My Oracle Support Banner

OID Oracle Password Filter in AD Creates Large Logs Causing Disk Full Condition, and Fails to Synchronize Passwords. OIDMain.log Shows: "OID is down..." / "MAX_RETRY LIMIT count is not updated: OID is down" / "Password updation failed in child process" (Doc ID 2120825.1)

Last updated on APRIL 28, 2021

Applies to:

Oracle Internet Directory - Version 10.1.4 to 11.1.1 [Release 10gR3 to 11g]
Information in this document applies to any platform.

Symptoms

Oracle Internet Directory (OID) integrated with Microsoft Active Directory (AD) and the Oracle Password Filter.

Oracle Password Filter suddenly starts creating large logs, about 2GB of log per day, whereas before the log size was about 10MB per day.  These abnormal logs are exhausting the AD server storage, causing disk full condition.

Also the Password Filter stopped synchronizing passwords.

No changes in any of the layers involved.

<date>OIDMain.log shows, for example:

...<snip>...
Password updation failed in child process
Inside sgslutilsplitData
decrypted ...
guidlen =
24
password length =
8
Returning values now

 About to encrypt data to be stored in DataStore

 Invoking OID Entry
Inside OIDEntry
GUID outside -->
dI0zy8YYC02VPH9CZZzt1A==


Inside updateOID
Inside sgsladac c-tor
AD Host
<AD_HOSTNAME>


AD Port
389


AD Base DN
OU=USERS,ou=myou,dc=<COMPANY_NAME>,dc=com


Inside ConnectToADSI

 ADSI Bind success full

Inside AD Search User
About to fire the search request

TEST BASE -->
OU=USERS,ou=myou,dc=<COMPANY_NAME>,dc=com


AD search for a user objectGUID is successfull: for Configured SourceAttr

Count success


 Geting Attribute Value

Value retrieved from AD for
objectGUID
Base64 encoded Value:=
dI0zy8YYC02VPH9CZZzt1A==
sourceAttributevalue from AD:
dI0zy8YYC02VPH9CZZzt1A==
Oid Filter New
(&(objectClass=orcladuser)(orclObjectGUID=<GUID_VALUE>))


REG BASE Key ===
SYSTEM\CurrentControlSet\Control\Lsa\orclidmpwf\OIDConfig


OID Host Key

OIDHost

OID Host Value ====
<OID_HOSTNAME>


OID Base DN is ---->

cn=users,dc=<COMPANY_NAME>,dc=com
About to retrive connection

OID is down about to write to Event Log
Inside sgsladds::sgslperwriteData YOOOO
Inside sgsladac c-tor
AD Host
<AD_HOSTNAME>


AD Port
389


AD Base DN
OU=USERS,ou=myou,dc=<COMPANY_NAME>,dc=com


Only dataattribute
Got Registry enteries
contact
description
Got Entiredn

OU=orclpwf<COMPANY_NAME>,OU=USERS,ou=myou,dc=<COMPANY_NAME>,dc=com
Encrypted record already exists in Datastore
Already Exists
Encrypted record already exists in Datastore
Already Exists
Inside sgsladdsSearchUser
Firing Search Request

AD search for a user objectGUID is successfull

Count success

Search result fetched
0:417 7 U364306298 400 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9Q1qdTZKCk+EQHh70lZQcgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADEXi10uq0tNwDKB1nfmAnUcooeIrR+AHvlFLXGXXYtmwAAAAAOgAAAAAIAACAAAAC0kUJnWeMVJML18DTXNNMZQEYv9giCElaCIur2gWCT2DAAAABqF1l3WALVHtckkpkPulKxj/lVbYlGRZsHbYnN39k3jIdrFdA2I4cENgqbe+laCTZAAAAATI43PUBHsy1ZJbLvPIcbj5bNouj0OKH8paCIyQZCpPQtr4bJa5S9UAIAFadMHEdp9yRDu8en+GUnT3iu+7SH5w==
--------------------&&&----------------

Inside sgsladds::sgsladdsgetData NEW Look
0:417 7 U364306298 400 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9Q1qdTZKCk+EQHh70lZQcgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADEXi10uq0tNwDKB1nfmAnUcooeIrR+AHvlFLXGXXYtmwAAAAAOgAAAAAIAACAAAAC0kUJnWeMVJML18DTXNNMZQEYv9giCElaCIur2gWCT2DAAAABqF1l3WALVHtckkpkPulKxj/lVbYlGRZsHbYnN39k3jIdrFdA2I4cENgqbe+laCTZAAAAATI43PUBHsy1ZJbLvPIcbj5bNouj0OKH8paCIyQZCpPQtr4bJa5S9UAIAFadMHEdp9yRDu8en+GUnT3iu+7SH5w==
Encoded Data Extracted in sgsladdsgetData

417 7 U364306298 400 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9Q1qdTZKCk+EQHh70lZQcgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADEXi10uq0tNwDKB1nfmAnUcooeIrR+AHvlFLXGXXYtmwAAAAAOgAAAAAIAACAAAAC0kUJnWeMVJML18DTXNNMZQEYv9giCElaCIur2gWCT2DAAAABqF1l3WALVHtckkpkPulKxj/lVbYlGRZsHbYnN39k3jIdrFdA2I4cENgqbe+laCTZAAAAATI43PUBHsy1ZJbLvPIcbj5bNouj0OKH8paCIyQZCpPQtr4bJa5S9UAIAFadMHEdp9yRDu8en+GUnT3iu+7SH5w==
Moving out sgsladdsgetData
Encoded Data Extracted

417 7 U364306298 400 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9Q1qdTZKCk+EQHh70lZQcgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADEXi10uq0tNwDKB1nfmAnUcooeIrR+AHvlFLXGXXYtmwAAAAAOgAAAAAIAACAAAAC0kUJnWeMVJML18DTXNNMZQEYv9giCElaCIur2gWCT2DAAAABqF1l3WALVHtckkpkPulKxj/lVbYlGRZsHbYnN39k3jIdrFdA2I4cENgqbe+laCTZAAAAATI43PUBHsy1ZJbLvPIcbj5bNouj0OKH8paCIyQZCpPQtr4bJa5S9UAIAFadMHEdp9yRDu8en+GUnT3iu+7SH5w==
MAX_RETRY LIMIT count is not updated: OID is down
0
numretries ======
0
Inside sgslcodsupdateChild

0:417 7 U364306298 400 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9Q1qdTZKCk+EQHh70lZQcgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAADEXi10uq0tNwDKB1nfmAnUcooeIrR+AHvlFLXGXXYtmwAAAAAOgAAAAAIAACAAAAC0kUJnWeMVJML18DTXNNMZQEYv9giCElaCIur2gWCT2DAAAABqF1l3WALVHtckkpkPulKxj/lVbYlGRZsHbYnN39k3jIdrFdA2I4cENgqbe+laCTZAAAAATI43PUBHsy1ZJbLvPIcbj5bNouj0OKH8paCIyQZCpPQtr4bJa5S9UAIAFadMHEdp9yRDu8en+GUnT3iu+7SH5w==

 Encrypted record data updated successfully
Inside sgsladac destructor
Inside sgslodac destructor
Inside sgsladac destructor
Password updation failed in child process
...<snip>...



Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.