OID ASR Based Multi-MasterReplication Latency of Changes Resulting in OAM Login Problems
Last updated on MARCH 08, 2017
Applies to:Oracle Internet Directory - Version 10.1.4 to 11.1.1 [Release 10gR3 to 11g]
Information in this document applies to any platform.
This problem can occur on any platform.
Three active OID nodes, in separate geographic locations, configured for ASR Multi-Master replication and Oracle Internet Directory (OID), e.g., 10g/10.1.4.3.0.
Also using Oracle Access Manager (OAM), Access and Identity, and Oracle Virtual Directory (OVD).
OAM points to OVD for user data. OVD in turn points to OID LDAP servers.
After a user changes their e-mail address, they try to logout of OAM and log back in. This is failing because OAM might be reading from an LDAP node that does not have the updated email address yet. It is taking about a minute or two for the change to propagate to all OID nodes.
Even after the user logs in successfully via OAM Webgate, OAM Access Server is still passing the old e-mail address because its cache is not properly updated with the new value. The result is a user logs in and is told to register again because they are not being linked to their profile. It can take upwards of an hour or more for a user to properly login and link to the correct profile.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms