OUD 11g/12c - LDAP Error 65 and "Entry cn=<REPL_ADMIN>,cn=Administrators,cn=admin data cannot not be modified because the resulting entry would have violated the server schema"
(Doc ID 2540019.1)
Last updated on AUGUST 20, 2021
Applies to:Oracle Unified Directory - Version 220.127.116.11.180116 and later
Information in this document applies to any platform.
Original issue - Users entries are out of sync between replicas
Missing user entries on one replica
Due to unavailability of the missing user(s) on the replica, the OBDX [Oracle Banking Digital Experience] application user failed to authenticate.
When attempting to run the dsreplication command -
Global Administrator User ID [<REPL_ADMIN>]:
Password for user '<REPL_ADMIN>':
Could not connect to <HOST>:<ADMIN_PORT>. Check that the server is running and that the provided credentials are valid.
[LDAP: error code 65 - An error occurred while attempting to update password policy state information for user cn=<REPL_ADMIN>,cn=Administrators,cn=admin data:
Entry cn=<REPL_ADMIN>,cn=Administrators,cn=admin data cannot not be modified because the resulting entry would have violated the server schema: Entry cn=<REPL_ADMIN>,cn=Administrators,cn=admin data violates the Directory Server schema
configuration because it includes attribute fclastlogintime which is not allowed by any of the objectclasses defined in that entry]
Default password policy (cn=Default Password Policy,cn=Password Policies,cn=config entry) has the configuration for one replica where the dsreplication command is being run for the OBDX application:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document