OID11.1.1.9.x Modification of Instance Config Entry in ODSM may cause Wallet Corruption

(Doc ID 2322063.1)

Last updated on NOVEMBER 29, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1.9.170327 and later
Information in this document applies to any platform.

Symptoms

On : OID 11.1.1.9.170327

The original issue was discovered when the orclcryptoversion attribute was modified in ODSM using the Show All option for Managed Attributes. It has since been discovered that other attribute modifications using this method can cause the overwriting of the wallet.

Using ODSM to modify an attribute may cause corruption of ssl wallet

For example:

modify orclcryptoversion in ODSM
navigate to cn=oidssl,cn=osdldapd,cn=subconfigsubentry
click the drop down for Managed Attributes and select show all
Change the value for orclcryptoversion to another value. Default is 0, set to
16 or 24.

 

This behavior does not reproduce if you modify the orclcryptoversion attribute on the main page for the oid instance. Choosing to show all managed attributes causes the issue to reproduce.


ERROR
-----------------------

The ldapbind to the ssl port will fail

ldapbind -h oidhost -p 3133 -D cn=orcladmin -q -U 2 -W file://refresh/Middleware/asinst_1/OID/admin/oidssl -P "<wallet credentials>"
 Unable to open wallet

 

The wallet size changes:

Before:

ls -ltr
total 8
-rw-------. 1 oracle oinstall 2632 Oct 26 09:15 ewallet.p12
-rw-------. 1 oracle oinstall 2677 Oct 26 09:15 cwallet.sso

 

After:

ls -ltr
total 8
-rw-------. 1 oracle oinstall 35 Oct 26 09:21 ewallet.p12
-rw-------. 1 oracle oinstall 35 Oct 26 09:21 cwallet.sso

Changes

 Modification of some attributes in ODSM when viewing "show All attributes" view

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms