usercertificates Fail to Sync to OID After 10.1.2.3 Patch, with NullPointerException (Doc ID 982192.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version: 10.1.2.3.0 - Release: 10gR2
Information in this document applies to any platform.

Symptoms

  1. Since patching OID to 10.1.2.3 from 10.1.2.2, OID sync to OID fails with iPlanetImport.trc error:

    IplanetImport:Error in Mapping Enginejava.lang.NullPointerException
    java.lang.NullPointerException
         at oracle.ldap.odip.gsi.LDAPReader.searchChanges(LDAPReader.java:308)
         at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:528)
         at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:306)
    ...

    2. or

    Exception Modifying Entry : javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'cn=randall.kido,cn=users,dc=us,dc=oracle,dc=com'
    [LDAP: error code 53 - Unwilling To Perform]
    javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'cn=randall.kido,cn=users,dc=us,dc=oracle,dc=com'
         at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3061)
         at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
         at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
    ...


  2. Sync is failing on the usercertificate mapping. The Source Change Record shows the usercertificate correctly:

    Source ChangeRecord : ChangeRecord : ----------
    Changetype: MODIFY
    ChangeKey: cn=randall.kido,cn=users,dc=us,dc=oracle,dc=com
    Attributes:
    Class: null Name: usercertificate Type: null ChgType: REPLACE Value: [: MIIEdDCCA92gAwIBAgIDB0O3MA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNVBAYTAlVTMRgwFgYD
    VQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYD
    VQQDEw9ET0QgRU1BSUwgQ0EtMTUwHhcNMDcwNjAxMDAwMDAwWhcNMTAwNTMxMjM1OTU5WjB1
    MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0Qx
    DDAKBgNVBAsTA1BLSTEMMAoGA1UECxMDVVNOMS...

    but the Destination Change Record shows usercertificate with strange characters:

    MAPPING : Dst Change Record : ChangeRecord : ----------
    Changetype: MODIFY
    ChangeKey: cn=randall.kido,cn=users,dc=us,dc=oracle,dc=com
    Attributes:
    Class: null Name: objectclass Type: null ChgType: NOCHANGE Value: [person, inetorgperson]
    Class: null Name: userCertificate Type: null ChgType: REPLACE Value: [0?t0?? C?0
     *?H??
    ...

  3. The mapping rule used is:

    usercertificate:4:binary:inetorgperson:usercertificate:binary:inetorgperson

Changes

OID was recently patched from 10.1.2.2 to 10.1.2.3

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms