Locking a User in an Oracle Access Manager (OAM) / Oracle Identity Manager (OIM) Integration Environment with Oracle Unified Directory (OUD) Throws Error: [LDAP: error code 21 ...obLockedOn, value "XXX" was found to be invalid according to the associated
(Doc ID 2526063.1)
Last updated on JUNE 24, 2024
Applies to:
Identity Manager - Version 12.2.1.3.180109 and laterOracle Access Manager - Version 12.2.1.3.0 and later
Oracle Unified Directory - Version 12.2.1.4.0 to 12.2.1.4.0 [Release 12c]
Information in this document applies to any platform.
Symptoms
Oracle Access Manager 12c was integrated with Oracle Identity Manager 12c using as an Ldap Provider Oracle Unified Directory.
When an admin user locks a user in OIM
the users gets locked in OIM
and the user entry in OUD gets its oblockedon set
however the following error will be thrown in the OIM diagnostic logs
2019-04-01T12:29:35.428-06:00] [SERVERNAME] [ERROR] [] [ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER] [tid: [ACTIVE].ExecuteThread: TID for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: ECID] [APP: oim] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: DSID] oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : doUpdate : Error while updating user[[
org.identityconnectors.framework.common.exceptions.ConnectorException: Cannot modify attributes, Error Occurred : [LDAP: error code 21 - When attempting to modify entry cn=XXXX to replace the set of values for attribute obLockedOn, value "2019-04-01" was found to be invalid according to the associated syntax: The provided value "2019-04-01" is too short to be a valid generalized time value]
at org.identityconnectors.ldap.modify.LdapUpdate.modifyAttributes(LdapUpdate.java:492)
at org.identityconnectors.ldap.modify.LdapUpdate.modifyAttributes(LdapUpdate.java:468)
at org.identityconnectors.ldap.modify.LdapUpdate.update(LdapUpdate.java:212)
at org.identityconnectors.ldap.LdapConnector.update(LdapConnector.java:127)
at org.identityconnectors.framework.impl.api.local.operations.UpdateImpl.update(UpdateImpl.java:93)
at sun.reflect.GeneratedMethodAccessor1920.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:93)
at com.sun.proxy.$Proxy607.update(Unknown Source)
at sun.reflect.GeneratedMethodAccessor1920.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:107)
at com.sun.proxy.$Proxy607.update(Unknown Source)
at sun.reflect.GeneratedMethodAccessor1920.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
...
at weblogic.work.ExecuteThread.run(ExecuteThread.java:355)
Caused by: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - When attempting to modify entry cn=XXXX to replace the set of values for attribute obLockedOn, value "2019-04-01" was found to be invalid according to the associated syntax: The provided value "2019-04-01" is too short to be a valid generalized time value]; remaining name 'cn=CN,cn=Users,dc=DOMAIN,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3149)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1475)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:277)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:192)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:181)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167)
at org.identityconnectors.ldap.modify.LdapUpdate.modifyAttributes(LdapUpdate.java:486)
... 214 more
]]
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |