrite the destination server's existing and working configuration, in particular the attribute holding the ssl wallet information, orclsslwallet, where the destination instance ssl mode connections can then become unusable as all the certificate information on the destination OID is overwritten with the certificate data from the source node.

For example compare an entire directory with:

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms