My Oracle Support Banner

OUD Erroneously Returns LDAP 10 Result Code When Connection to Join Workflow Participant is Lost (Doc ID 2137954.1)

Last updated on FEBRUARY 16, 2019

Applies to:

Oracle Unified Directory - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

Consider a scenario where a join view is configured between two OUD DS instances (primary and secondary).  Such a configuration will result in the following configuration elements being added to the primary DS instance's config.ldif...

dn: cn=OUD-join,cn=Workflow elements,cn=config
objectClass: ds-cfg-workflow-element
objectClass: top
objectClass: ds-cfg-join-workflow-element
ds-cfg-enabled: true
ds-cfg-populate-joinedentrydn: true
ds-cfg-java-class: com.oracle.dps.server.workflowelement.join.JoinWorkflowElement
ds-cfg-join-suffix: dc=example,dc=com
cn: OUD-join
entryUUID: a5b83147-0cba-4c5b-bf2d-9cd668a70459
creatorsName: cn=Directory Manager
createTimestamp: 20160406111503Z
modifyTimestamp: 20160406113523Z
modifiersName: cn=Directory Manager

dn: cn=Participants,cn=OUD-join,cn=Workflow elements,cn=config
objectClass: top
objectClass: ds-cfg-branch
cn: Participants
entryUUID: 91dbbeab-5f97-48a5-8f9b-9a0d28d68574
creatorsName: cn=Directory Manager
createTimestamp: 20160406111601Z
modifyTimestamp: 20160406111601Z
modifiersName: cn=Directory Manager

dn: cn=OUD-primary-participant,cn=Participants,cn=OUD-join,cn=Workflow elements,cn=config
objectClass: top
objectClass: ds-cfg-join-participant
ds-cfg-enabled-operation: add
ds-cfg-enabled-operation: bind
ds-cfg-enabled-operation: compare
ds-cfg-enabled-operation: delete
ds-cfg-enabled-operation: modify
ds-cfg-enabled-operation: search
ds-cfg-participant-criticality: true
ds-cfg-participating-workflow-element: cn=userRoot,cn=Workflow elements,cn=config
ds-cfg-participant-dn: dc=example,dc=com
ds-cfg-primary-participant: true
cn: OUD-primary-participant
entryUUID: a327af55-be02-46ad-ad18-cd1119ca92f8
creatorsName: cn=Directory Manager
createTimestamp: 20160406111601Z
modifyTimestamp: 20160408194139Z
modifiersName: cn=Directory Manager

dn: cn=OUD-secondary-participant,cn=Participants,cn=OUD-join,cn=Workflow elements,cn=config
objectClass: top
objectClass: ds-cfg-join-participant
ds-cfg-participating-workflow-element: cn=remote-OUD-wfe,cn=Workflow elements,cn=config
ds-cfg-participant-dn: dc=example,dc=com
ds-cfg-participants-join-rule: OUD-primary-participant.uid=OUD-secondary-participant.uid
ds-cfg-primary-participant: false
cn: OUD-secondary-participant
ds-cfg-participant-criticality: partial
ds-cfg-enabled-operation: compare
ds-cfg-enabled-operation: search
ds-cfg-retrievable-attribute: cn
ds-cfg-retrievable-attribute: description
ds-cfg-retrievable-attribute: distinguishedName
ds-cfg-retrievable-attribute: givenName
ds-cfg-retrievable-attribute: sn
entryUUID: c4bdbbd2-7062-494d-a545-a775d809c0f0
creatorsName: cn=Directory Manager
createTimestamp: 20160406111941Z
modifyTimestamp: 20160413211934Z
modifiersName: cn=Directory Manager

dn: cn=remote-OUD-wfe,cn=Workflow elements,cn=config
objectClass: ds-cfg-workflow-element
objectClass: top
objectClass: ds-cfg-proxy-ldap-workflow-element
ds-cfg-enabled: true
ds-cfg-java-class: com.sun.dps.server.workflowelement.proxyldap.ProxyLdapWorkflowElement
ds-cfg-ldap-server-extension: cn=remote-OUD-proxy,cn=Extensions,cn=config
ds-cfg-remote-ldap-server-bind-dn: cn=Directory Manager
ds-cfg-remote-ldap-server-bind-password: {AES}<ENCRYPTED_PASSWORD>
ds-cfg-client-cred-mode: use-specific-identity
cn: remote-OUD-wfe
entryUUID: 28d02ac8-cd07-41f4-b089-1f84d59e5b1a
creatorsName: cn=Directory Manager
createTimestamp: 20160406111439Z
modifyTimestamp: 20160406111439Z
modifiersName: cn=Directory Manager

dn: cn=remote-OUD-proxy,cn=Extensions,cn=config
objectClass: ds-cfg-extension
objectClass: top
objectClass: ds-cfg-ldap-server-extension
ds-cfg-remote-ldap-server-read-only: true
ds-cfg-remote-ldap-server-connect-timeout: 4800
ds-cfg-remote-ldap-server-ssl-port: 636
ds-cfg-remote-ldap-server-ssl-policy: never
cn: remote-OUD-proxy
ds-cfg-remote-ldap-server-address: <IP>
ds-cfg-remote-ldap-server-port: 2389
ds-cfg-enabled: true
ds-cfg-java-class: com.sun.dps.server.workflowelement.proxyldap.LDAPServerExtension
ds-cfg-remote-ldap-server-read-timeout: 4800
ds-cfg-ssl-trust-all: true
entryUUID: 0dbd1251-2275-4733-8447-4293cf29d6df
creatorsName: cn=Directory Manager
createTimestamp: 20160406111016Z
modifyTimestamp: 20160406122942Z
modifiersName: cn=Directory Manager

When the secondary DS instance is placed in lockdown mode (effectively making it unavailable), a search to the primary DS instance will still succeed and the expected data results are returned. However, an erroneous result code of 10 (Referral received) is returned, when a result code of 0 or 9 should be returned instead. For example...

$ ./ldapsearch -h <HOSTNAME> -p 1389 -D "cn=directory manager" -w <PASSWORD> -b "dc=example,dc=com" uid=user.1999
dn: uid=user.1999,ou=People,dc=example,dc=com
postalAddress: <ADDRESS>
postalCode: 50563
description: This is the description for <USER>.
uid: user.1999
employeeNumber: 1999
initials: <INITIALS>
givenName: <GIVENNAME>
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: top
pager: <PAGER>
mobile: <MOBILE>
cn: <COMMON_NAME>
sn: <LAST_NAME>
telephoneNumber: <TELEPHONE_NUMBER>
street: <ADDRESS>
homePhone: <HOME_PHONE>
mail: <username@domain.com>
l: <CITY>
st: <STATE>
$

 

 The above search will generate a result code of 10 as logged in the OUD access log if the secondary DS instance is unavailable...

[06/Apr/2016:07:14:41 -0700] SEARCH RES conn=28 op=0 msgID=1 result=10 message="Search failed in Participant 'OUD-secondary-participant' Search failed in Participant 'OUD-secondary-participant' Operation 'SEARCH' failed in participant 'dc=example,dc=com' for entry 'dc=example,dc=com' Operation 'SEARCH' failed in participant 'dc=example,dc=com' for entry 'dc=example,dc=com'" nentries=1 etime=11

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.