My Oracle Support Banner

OUD - The 'ldapsearch' Command Returns "Result Code: 2 (Protocol Error)" and in Errors Log: "Could not decrypt an attribute" for Encrypted Attribute after Replacing Replication 'ads-certificate' (Doc ID 2352747.1)

Last updated on MAY 09, 2023

Applies to:

Oracle Unified Directory - Version 11.1.2.3.1 and later
Information in this document applies to any platform.

Symptoms

 After changing Replication Server Certificate, ldapsearch returns "Could not decrypt an attribute" Error for Encrypted Attribute

$ ldapsearch -h localhost -p <LDAP_PORT> -D "cn=<DS_ADMIN>" -w <PASSWORD> -b "<SUFFIX_DN>" -s sub uid=<UID1>
Cannot decode the provided ASN.1 sequence as an LDAP message because the sequence was null
Result Code: 2 (Protocol Error)

OUD Server shows the next Error:

[30/Oct/2017:11:07:55 -0500] category=CORE severity=SEVERE_ERROR msgID=262967 msg=Could not decrypt an attribute: CryptoManager failed to decrypt the supplied data because the symmetric key identifier in the data prologue does not match any known key entries

 

Changes

Replication Server Certificate Expired and a new Certificate (ads-certificate) was created with new Certificate.

 

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.