OID 11g oidcmprec Compare / Reconcile of Whole/Entire DIT Tree Includes "cn=subregistrysubentry" "cn=subconfigsubentry" "cn=oracle internet directory" and Overwrites / Deletes / Breaks Target OID: Missing Components, orclsslwallet Certificate Information
Last updated on OCTOBER 19, 2017
Applies to:Oracle Internet Directory - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
Compare and reconcile using oidcmprec tool of the entire DIT of Oracle Internet Directory (OID) 11g, e.g., 126.96.36.199 or 188.8.131.52, includes instance entries such as "cn=oid1,cn=osdldapd,cn=subconfigsubentry", so it can overwrite the destination server's existing and working configuration, in particular the attribute holding the ssl wallet information, orclsslwallet, where the destination instance ssl mode connections can then become unusable as all the certificate information on the destination OID is overwritten with the certificate data from the source node.
For example compare an entire directory with:
The oidcmprec reconcile of the entire DIT can also overwrite or delete entire components configuration on the target OID, e.g., if the source OID only has one oid1 component, but the target / destination OID has an oid2 and oid4, then oidcmprec reconcile will delete oid2 and oid4 and replace it with just oid1 on the target OID to match the source. This would then result on an outage as the original configuration/ports on the target OID are now missing, and the target OID cannot be accessed after startup.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms