OUD Erroneously Returns LDAP 10 Result Code When Connection to Join Workflow Participant is Lost (Doc ID 2137954.1)

Last updated on JUNE 03, 2016

Applies to:

Oracle Unified Directory - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

Consider a scenario where a join view is configured between two OUD DS instances (primary and secondary).  Such a configuration will result in the following configuration elements being added to the primary DS instance's config.ldif...

dn: cn=OUD-join,cn=Workflow elements,cn=config
objectClass: ds-cfg-workflow-element
objectClass: top
objectClass: ds-cfg-join-workflow-element
ds-cfg-enabled: true
ds-cfg-populate-joinedentrydn: true
ds-cfg-java-class: com.oracle.dps.server.workflowelement.join.JoinWorkflowElement
ds-cfg-join-suffix: dc=example,dc=com
cn: OUD-join
entryUUID: a5b83147-0cba-4c5b-bf2d-9cd668a70459
creatorsName: cn=Directory Manager
createTimestamp: 20160406111503Z
modifyTimestamp: 20160406113523Z
modifiersName: cn=Directory Manager

dn: cn=Participants,cn=OUD-join,cn=Workflow elements,cn=config
objectClass: top
objectClass: ds-cfg-branch
cn: Participants
entryUUID: 91dbbeab-5f97-48a5-8f9b-9a0d28d68574
creatorsName: cn=Directory Manager
createTimestamp: 20160406111601Z
modifyTimestamp: 20160406111601Z
modifiersName: cn=Directory Manager

dn: cn=OUD-primary-participant,cn=Participants,cn=OUD-join,cn=Workflow elements,cn=config
objectClass: top
objectClass: ds-cfg-join-participant
ds-cfg-enabled-operation: add
ds-cfg-enabled-operation: bind
ds-cfg-enabled-operation: compare
ds-cfg-enabled-operation: delete
ds-cfg-enabled-operation: modify
ds-cfg-enabled-operation: search
ds-cfg-participant-criticality: true
ds-cfg-participating-workflow-element: cn=userRoot,cn=Workflow elements,cn=config
ds-cfg-participant-dn: dc=example,dc=com
ds-cfg-primary-participant: true
cn: OUD-primary-participant
entryUUID: a327af55-be02-46ad-ad18-cd1119ca92f8
creatorsName: cn=Directory Manager
createTimestamp: 20160406111601Z
modifyTimestamp: 20160408194139Z
modifiersName: cn=Directory Manager

dn: cn=OUD-secondary-participant,cn=Participants,cn=OUD-join,cn=Workflow elements,cn=config
objectClass: top
objectClass: ds-cfg-join-participant
ds-cfg-participating-workflow-element: cn=remote-OUD-wfe,cn=Workflow elements,cn=config
ds-cfg-participant-dn: dc=example,dc=com
ds-cfg-participants-join-rule: OUD-primary-participant.uid=OUD-secondary-participant.uid
ds-cfg-primary-participant: false
cn: OUD-secondary-participant
ds-cfg-participant-criticality: partial
ds-cfg-enabled-operation: compare
ds-cfg-enabled-operation: search
ds-cfg-retrievable-attribute: cn
ds-cfg-retrievable-attribute: description
ds-cfg-retrievable-attribute: distinguishedName
ds-cfg-retrievable-attribute: givenName
ds-cfg-retrievable-attribute: sn
entryUUID: c4bdbbd2-7062-494d-a545-a775d809c0f0
creatorsName: cn=Directory Manager
createTimestamp: 20160406111941Z
modifyTimestamp: 20160413211934Z
modifiersName: cn=Directory Manager

dn: cn=remote-OUD-wfe,cn=Workflow elements,cn=config
objectClass: ds-cfg-workflow-element
objectClass: top
objectClass: ds-cfg-proxy-ldap-workflow-element
ds-cfg-enabled: true
ds-cfg-java-class: com.sun.dps.server.workflowelement.proxyldap.ProxyLdapWorkflowElement
ds-cfg-ldap-server-extension: cn=remote-OUD-proxy,cn=Extensions,cn=config
ds-cfg-remote-ldap-server-bind-dn: cn=Directory Manager
ds-cfg-remote-ldap-server-bind-password: {AES}ATKqTYJ+PkGwjjgRBpZOqOtIsKEVZGWcbUVV2lD+AVXu536cW47Jk+ZcKg==
ds-cfg-client-cred-mode: use-specific-identity
cn: remote-OUD-wfe
entryUUID: 28d02ac8-cd07-41f4-b089-1f84d59e5b1a
creatorsName: cn=Directory Manager
createTimestamp: 20160406111439Z
modifyTimestamp: 20160406111439Z
modifiersName: cn=Directory Manager

dn: cn=remote-OUD-proxy,cn=Extensions,cn=config
objectClass: ds-cfg-extension
objectClass: top
objectClass: ds-cfg-ldap-server-extension
ds-cfg-remote-ldap-server-read-only: true
ds-cfg-remote-ldap-server-connect-timeout: 4800
ds-cfg-remote-ldap-server-ssl-port: 636
ds-cfg-remote-ldap-server-ssl-policy: never
cn: remote-OUD-proxy
ds-cfg-remote-ldap-server-address: xxx.xxx.xxx.xxx
ds-cfg-remote-ldap-server-port: 2389
ds-cfg-enabled: true
ds-cfg-java-class: com.sun.dps.server.workflowelement.proxyldap.LDAPServerExtension
ds-cfg-remote-ldap-server-read-timeout: 4800
ds-cfg-ssl-trust-all: true
entryUUID: 0dbd1251-2275-4733-8447-4293cf29d6df
creatorsName: cn=Directory Manager
createTimestamp: 20160406111016Z
modifyTimestamp: 20160406122942Z
modifiersName: cn=Directory Manager

When the secondary DS instance is placed in lockdown mode (effectively making it unavailable), a search to the primary DS instance will still succeed and the expected data results are returned. However, an erroneous result code of 10 (Referral received) is returned, when a result code of 0 or 9 should be returned instead. For example...

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms