LDAPSync Post Seed Users Job Failing For Existing Users With Error Message Of UserPassword Cannot Be Decrypted

(Doc ID 2163127.1)

Last updated on AUGUST 14, 2016

Applies to:

Identity Manager - Version 11.1.2.3.4 and later
Information in this document applies to any platform.

Goal

 This article will provide details on how to address the below mentioned issue:

------------------------------------------------------------------------------------------------------------------------------------------------------------

The LDAPSync functionality is enabled following all the necessary steps for the PS3 environment that is being upgraded in the environment. New users can be created fine in the environment, but any existing users, when running the LDAPSync Post Seed Users job, are erroring saying the userPassword cannot be decrypted:

<Jan 6, 2016 2:41:38 PM EST> <Error> <XELLERATE.ACCOUNTMANAGEMENT> <BEA-000000> <Class/Method: tcDefaultDBEncryptionImpl/decrypt encounter some problems: Input length must be multiple of 16 when decrypting with padded cipher
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:750)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)
at javax.crypto.Cipher.doFinal(Cipher.java:2087)
at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.decrypt(tcDefaultDBEncryptionImpl.java:222)
at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:122)
at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:200)
at oracle.iam.platform.utils.crypto.CryptoUtil.getDecryptedPassword(CryptoUtil.java:133)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.basicAttibutePasswordDecryption(LDAPUtil.java:1288)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.createSubcontext(LDAPUtil.java:1239)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.create(LDAPDataProvider.java:510)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:433)
...
<Jan 6, 2016 2:41:38 PM EST> <Warning> <oracle.ods.virtualization.exception> <LIBOVD-40077> <Could not add entry.
javax.naming.directory.InvalidAttributeValueException: 'userPassword' has no values.; remaining name 'cn=uselatw,cn=Users,cn=OIM,dc=tgt,dc=dev'
at com.sun.jndi.ldap.LdapClient.add(LdapClient.java:1024)
...

----------------------------------------------------------------------------------------------------------------------------------------------------------------

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms