We got into a panic situation yesterday for a while when the main objectclass inetorgperson disappeared all of a sudden in Oracle Internet Directory.
All it happened like this: We had added a custom attribute in OID schema and specified this as an optional attribute in inetorgperson object class. We noticed that the attribute name specified was wrong (while creating) and hence thought to recreate the attribute. We directly deleted the attribute from schema in the Oracle Directory Manager without removing the reference in inetorgperson objectclass. Not sure whether it has prompted any warning while doing so, but my memory tells me it did not….
We never knew that inetorgperson was missing then. When we attempted to recreate the custom attribute once again and tried to add it in inetorgperson objectclass, it was found missing in schema.
Few things checked:
Took the OID schema in ldif file as shown below and searched for inetorgperson objectclass, but found nothing.
[oracle@hostname bin]$ ./ldapsearch -h hostname -p 389 -D cn=orcladmin -w admin123 -L -s base -b “cn=subschemasubentry” “(objectclass=*)” “objectclasses” “attributetypes” >list_attr_objs.ldifWe have also searched in OIDDAS console for this objectclass and wondered that none of the objectclasses (not only inetorgperson) were appearing in User Preferences section.
But, what were the implications of this:
1. Unable to create any user in OID or OAM (user store is OID).
2. Most of the OID operations i.e., search, modify were not functioning.
We also never knew that the solution was so simple (as it would work straight forward) as creating the new inetorgperson objectclass by taking from a working instance.
Action Plan:
Took the inetorgperson objectclass stuff from from other working instance. Modified (removed unnecessary stuff) certain attributes. You may need to be cautious here!
The inetorgperson related ldif file contents looks like this:
dn: cn=subschemasubentry
add: objectclasses
objectclasses: ( 2.16.840.1.113730.3.2.2 NAME ‘inetOrgPerson’ SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ pager $ photo $ preferredLanguage $ roomNumber $ secretary $ uid $ userCertificate $ x500UniqueIdentifier $ userSMIMECertificate $ userPKCS12 $ o ) )
Added that objectclass into the OID schema using the command below.
[oracle@hostname bin]$ ./ldapmodify -h hostname -p 389 -D “cn=orcladmin” -w admin123 -f Correct_inetorgperson.ldif
modifying entry cn=subschemasubentry
We had bounced the OID and OC4J_SECURITY processes for this new attribute to take effect. Then we were able to view the objectclasses in OIDDAS console too. I was saved then!!!
Few may be considering that it is very silly thing, but it would be helpful for those who witness this behavior in the future. Well, I think so!!!
By the way, the metalink article helped us is this: 749308.1.This article helps you add the invalid objectclass in your OID schema.
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com