My Oracle Support Banner

Multiple Values of Attribute with Binary Syntax Added to SINGLE-VALUE Custom Siteminder Attribute After Upgrade to Oracle Unified Directory (OUD) 11g PS3 (Doc ID 2157733.1)

Last updated on FEBRUARY 16, 2019

Applies to:

Oracle Unified Directory - Version 11.1.2.3.1 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.2.3.1 version, Configuration

ACTUAL BEHAVIOR
---------------
After upgrade to 11g PS3, multiple values of a custom Siteminder attribute are added to an entry when attempting to add/mod/del custom Siteminder attribute.  In the example below the Siteminder attribute is "CAhintSMpassworddata" which stores password history in the entry and has binary syntax with single-value configuration in the schema definition.


EXPECTED BEHAVIOR
-----------------------
After upgrading, should be able to add/mod/del original custom attribute without additional occurrences of the attribute being created in the user entry.

STEPS
-----------------------
The issue can be reproduced at will with the following steps:

Installed 11.1.2.2.0 and added entries with CAhintSMpassworddata using schema in 99-user.ldif file

$ ./ldapsearch -p 3476 -D "cn=directory manager" -w <PASSWORD> -b "dc=example,dc=com" "cahintsmpassworddata=*" cahintsmpassworddata
dn: uid=User1,dc=example,dc=com
cahintsmpassworddata: <ATTRIBUTE_VALUE>

dn: uid=User2,dc=example,dc=com
cahintsmpassworddata: <ATTRIBUTE_VALUE>

dn: uid=User3,dc=example,dc=com
cahintsmpassworddata: <ATTRIBUTE_VALUE>


=====================

- ./stop-ds -- Stop the instance
- ./runInstaller -jreLoc -- GUI installation of 11.1.2.3.0 over ORACLE_HOME of 11.1.2.2.0
[ upgraded opatch]
- opatch apply -- Apply 11.1.2.3.1 patch

- ./start-ds -F  -- Start the instance

$ ./start-ds -F
Oracle Unified Directory 11.1.2.3.1
Build ID: 20151009134626Z
Major Version: 11
Maintenance Version: 1
Release Version: 2
Component Version: 3
Platform Version: 1
Patch Version:
Label Identifier: 1510090506
Debug Build: false
Build OS: Linux 2.6.18-238.0.0.0.1.el5xen amd64
Build User: aime
Build Java Version: 1.7.0_80
Build Java Vendor: Oracle Corporation
Build JVM Version: 24.80-b11
Build JVM Vendor: Oracle Corporation
$


----------
- ./start-ds --upgrade
- ./start-ds

- Before modification of cahintsmpassworddata,  only one value is shown:

./ldapsearch -p 3476 -D "cn=directory manager" -w <PASSWORD> -b "dc=example,dc=com" "cahintsmpassworddata=*" cahintsmpassworddata
dn: uid=User1,dc=example,dc=com
cahintsmpassworddata: <ATTRIBUTE_VALUE>

dn: uid=User2,dc=example,dc=com
cahintsmpassworddata: <ATTRIBUTE_VALUE>

dn: uid=User3,dc=example,dc=com
cahintsmpassworddata: <ATTRIBUTE_VALUE>


- Modify cahintsmpassworddata (mod-cahintsmpassworddata) for User1 entry

- NOTE*** Issue only occurs when cahintsmpassworddata has been modified *after* the upgrade.***



The below output demonstrates how the "User1" entry has both attributes "cahintsmpassworddata;binary" and "cahintsmpassworddata" after the modification but the other User entries do not have both attributes in their entries -

$ ./ldapsearch -p 3476 -D "cn=directory manager" -w <PASSWORD> -b "dc=example,dc=com" "cahintsmpassworddata=*" cahintsmpassworddata
dn: uid=User1,dc=example,dc=com
cahintsmpassworddata: <ATTRIBUTE_VALUE>
cahintsmpassworddata;binary: <ATTRIBUTE_VALUE>

dn: uid=User2,dc=example,dc=com
cahintsmpassworddata: <ATTRIBUTE_VALUE>

dn: uid=User3,dc=example,dc=com
cahintsmpassworddata: <ATTRIBUTE_VALUE>

Due to this issue, Siteminder logins fail since there is more than one value of cahintSMPasswordData in an entry.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.