My Oracle Support Banner

Externally Authenticated Users Cannot Modify the Password For Native OID User Accounts (Doc ID 1322184.1)

Last updated on FEBRUARY 08, 2019

Applies to:

Oracle Internet Directory - Version and later
Information in this document applies to any platform.


Externally Authenticated users, that is users who have been authenticated against an external directory service using the External Authentication plugins and who have been assigned an administrator role, cannot modify the userPassword attribute for native OID users. This applies to OID through 11g.

It is intended that users who have been granted an administrator role should be able to reset user passwords.

The issue can be reproduced at will with the following steps:
1. Configure the External Authentication plugins against an external directory service (eg. Active Directory, eDirectory, iPlanet)
2. Grant a password administration role to an externally authenticated user account.
3. Attempt to reset the password of a native OID user account.

Due to this issue, password administration role can not be delegated to externally authenticated users.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.