My Oracle Support Banner

OUD - The 'ldapsearch' Command Returns "Result Code: 2 (Protocol Error)" and in Errors Log: "Could not decrypt an attribute" for Encrypted Attribute after Replacing Replication 'ads-certificate' (Doc ID 2352747.1)

Last updated on MAY 19, 2022

Applies to:

Oracle Unified Directory - Version and later
Information in this document applies to any platform.


 After changing Replication Server Certificate, ldapsearch returns "Could not decrypt an attribute" Error for Encrypted Attribute

$ ldapsearch -h localhost -p <LDAP_PORT> -D "cn=<DS_ADMIN>" -w <PASSWORD> -b "<SUFFIX_DN>" -s sub uid=<UID1>
Cannot decode the provided ASN.1 sequence as an LDAP message because the sequence was null
Result Code: 2 (Protocol Error)

OUD Server shows the next Error:

[30/Oct/2017:11:07:55 -0500] category=CORE severity=SEVERE_ERROR msgID=262967 msg=Could not decrypt an attribute: CryptoManager failed to decrypt the supplied data because the symmetric key identifier in the data prologue does not match any known key entries



Replication Server Certificate Expired and a new Certificate (ads-certificate) was created with new Certificate.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.