My Oracle Support Banner

ODSEE 11g ( PwdPolicySubentry Does Not Replicate Via Fractional Replication Agreement (Doc ID 2305662.1)

Last updated on FEBRUARY 07, 2019

Applies to:

Oracle Directory Server Enterprise Edition - Version and later
Information in this document applies to any platform.


ODSEE master with a fractional replication agreement to consumer.

The replication agreement is set to include specific attributes (repl-fractional-include-attr). "pwdPolicySubentry" is one of the attributes which is replicated via the fractional replication.   For some reason, it never replicates.

The replication agreement is fine, and all other attributes replicate, but "pwdPolicySubentry" does not.


List agreements:

$ dsconf list-repl-agmts -h -P 636 -D "cn=Directory Manager" dc=example,dc=com
Enter "cn=Directory Manager" password:

Agreement properties for fractional replication look right:

$ dsconf get-repl-agmt-prop -h -P 636 -D "cn=Directory Manager" dc=example,dc=com repl-fractional-include-attr
Enter "cn=Directory Manager" password:
repl-fractional-include-attr : cn
repl-fractional-include-attr : cosAttribute
repl-fractional-include-attr : cosSpecifier
repl-fractional-include-attr : cosTemplateDN
repl-fractional-include-attr : displayName
repl-fractional-include-attr : givenName
repl-fractional-include-attr : mail
repl-fractional-include-attr : nsAccountLock
repl-fractional-include-attr : nsIdleTimeout
repl-fractional-include-attr : nsLookThroughLimit
repl-fractional-include-attr : nsSizeLimit
repl-fractional-include-attr : nsTimeLimit
repl-fractional-include-attr : objectClass
repl-fractional-include-attr : pwdAttribute
repl-fractional-include-attr : pwdKeepLastAuthTime
repl-fractional-include-attr : pwdPolicySubentry
repl-fractional-include-attr : sn
repl-fractional-include-attr : telephoneNumber
repl-fractional-include-attr : uid
repl-fractional-include-attr : userPassword
repl-fractional-include-attr : loginShell

Agreement status shows good:

$ dsconf show-repl-agmt-status -h -P 636 -D "cn=Directory Manager" dc=example,dc=com
Enter "cn=Directory Manager" password:
Configuration Status : Ok
Authentication Status : Ok
Initialization Status : Ok

Status : Enabled
Last Update Date : Jul 22, 2016 9:02:15 PM


But if we search an end user which should contain the "pwdPolicySubentry", we see that it does not on the consumer:


$ ldapsearch -b "uid=testUser,dc=example,dc=com" -h u -p 636 -Z -P /LDAP/certdb -D "cn=Directory Manager" -w - -s base "(objectClass=*)" pwdPolicySubentry
Enter bind password:
version: 1
dn: uid=testUser,dc=example,dc=com
pwdPolicySubentry: cn=Password Policy,uid=testUser,dc=example,dc=com


$ ldapsearch -b "uid=testUser,dc=example,dc=com" -h -p 636 -Z -P /LDAP/certdb -D "cn=Directory Manager" -w - -s base "(objectClass=*)" pwdPolicySubentry
Enter bind password:
version: 1
dn: uid=testUser,dc=example,dc=com



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.