6 Troubleshooting the Transition to Oracle Unified Directory
If the transition fails, troubleshoot the cause using the log file and guidelines in this chapter.
6.1 Checklist for Troubleshooting the Transition to Oracle Unified Directory
Use the following checklist as a starting point when troubleshooting Oracle Unified Directory transition problems.
- Verify that the Oracle Unified Directory directory server and replication gateway instance is running. For more information, see Starting the Server in Administering Oracle Unified Directory.
- Verify that the replication gateway has been set up and is working correctly, add an entry on the Oracle Unified Directory server. Verify that the newly added entry has been successfully replicated to the Oracle Directory Server Enterprise Edition server. For more information, see Verifying the Replication Gateway Setup in Installing Oracle Unified Directory.
- If Oracle Directory Integration Platform is configured for synchronization, verify that the servers are running. See in Starting the Stack in Administering Oracle Directory Integration Platform.
- Verify that the audit, error, and debug logs are configured. For more information, see Configuring Logs in Administering Oracle Unified Directory.
- Use the OUD
dsreplication
command or the ODSEE console to monitor replication status information. For more information see Monitoring a Replicated Topology in Administering Oracle Unified Directory. - Use
dirtracer
tool to gather debugging information about a running, hung, or stopped Oracle Directory Server Enterprise Edition process. For more information about thedirtracer
script, see Using Troubleshooting Tools in Troubleshooting Guide for Oracle Directory Server Enterprise Edition. - Use the Remote Diagnostic Agent (RDA) to collect logs, configuration files, scripts
and environment information for Oracle Unified Directory (OUD).
Note:
For more information on downloading and installing RDA, log into My Oracle Support. In the Search Knowledge Base field, enter 314422.1. This is the ID of the document that describes RDA installation.-
Configure RDA for collection of OUD information.
Unix
rda.sh -S -p OudStd -e OFM.OUD.N_TAIL=0
Windows
rda.cmd -S -p OudStd -e OFM.OUD.N_TAIL=0
-
- Run RDA using the same command which uses the default configuration file
(output.cfg)
Unix
rda.sh
Windows
rda.cmd
6.2 Troubleshooting Replication
This section describes issues associated with the replication gateway after transitioning from Oracle Directory Server Enterprise Edition to Oracle Unified Directory.
-
result=32 Error May Occur After Initializing the Replicated Server With Data
-
Error after Setting Up the Replication Gateway Using the Graphical User Interface (GUI)
- Error while Setting Up the Replication Gateway Using the Command-Line Interface (CLI)
- Replication Server Fails to Start with moddn property Enabled
- Replication Gateway Fails to Replicate the Resource Limit Attributes
- Incompatible (O)DSEE Password Policy
- Violation Error after Multiple Modification to the (O)DSEE pwdLastAuthTime Operational Attribute
6.2.1 result=32 Error May Occur After Initializing the Replicated Server With Data
After initializing the replicated Server with ODSEE and OUD data, the following error
is displayed in access logs (Located at instance_dir/OUD/logs
):
ADD RES conn=-1 op=16462142 msgID=16462143 result=32 etime=1
This issue occurs if the nsuniqueid
attribute value in
ODSEE does not match with the entryUUID
attribute value in OUD.
To resolve the issue, ensure that the attributes value are same in both the ODSEE and OUD environments.
Example:
$ ldapsearch -p 11389 -D cn="Directory Manager" -j pwd-file -b dc=example,dc=com uid=employeeName nsuniqueid
dn: uid=uid=employeeName,ou=People,dc=example,dc=com
nsuniqueid: b725320e-455e11e7-80b1e853-9d225af6
$ ldapsearch -p 1389 -D cn="Directory Manager" -j pwd-file -b dc=example,dc=com employeeName entryUUID
dn: employeeName,ou=People,dc=example,dc=com
entryUUID: b725320e-455e-11e7-80b1-e8539d225af6
6.2.2 Error after Setting Up the Replication Gateway Using the Graphical User Interface (GUI)
After running the installer to set up the replication gateway server instance and the setup is complete, the following error may appear:
ReplicationGatewaySetupException: Error initializing. Could not find a peer to start the initialization after several tries. Details: Error during the initialization with contents from server <HOSTNAME>.<DOMAIN>:<ADMIN_PORT>. Last log details: [10/Jan/2018:10:18:45 -0700] severity="NOTICE" msgCount=0 msgID=9896349 message="Initialize From Replica task replication-gateway-setup-initialize5 started execution". Task state: STOPPED_BY_ERROR. Check the error logs of <HOSTNAME>.<DOMAIN>:<ADMIN_PORT> for more information.
This issue may occur if the firewall is enabled between the Oracle Unified Directory replication gateway and Oracle Unified Directory directory server instance and all transmission control protocol (TCP) network ports are blocked to incoming connections.
To resolve this issue, verify the firewall settings and ensure that all Oracle Unified Directory network ports are open to incoming connections.
6.2.3 Error while Setting Up the Replication Gateway Using the Command-Line Interface (CLI)
When you run the oud-replication-gateway-setup --cli
to
set up the replication gateway and enter the required configuration details, the
following error may appear:
Initializing basic replication gateway configuration ..... Done.
Starting Replication Gateway .......... Done.
Updating Registration Information ..... Done.
Configuring Oracle Unified Directory server <OUD_HOST_1> .....Done.
Initializing Registration Information .....
Error initializing. Could not find replication ID in the server <OUD_HOST_1> for base DN cn=admin data.
If you want to report this error, provide the contents of file $MW_HOME/$OUD_GW_INST/OUD/logs/oud-setup
Error initializing. Could not find replication ID in the server <OUD_HOST_1> for base DN cn=admin data.
This issue occurs when you enabled a server instance (replication gateway) for Oracle
Enterprise User Security (EUS) and cn=oraclecontext
and
cn=oracleschemaversion
naming contexts are created on the
instance.
To resolve this issue, create a directory server instance without the EUS option and setup this instance as the replication gateway.
See:
- Setting Up Oracle Unified Directory as a Directory Server in Installing Oracle Unified Directory.
- Setting Up Oracle Unified Directory as a Replication Gateway in Installing Oracle Unified Directory.
6.2.4 Replication Server Fails to Start with moddn property Enabled
Replication from ODSEE to OUD fails and the following error appears in ODSEE:
ERROR - Replication - conn=-1 op=-1 msgId=-1 - [S] Unable to start a replication session with MODDN enabled. The consumer <HOSTNAME>:<PORT>/ou=people,<SUFFIX_DN> does not support MODDN operations.
This error if the moddnenabledsuffixes
attribute is not available in
OUD.
To resolve this issue
-
Stop the replication server by running the
stop-ds
command. -
Make a backup of the OUD
config.ldif
file (Located atinstance-path/config/ config.ldif
). -
Open the
config.ldif
file in a text editor and update theds-cfg-base-dn
parameter with the ODSEE parameter.Example:
dn: cn=Replication Gateway Domain 1,cn=domains,cn=Gateway Plugin,cn=Plugins,cn=config ds-cfg-base-dn: ou=people,<SUFFIX_DN>
-
Restart the replication server by running the
start-ds
command.
6.2.5 Replication Gateway Fails to Replicate the Resource Limit Attributes
The OUD and ODSEE replication gateway server instance does not replicate the following resource limit attributes:
-
nsSizeLimit
-
nsTimeLimit
-
nsLookThroughLimit
-
nsIdleTimeout
Syntax
To resolve this issue, enable the resource limit attributes:
-
When the Replication Gateway is used, the OUD schema (
02-config.ldif
) must be modified so that each (O)DSEE attribute name (nsSizeLimit
,nsTimeLimit
,nsLookThroughLimit
, andnsIdleTimeout
) related to resource limits is declared as an alias name for each corresponding OUD attribute.Note:
Corresponding attributes on OUD are:ds-rlim-size-limit
,ds-rlim-time-limit
,ds-rlim-lookthrough-limit
, andds-rlim-idle-time-limit
.Update the OUD schema (
02-config.ldif
):-
Open the
02-config.ldif
file (Located atOUD_ORACLE_HOME/config/schema/02-config.ldif
) in a text editor and add thensSizeLimit
resource limit attribute, as shown in the following example:attributeTypes: ( 1.3.6.1.4.1.26027.1.1.394 NAME ( 'ds-rlim-size-limit' 'nsSizeLimit' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
-
Restart the OUD Instance by running the
start-ds
command. -
You must repeat the above steps and update
02-config.ldif
fornsTimeLimit
,nsLookThroughLimit
, andnsIdleTimeout
.
-
-
In (O)DSEE,
-1
is used to disable a resource limit. In OUD,0
is used. One way to address this difference is to create a virtual attribute on OUD to override the content of the OUD attribute when the value of the (O)DSEE attribute is equal to-1
.Create new virtual attribute by running the
create-virtual-attribute
subcommand:dsconfig create-virtual-attribute --name "mapping nsSizeLimit " --type user-defined --set attribute-type:ds-rlim-size-limit \ --set filter:”(nsSizeLimit=-1)” \ --set conflict-behavior:virtual-overrides-real \ --set value:"0" --set enabled:true
You must repeat the above steps and create the virtual attributes for
nsTimeLimit
,nsLookThroughLimit
, andnsIdleTimeout
attributes. -
Remove the
nsSizeLimit
attribute from the OUD replication gateway server by running thedsconfig
command:dsconfig set-plugin-prop --plugin-name "Gateway Plugin" --remove dsee-specific-attribute-types:nsSizeLimit --hostname myhost.example.com --port 29444 --trustStorePath /<path to root>/<Middleware_Home>/OUD target instance/OUD/config/admin-truststore --bindDN cn=Directory Manager --bindPasswordFile pwdFile --no-prompt
You must repeat the above steps and remove
nsTimeLimit
,nsLookThroughLimit
, andnsIdleTimeout
attributes from the OUD replication gateway server. -
Open the ODSEE
00core.ldif
file (Located atinstance-path/config/schema/
) in a text editor and add theds-rlim-size-limit
OUD attribute, as shown in the following example:attributeTypes: ( 2.16.840.1.113730.3.1.571 NAME ( 'nsSizeLimit' 'ds-rlim-size-limit' ) DESC 'Binder-based search operation size limit (entries)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-DS-USE 'internal' X-ORIGIN 'Sun ONE Directory Server' )
Perform the above steps to add the corresponding OUD attributes to the ODSEE resource limit attributes.
6.2.6 Incompatible (O)DSEE Password Policy
After running the run the ds2oud --diagnose
command, the following
warning message is displayed:
Warning : Incompatible password policy, the replication gateway only supports DS6-mode : You are currently using DS5-mode
This warning occur if you are using the DS5-compatibility-mode
password policy.
To resolve this issue, you must switch to DS6-mode
before exporting
data from (O)DSEE.
-
Change to
DS6-migration-mode
fromDS5-compatible-mode
by running thedsconf pwd-compat
command.Example:
dsconf pwd-compat -p 12000 -h <hostname> to-DS6-migration-mode Enter "cn=Directory Manager" password: ## Beginning password policy compatibility changes. ## Password policy compatibility changes finished.
-
Delete the
DS5-mode
password policy operational attributes, as described Programmatically Running DS5-Mode Password Policy Operational Attributes in DS6-Mode in Administrator's Guide for Oracle Directory Server Enterprise Edition -
Change from
DS6-migration-mode
toDS6-mode
by running thedsconf pwd-compat
command.Example:
dsconf pwd-compat -p 12000 -h <hostname> to-DS6-mode Enter "cn=Directory Manager" password: ## Beginning password policy compatibility changes. ## Password policy compatibility changes finished.
For more information about password policy, see Directory Server Password Policy in Administrator's Guide for Oracle Directory Server Enterprise Edition.
6.2.7 Violation Error after Multiple Modification to the (O)DSEE pwdLastAuthTime Operational Attribute
If you make multiple modification to the (O)DSEE pwdLastAuthTime
operational attribute after creating the replication gateway, then the following
error message may appear:
category=SYNC severity=MILD_ERROR msgID=14876739 msg=Could not replay operation ModifyOperation
operation ModifyOperation(connID=-1, opID=362, dn=cn=<ADMIN>,ou=<OU>,dc=<SUFFIX_DN>) with
ChangeNumber 000001610af1f2e0000500000005
error Constraint Violation Entry cn=<ADMIN>,ou=<OU>,dc=<SUFFIX_DN> cannot
be updated because the request did not contain any modifications
To resolve this issue:
-
Remove the
pwdLastAuthTime
operational attribute from the OUD replication gateway server by running thedsconfig
command:$./dsconfig set-plugin-prop --plugin-name Gateway\ Plugin --remove dsee-specific-attribute-types:pwdlastauthtime
-
Restart the OUD server using the
start-ds
command. -
Verify the OUD error logs (Located at
INSTANCE_DIR/OUD/logs
).
6.3 What to Do If the Transition Process Fails
If any step in the transition process fails, then terminate the transition process and restore the environment to its original state using the backup files you created in Creating a Complete Backup.
See:
- Binary Restore in Administrator's Guide for Oracle Directory Server Enterprise Edition.
- Restoring Replicated Suffixes in Administrator's Guide for Oracle Directory Server Enterprise Edition.
Uninstall the Oracle Unified Directory server instances, as described in Uninstalling an Oracle Unified Directory Instance in Installing Oracle Unified Directory.