OUD - LDAP Error 65 and "Entry cn=REPL_ADMIN,cn=Administrators,cn=admin data cannot not be modified because the resulting entry would have violated the server schema"
(Doc ID 2540019.1)
Last updated on FEBRUARY 12, 2024
Applies to:
Oracle Unified Directory - Version 11.1.2.3.180116 and laterInformation in this document applies to any platform.
Symptoms
Original issue - Users entries are out of sync between replicas
Missing user entries on one replica
Due to the unavailability of the missing user(s) on the replica, the OBDX [Oracle Banking Digital Experience] application user failed to authenticate.
When attempting to run the dsreplication command -
...
Global Administrator User ID [<REPL_ADMIN>]:
Password for user '<REPL_ADMIN>':
Could not connect to <HOST>:<ADMIN_PORT>. Check that the server is running and that the provided credentials are valid.
Error details:
[LDAP: error code 65 - An error occurred while attempting to update password policy state information for user cn=<REPL_ADMIN>,cn=Administrators,cn=admin data:
Entry cn=<REPL_ADMIN>,cn=Administrators,cn=admin data cannot be modified because the resulting entry would have violated the server schema: Entry cn=<REPL_ADMIN>,cn=Administrators,cn=admin data violates the Directory Server schema
configuration because it includes attribute fclastlogintime which is not allowed by any of the objectclasses defined in that entry]
Changes
Default password policy (cn=Default Password Policy,cn=Password Policies,cn=config entry) has the configuration for one replica where the dsreplication command is being run for the OBDX application:
ds-cfg-last-login-time-attribute: fclastlogintime
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |