My Oracle Support Banner

OUD11g - 24405001 - New Certificate Mapper "Subject Alternative Names To User Attribute" (Doc ID 2210549.1)

Last updated on MARCH 30, 2017

Applies to:

Oracle Unified Directory - Version to [Release 11g]
Information in this document applies to any platform.
=================== New Certificate Mapper =================================
Background :
Base Bug # 24405001
Starting with OUD BUNDLE PATCH, a new fix ( Bug # 24405001 ) introduces a new certificate mapper ""Subject Alternative Names To User Attribute" which reads the certificate and extract the principal name out of it. This new mapper is utilized during login/authentication of smart card users.

Following content has been added within config.ldif as part of the fix :

dn: cn=Subject Alternative Name To User Attribute,cn=Certificate
objectClass: top
objectClass: ds-cfg-certificate-mapper
ds-cfg-enabled: true
cn: Subject Alternative Name To User Attribute

The new mapper will be available in a new instance created after application of OUD BP For existing instance(s), you need to manually copy the config.ldif content as specified above. Make sure to stop the instance, take a backup of existing config.ldif before performing this change.

============= Rollback Issue ============================================:

Post application of Bundle Patch, or above. We're observing following schema error during the bundle patch ( ) rollback, and ldap fails to start. We've observed this is replicated env, and with Opatch version of

$ $ORACLE_HOME/OPatch/opatch rollback -id 24945523
Oracle Interim Patch Installer version
Copyright (c) 2012, Oracle Corporation. All rights reserved.
Oracle Home : /scratch/appl/oracle/fmw-jan17bp/Oracle_OUD1
Central Inventory : /appl/oracle/oraInventory
from : /scratch/appl/oracle/fmw-jan17bp/Oracle_OUD1//oraInst.loc
OPatch version :
OUI version :
Log file location :
OPatch detects the Middleware Home as "/scratch/appl/oracle/fmw-jan17bp"
RollbackSession rolling back interim patch '24945523' from OH
Patching component oracle.idm.oud,
RollbackSession removing interim patch '24945523' from inventory
Log file location:
OPatch succeeded.

============= While starting the OUD Server ===================
[21/Nov/2016:23:49:11 -0800] category=CORE severity=INFORMATION msgID=132
msg=The Directory Server is beginning the configuration bootstrapping process
[21/Nov/2016:23:49:12 -0800] category=CORE severity=NOTICE msgID=458886
msg=Oracle Unified Directory (build 20150414142803Z, R1504140602)
starting up
[21/Nov/2016:23:49:13 -0800] category=CORE severity=NOTICE msgID=458891
msg=The Directory Server has sent an alert notification generated by class
org.opends.server.core.DirectoryServer (alert type
org.opends.server.DirectoryServerShutdown, alert ID 458893): The Directory
Server has started the shutdown process. The shutdown was initiated by an
instance of class org.opends.server.core.DirectoryServer and the reason
provided for the shutdown was An error occurred while trying to start the
Directory Server: An error occurred at or near line 179 while trying to
parse the configuration from LDIF file
if: org.opends.server.util.LDIFException: Entry cn=Subject Alternative Name
To User Attribute,cn=Certificate Mappers,cn=config read from LDIF starting at
line 179 is not valid because it violates the server's schema configuration:
Entry cn=Subject Alternative Name To User Attribute,cn=Certificate
Mappers,cn=config violates the Directory Server schema configuration because
it contains an unknown objectclass
[21/Nov/2016:23:49:14 -0800] category=CORE severity=NOTICE msgID=458955
msg=The Directory Server is now stopped



 To provide background of new certificate mapper and possible solution for the bug#25132763


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.