My Oracle Support Banner

OUD 11g/12c - LDAP Error 65 and "Entry cn=<REPL_ADMIN>,cn=Administrators,cn=admin data cannot not be modified because the resulting entry would have violated the server schema" (Doc ID 2540019.1)

Last updated on AUGUST 20, 2021

Applies to:

Oracle Unified Directory - Version 11.1.2.3.180116 and later
Information in this document applies to any platform.

Symptoms

Original issue - Users entries are out of sync between replicas
Missing user entries on one replica
Due to unavailability of the missing user(s) on the replica, the OBDX [Oracle Banking Digital Experience] application user failed to authenticate.

When attempting to run the dsreplication command -

...
Global Administrator User ID [<REPL_ADMIN>]:

Password for user '<REPL_ADMIN>':

Could not connect to <HOST>:<ADMIN_PORT>.  Check that the server is running and that the provided credentials are valid.
Error details:
[LDAP: error code 65 - An error occurred while attempting to update password policy state information for user cn=<REPL_ADMIN>,cn=Administrators,cn=admin data:
Entry cn=<REPL_ADMIN>,cn=Administrators,cn=admin data cannot not be modified because the resulting entry would have violated the server schema:  Entry cn=<REPL_ADMIN>,cn=Administrators,cn=admin data violates the Directory Server schema
configuration because it includes attribute fclastlogintime which is not allowed by any of the objectclasses defined in that entry]

Changes

Default password policy (cn=Default Password Policy,cn=Password Policies,cn=config entry) has the configuration for one replica where the dsreplication command is being run for the OBDX application:


ds-cfg-last-login-time-attribute: fclastlogintime

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.