My Oracle Support Banner

ODSEE 11g - Loss of "dsconf" Functionality with "--accept-cert" Sub-Command After Upgrading JAVA to 7u191 or Greater (Doc ID 2486947.1)

Last updated on OCTOBER 14, 2019

Applies to:

Oracle Directory Server Enterprise Edition - Version and later
Information in this document applies to any platform.


On : version, Administration

The ability to use dsconf with the "--accept-cert" functionality in ODSEE was lost after JAVA upgrade

Example command output:

$SERVER_ROOT/bin/dsconf list-suffixes -E --accept-cert -h localhost -P <PORT> -D "$BACKUP_ACCT" -w <PASSWORD_FILE>

The following error is encountered:

Unable to bind securely on "localhost:<PORT>".
Make sure an LDAPS server is listening on "localhost:<PORT>".
The "list-suffixes" operation failed on "localhost:<PORT>".

When checking the logs the following message is observed:

conn=35 op=-1 msgId=-1 - fd=30 slot=30 LDAPS connection from <localhost>:58432 to <localhost>
conn=35 op=0 msgId=-1 - closing from <localhost>:58432 - B4 - Server failed to flush BER data back to client -
conn=35 op=-1 msgId=-1 - closed.

When reverting back to 7u181 then everything worked as expected, it could handle "--accept-cert" correctly.

B4 - Server failed to flush BER data back to client -

The issue can be reproduced at will with the following steps:
1. Upgrade java
2. Run command "$SERVER_ROOT/bin/dsconf list-suffixes -E --accept-cert -h localhost -P <PORT> -D "$BACKUP_ACCT" -w <PASSWORD_FILE> "
3. Return error

The issue has the following business impact:
Due to this issue, users cannot use dsconf using a secure option as provided in command usage.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.