My Oracle Support Banner

Locking a User in an Oracle Access Manager (OAM) / Oracle Identity Manager (OIM) Integration Environment with Oracle Unified Directory (OUD) Throws Error: [LDAP: error code 21 ...obLockedOn, value "XXX" was found to be invalid according to the associated (Doc ID 2526063.1)

Last updated on JUNE 24, 2024

Applies to:

Identity Manager - Version 12.2.1.3.180109 and later
Oracle Access Manager - Version 12.2.1.3.0 and later
Oracle Unified Directory - Version 12.2.1.4.0 to 12.2.1.4.0 [Release 12c]
Information in this document applies to any platform.

Symptoms

Oracle Access Manager 12c was integrated with Oracle Identity Manager 12c using as an Ldap Provider Oracle Unified Directory.

When an admin user locks a user in OIM

 

 

the users gets locked in OIM

 

 

and the user entry in OUD gets its oblockedon set

 

 

however the following error will be thrown in the OIM diagnostic logs

 

2019-04-01T12:29:35.428-06:00] [SERVERNAME] [ERROR] [] [ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER] [tid: [ACTIVE].ExecuteThread: TID for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: ECID] [APP: oim] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: DSID] oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : doUpdate : Error while updating user[[
org.identityconnectors.framework.common.exceptions.ConnectorException: Cannot modify attributes, Error Occurred : [LDAP: error code 21 - When attempting to modify entry cn=XXXX to replace the set of values for attribute obLockedOn, value "2019-04-01" was found to be invalid according to the associated syntax: The provided value "2019-04-01" is too short to be a valid generalized time value]
at org.identityconnectors.ldap.modify.LdapUpdate.modifyAttributes(LdapUpdate.java:492)
at org.identityconnectors.ldap.modify.LdapUpdate.modifyAttributes(LdapUpdate.java:468)
at org.identityconnectors.ldap.modify.LdapUpdate.update(LdapUpdate.java:212)
at org.identityconnectors.ldap.LdapConnector.update(LdapConnector.java:127)
at org.identityconnectors.framework.impl.api.local.operations.UpdateImpl.update(UpdateImpl.java:93)
at sun.reflect.GeneratedMethodAccessor1920.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:93)
at com.sun.proxy.$Proxy607.update(Unknown Source)
at sun.reflect.GeneratedMethodAccessor1920.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:107)
at com.sun.proxy.$Proxy607.update(Unknown Source)
at sun.reflect.GeneratedMethodAccessor1920.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

...

at weblogic.work.ExecuteThread.run(ExecuteThread.java:355)
Caused by: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - When attempting to modify entry cn=XXXX to replace the set of values for attribute obLockedOn, value "2019-04-01" was found to be invalid according to the associated syntax: The provided value "2019-04-01" is too short to be a valid generalized time value]; remaining name 'cn=CN,cn=Users,dc=DOMAIN,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3149)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1475)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:277)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:192)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:181)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167)
at org.identityconnectors.ldap.modify.LdapUpdate.modifyAttributes(LdapUpdate.java:486)
... 214 more

]]

 

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.