OUD 12c - DIP On Demand Password Synchronization Fails to Sync AD Passwords - The "debug log" Reports Error: "CryptoManager failed to decrypt the supplied data because the symmetric key identifier in the data prologue does not match any known key entries"
(Doc ID 2884551.1)
Last updated on JULY 01, 2024
Applies to:
Oracle Unified Directory - Version 12.2.1.4.0 and laterInformation in this document applies to any platform.
Symptoms
Unable to ldapbind after changing password with Directory Integration Platform (DIP).
DIP does not synchronize Active Directory (AD) user passwords.
Other attributes sync correctly.
No DIP log errors related can be found.
After setting full debug in Oracle Unified Directory (OUD) server, the debug log shows:
[24/May/2022:23:21:08 -0400] 131 caught error thread={Worker Thread <thread>} threadDetail={parentThread=main(1) isDaemon=false clientConnection=LDAP client connection from <hostname:port> to <hostname:port> operation=BindOperation(connID=<connection id>, opID=0, protocol="LDAP 3, dn=<full user DN>, authType=Simple) } method={passwordMatches(AESPasswordStorageScheme.java:162)} caught={org.opends.server.types.CryptoManagerException: CryptoManager failed to decrypt the supplied data because the symmetric key identifier in the data prologue does not match any known key entries}
Stack Trace:
at org.opends.server.crypto.CryptoManagerImpl.decrypt(CryptoManagerImpl.java:3105)
at org.opends.server.extensions.AESPasswordStorageScheme.passwordMatches(AESPasswordStorageScheme.java:154)
at org.opends.server.core.PasswordPolicyState.passwordMatches(PasswordPolicyState.java:3589)
at org.opends.server.workflowelement.localbackend.LocalBackendBindOperation.processSimpleBind(LocalBackendBindOperation.java:562)
at org.opends.server.workflowelement.localbackend.LocalBackendBindOperation.processLocalBind(LocalBackendBindOperation.java:237)
at org.opends.server.workflowelement.localbackend.LocalBackendWorkflowElement.execute(LocalBackendWorkflowElement.java:190)
at org.opends.server.workflowelement.ovdplugin.eus.EusWorkflowElement.doExecute(EusWorkflowElement.java:467)
at org.opends.server.workflowelement.SimpleWorkflowElement.execute(SimpleWorkflowElement.java:435)
at org.opends.server.workflowelement.fa.FAWorkflowElement.execute(FAWorkflowElement.java:434)
at org.opends.server.core.WorkflowImpl.execute(WorkflowImpl.java:504)
at org.opends.server.core.WorkflowTopologyNode.execute(WorkflowTopologyNode.java:130)
at org.opends.server.core.BindOperationBasis.run(BindOperationBasis.java:1106)
at org.opends.server.extensions.TraditionalWorkerThread.run(TraditionalWorkerThread.java:166)
Stack Trace:
at org.opends.server.crypto.CryptoManagerImpl.decrypt(CryptoManagerImpl.java:3105)
at org.opends.server.extensions.AESPasswordStorageScheme.passwordMatches(AESPasswordStorageScheme.java:154)
at org.opends.server.core.PasswordPolicyState.passwordMatches(PasswordPolicyState.java:3589)
at org.opends.server.workflowelement.localbackend.LocalBackendBindOperation.processSimpleBind(LocalBackendBindOperation.java:562)
at org.opends.server.workflowelement.localbackend.LocalBackendBindOperation.processLocalBind(LocalBackendBindOperation.java:237)
at org.opends.server.workflowelement.localbackend.LocalBackendWorkflowElement.execute(LocalBackendWorkflowElement.java:190)
at org.opends.server.workflowelement.ovdplugin.eus.EusWorkflowElement.doExecute(EusWorkflowElement.java:467)
at org.opends.server.workflowelement.SimpleWorkflowElement.execute(SimpleWorkflowElement.java:435)
at org.opends.server.workflowelement.fa.FAWorkflowElement.execute(FAWorkflowElement.java:434)
at org.opends.server.core.WorkflowImpl.execute(WorkflowImpl.java:504)
at org.opends.server.core.WorkflowTopologyNode.execute(WorkflowTopologyNode.java:130)
at org.opends.server.core.BindOperationBasis.run(BindOperationBasis.java:1106)
at org.opends.server.extensions.TraditionalWorkerThread.run(TraditionalWorkerThread.java:166)
errors log shows:
[18/May/2022:13:50:12 -0400] category=EXTENSIONS severity=SEVERE_ERROR msgID=1311345 msg=Invalid Configuration. Directory Integration Platform will not synchronize any passwords, reason "An error occurred while trying to decrypt a value using password storage scheme AES: CryptoManagerException(CryptoManager failed to decrypt the supplied data because the symmetric key identifier in the data prologue does not match any known key entries)"
errors.log shows:
[2022-05-18T13:50:12.386-04:00] [instance1] [ERROR] [OUD-1311345] [EXTENSIONS] [host: <hostname>] [nwaddr: <IP>] [tid: <tid>] [userId: <user id>] [ecid: <ecid>] Invalid Configuration. Directory Integration Platform will not synchronize any passwords, reason "An error occurred while trying to decrypt a value using password storage scheme AES: CryptoManagerException(CryptoManager failed to decrypt the supplied data because the symmetric key identifier in the data prologue does not match any known key entries)"
Changes
Recreated the ads certificate using dsreplication > 13. Replication Certificate Management > 2. Regenerate the Certificate Used for Replication
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |