OUD - The 'ldapsearch' Command Returns "Result Code: 2 (Protocol Error)" and in Errors Log: "Could not decrypt an attribute" for Encrypted Attribute after Replacing Replication 'ads-certificate'
(Doc ID 2352747.1)
Last updated on MAY 09, 2023
Applies to:
Oracle Unified Directory - Version 11.1.2.3.1 and laterInformation in this document applies to any platform.
Symptoms
After changing Replication Server Certificate, ldapsearch returns "Could not decrypt an attribute" Error for Encrypted Attribute
$ ldapsearch -h localhost -p <LDAP_PORT> -D "cn=<DS_ADMIN>" -w <PASSWORD> -b "<SUFFIX_DN>" -s sub uid=<UID1>
Cannot decode the provided ASN.1 sequence as an LDAP message because the sequence was null
Result Code: 2 (Protocol Error)
Cannot decode the provided ASN.1 sequence as an LDAP message because the sequence was null
Result Code: 2 (Protocol Error)
OUD Server shows the next Error:
[30/Oct/2017:11:07:55 -0500] category=CORE severity=SEVERE_ERROR msgID=262967 msg=Could not decrypt an attribute: CryptoManager failed to decrypt the supplied data because the symmetric key identifier in the data prologue does not match any known key entries
Changes
Replication Server Certificate Expired and a new Certificate (ads-certificate) was created with new Certificate.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |