Creating User / Entry In OID Fails With: User Creation Error: [LDAP: error code 1 - Operations Error] / Adding BPEL JAZN Permissions Fails With: LDAP error code 20 - attribute or value exists (Doc ID 338540.1)

Last updated on SEPTEMBER 13, 2016

Applies to:

Oracle Internet Directory - Version 9.0.4 to 11.1.1 [Release 10gR1 to 11g]
Information in this document applies to any platform.
***Checked for relevance on 15-May-2013***


Symptoms

Everything was working before, no changes have been made.

Trying to create a new user in Portal or OIDDAS into Oracle Internet Directory (OID) 10g or 11g fails with:

User Creation Error !
User Creation Error: [LDAP: error code 1 - Operations Error]


Or if synchronizing from a third party directory, the 10g $ORACLE_HOME/ldap/odi/log/ActiveChgImp.trc trace or 11g diagnostic.log can show the same errors, i.e.:

Exception creating Entry : javax.naming.NamingException: [LDAP: error code 1 - Operations Error]; remaining name 'cn=<username>,cn=users,dc=mycompany,dc=com'
[LDAP: error code 1 - Operations Error]
ActiveChgImp:Error in Mapping EngineODIException: DIP_OIDWRITER_ERROR_CREATE
ODIException: DIP_OIDWRITER_ERROR_CREATE
at oracle.ldap.odip.gsi.LDAPWriter.createEntry(LDAPWriter.java:975)
at oracle.ldap.odip.gsi.LDAPWriter.insert(LDAPWriter.java:328)
at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:239)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:406)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:262)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:155)
ActiveChgImp:about to Update exec status
Updated Attributes
orclodipLastExecutionTime: 20051017122001
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors: Error Creating Entry in OID
null
Error in proxy connection : ODIException: DIP_GEN_AUTHENTICATION_FAILURE
ODIException: DIP_GEN_AUTHENTICATION_FAILURE
at oracle.ldap.odip.gsi.LDAPConnector.proxyConnectAs(LDAPConnector.java:291)at oracle.ldap.odip.engine.AgentThread.updateExecStatus(AgentThread.java:500)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:198)
Error in updating the statusjavax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - Constraint Violation]; remaining name 'orclodipagentname=ActiveChgImp,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory'
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - Constraint Violation]; remaining name 'orclodipagentname=ActiveChgImp,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory'

======================================================================

Cannot add BPEL JAZN permissions via the BPEL configuration script, using JAZN Console (jazn.jar) or ldapadd and ldif file. When trying to grant DomainPermissions to the BPMDefaultDomainAdmin role this error occurs:

LDAP error code 20 - attribute or value exists

Able to add other data to the directory sometimes, so tried exporting and re-adding some recently added entries, and after removing these entries, able to add inetorgperson objects, organizationalunit objects, but not the JAZN permission / grant type objects required for BPEL.  Oracle Access Manager (OAM) is able to create, update, and delete objects from its schema successfully.

The problem is intermittent. Sometimes a couple entries can be added the first time, and sometimes only the first entry listed in the ldif file is added. If removing the added entries, then changing the order of the entries in the ldif file and trying again, only the first entry in the ldif file is added.  The same is experienced if using the JAZN console to add the configuration.

An example o an object that cannot be added is below, however the problem is not limited to entries with RDN of orclguid, and it also affects entries with RDNs of other attributes such as uid:

dn: orclguid=9A0B1C707EB611DDBFDC1954C7D40BF7,cn=Permissions, cn=Policy,cn=JAZNContext,cn=Products, cn=OracleContext,dcc=mycompany,dc=com

OID with debug level 1 reports just the same error 20 in the log:

BEGIN
2008/10/22:14:18:27 * ServerWorker (REG):11
ConnID:6273 * mesgID:6 * OpID:5 * OpName:add
ConnIP:xxx.xxx.205.1 ConnDN: cn=orcladmin
INFO : gslfadADoAdd * dn (orclguid=9A0B1C707EB611DDBFDC1954C7D40BF7, cn=Permissions, cn=Policy, cn=JAZNContext, cn=Products, cn=OracleContext, dc=mycompany, dc=com)
14:18:27 * gslfadADoAdd:conn=6273 op=5 ADD dn="orclguid=9A0B1C707EB611DDBFDC1954C7D40BF7, cn=Permissions, cn=Policy, cn=JAZNContext, cn=Products, cn=OracleContext, dc=mycompany, dc=com"
14:18:27 * INFO : gsleswrASndResult2 RESULT = 20 nentries=0
END

Via ldapadd command line the following error is retuned:

adding new entry orclguid=9A0B1C707EB611DDBFDC1954C7D40BF7,cn=Permissions,cn=Policy,cn=JAZNContext,,cn=Products,cn=OracleContext,dc=mycompany,dc=com 
ldap_add: Type or value exists

 ======================================================================

The same [LDAP: error code 1 - Operations Error] can occur while adding an entry into OID using any other ldap tool or integrated product such as OIM, OAM, OVD, ODSM, etc.

======================================================================

In OID 11g, replication agreement may show as "Live" but adding entries in the master does not replicate to the replica and the following error can be seen in the replication log:


[2011-12-04T18:17:29+00:00] [OID] [ERROR:8] [23026] [OIDREPLD] [host: oidreplicahost] [pid: 29225] [tid: 19] Worker(Transport):: In gslrbseApplyOneEntry, ldap_add failure for DN=cn=user1,cn=Users,dc=mycompany,dc=com where supplier=oidmasterhost_db1 and consumer=oidreplicahost_db2 with error=Operations error.




 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms