Externally Authenticated Users Cannot Modify the Password For Native OID User Accounts (Doc ID 1322184.1)

Last updated on SEPTEMBER 14, 2016

Applies to:

Oracle Internet Directory - Version: 11.1.0.6 and later   [Release: 11g and later ]
Information in this document applies to any platform.

Symptoms

Externally Authenticated users, that is users who have been authenticated against an external directory service using the External Authentication plugins and who have been assigned an administrator role, cannot modify the userPassword attribute for native OID users. This applies to OID 10.1.0.1 through 11g.

It is intended that users who have been granted an administrator role should be able to reset user passwords.

The issue can be reproduced at will with the following steps:
1. Configure the External Authentication plugins against an external directory service (eg. Active Directory, eDirectory, iPlanet)
2. Grant a password administration role to an externally authenticated user account.
3. Attempt to reset the password of a native OID user account.

Due to this issue, password administration role can not be delegated to externally authenticated users.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms