My Oracle Support Banner

OVD 11g Authentication Fails With "LDAP Error 2 : Bad LDAP Filter" (Doc ID 1325585.1)

Last updated on AUGUST 18, 2022

Applies to:

Oracle Virtual Directory - Version and later
Information in this document applies to any platform.


Scenario 1:

Oracle Virtual Directory (OVD) 11g log error:

[2017-03-20T14:05:14.701+02:00] [octetstring] [NOTIFICATION] [] [com.octetstring.vde.chain.plugins.userstate.UserStateHandler] [tid: 10] [ecid: <ECID>] The user state object to be initialized: com.octetstring.vde.chain.plugins.userstate.OIDUserState
[2017-03-20T14:05:14.710+02:00] [octetstring] [ERROR] [] [com.octetstring.vde.chain.plugins.userstate.LDAPUserState] [tid: 10] [ecid: <ECID>] failed to translate filter[[
com.octetstring.vde.util.DirectoryException: LDAP Error 2 : Bad LDAP Filter.
at com.octetstring.vde.util.ParseFilter.parse(
at com.octetstring.vde.chain.plugins.userstate.OIDUserState.<init>(
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(
at java.lang.reflect.Constructor.newInstance(
at java.lang.Class.newInstance0(
at java.lang.Class.newInstance(
at com.octetstring.vde.chain.plugins.userstate.UserStateHandler.init(
at com.octetstring.vde.chain.plugins.usermanagement.UserManagement.init(
at com.octetstring.vde.chain.PluginManager.addPlugin(
at com.octetstring.vde.chain.PluginManager.configurePlugins(
at com.octetstring.vde.backend.Adapter.initializeAdapter(
at com.octetstring.vde.backend.BackendHandler.initializeAdapter(
at com.octetstring.vde.backend.BackendHandler.addAdapter(
at com.octetstring.vde.backend.BackendHandler.<init>(
at com.octetstring.vde.backend.BackendHandler.init(
at com.octetstring.vde.VDEServer.initialize(
at com.octetstring.vde.VDEServer.startServer(
at com.octetstring.vde.VDEServer.main(


Scenario 2:

Oracle Virtual Directory (OVD) 11g (, with adapter to Active Directory (AD) using ChangeUserRDN plugin.

When the user's CN value for the user in AD contains parentheses, e.g., First (M) Last, the authentication via OVD fails with exception:

com.octetstring.vde.util.DirectoryException: LDAP Error 2 : Bad LDAP Filter.

From JXplorer and Oracle Directory Services Manager (ODSM), the message can be returned:

Error Encountered:
Unable to read entry

error details:
javax.naming.CommunicationException: [LDAP: error code 2 - LDAP Error 2 : Bad LDAP Filter.]; remaining name 'samaccountname=12345,ou=Users,dc=mycompany,dc=com'

The same error continues if escaping each parenthesis with back slash, e.g., cn=First \(M\) Last.

Removing the plugin or the parentheses from the CN value allows authentication to work 


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.