OVD 11g Authentication Fails With "LDAP Error 2 : Bad LDAP Filter" (Doc ID 1325585.1)

Last updated on JULY 13, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.4.0 and later
Information in this document applies to any platform.

Symptoms

Scenario 1:

Oracle Virtual Directory (OVD) 11g log error:

[2017-03-20T14:05:14.701+02:00] [octetstring] [NOTIFICATION] [] [com.octetstring.vde.chain.plugins.userstate.UserStateHandler] [tid: 10] [ecid: 0000LffaoHLD8hKayTJb6G1OnwLl000000,0] The user state object to be initialized: com.octetstring.vde.chain.plugins.userstate.OIDUserState
[2017-03-20T14:05:14.710+02:00] [octetstring] [ERROR] [] [com.octetstring.vde.chain.plugins.userstate.LDAPUserState] [tid: 10] [ecid: 0000LffaoHLD8hKayTJb6G1OnwLl000000,0] failed to translate filter[[
com.octetstring.vde.util.DirectoryException: LDAP Error 2 : Bad LDAP Filter.
at com.octetstring.vde.util.ParseFilter.parse(ParseFilter.java:296)
at com.octetstring.vde.chain.plugins.userstate.OIDUserState.<init>(OIDUserState.java:79)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at com.octetstring.vde.chain.plugins.userstate.UserStateHandler.init(UserStateHandler.java:102)
at com.octetstring.vde.chain.plugins.usermanagement.UserManagement.init(UserManagement.java:489)
at com.octetstring.vde.chain.PluginManager.addPlugin(PluginManager.java:179)
at com.octetstring.vde.chain.PluginManager.configurePlugins(PluginManager.java:753)
at com.octetstring.vde.backend.Adapter.initializeAdapter(Adapter.java:140)
at com.octetstring.vde.backend.BackendHandler.initializeAdapter(BackendHandler.java:330)
at com.octetstring.vde.backend.BackendHandler.addAdapter(BackendHandler.java:298)
at com.octetstring.vde.backend.BackendHandler.<init>(BackendHandler.java:244)
at com.octetstring.vde.backend.BackendHandler.init(BackendHandler.java:408)
at com.octetstring.vde.VDEServer.initialize(VDEServer.java:269)
at com.octetstring.vde.VDEServer.startServer(VDEServer.java:182)
at com.octetstring.vde.VDEServer.main(VDEServer.java:361)

]]


Scenario 2:

Oracle Virtual Directory (OVD) 11g (11.1.1.4.0), with adapter to Active Directory (AD) using ChangeUserRDN plugin.

When the user's CN value for the user in AD contains parentheses, e.g., John (L) Smith, the authentication via OVD fails with exception:

com.octetstring.vde.util.DirectoryException: LDAP Error 2 : Bad LDAP Filter.


From JXplorer and Oracle Directory Services Manager (ODSM), the message can be returned:

Error Encountered:
Unable to read entry
samaccountname=12345,ou=Users,dc=mycompany,dc=com

error details:
javax.naming.CommunicationException: [LDAP: error code 2 - LDAP Error 2 : Bad LDAP Filter.]; remaining name 'samaccountname=12345,ou=Users,dc=mycompany,dc=com'


The same error continues if escaping each parenthesis with back slash, e.g., cn=John \(L\) Smith.

Removing the plugin or the parentheses from the CN value allows authenticatication to work ok.

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms