OVD 11g Authentication Fails With "LDAP Error 2 : Bad LDAP Filter"
(Doc ID 1325585.1)
Last updated on AUGUST 18, 2022
Applies to:
Oracle Virtual Directory - Version 11.1.1.4.0 and laterInformation in this document applies to any platform.
Symptoms
Scenario 1:
Oracle Virtual Directory (OVD) 11g log error:
[2017-03-20T14:05:14.710+02:00] [octetstring] [ERROR] [] [com.octetstring.vde.chain.plugins.userstate.LDAPUserState] [tid: 10] [ecid: <ECID>] failed to translate filter[[
com.octetstring.vde.util.DirectoryException: LDAP Error 2 : Bad LDAP Filter.
at com.octetstring.vde.util.ParseFilter.parse(ParseFilter.java:296)
at com.octetstring.vde.chain.plugins.userstate.OIDUserState.<init>(OIDUserState.java:79)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at com.octetstring.vde.chain.plugins.userstate.UserStateHandler.init(UserStateHandler.java:102)
at com.octetstring.vde.chain.plugins.usermanagement.UserManagement.init(UserManagement.java:489)
at com.octetstring.vde.chain.PluginManager.addPlugin(PluginManager.java:179)
at com.octetstring.vde.chain.PluginManager.configurePlugins(PluginManager.java:753)
at com.octetstring.vde.backend.Adapter.initializeAdapter(Adapter.java:140)
at com.octetstring.vde.backend.BackendHandler.initializeAdapter(BackendHandler.java:330)
at com.octetstring.vde.backend.BackendHandler.addAdapter(BackendHandler.java:298)
at com.octetstring.vde.backend.BackendHandler.<init>(BackendHandler.java:244)
at com.octetstring.vde.backend.BackendHandler.init(BackendHandler.java:408)
at com.octetstring.vde.VDEServer.initialize(VDEServer.java:269)
at com.octetstring.vde.VDEServer.startServer(VDEServer.java:182)
at com.octetstring.vde.VDEServer.main(VDEServer.java:361)
]]
Scenario 2:
Oracle Virtual Directory (OVD) 11g (11.1.1.4.0), with adapter to Active Directory (AD) using ChangeUserRDN plugin.
When the user's CN value for the user in AD contains parentheses, e.g., First (M) Last, the authentication via OVD fails with exception:
From JXplorer and Oracle Directory Services Manager (ODSM), the message can be returned:
Unable to read entry
samaccountname=12345,ou=Users,dc=mycompany,dc=com
error details:
javax.naming.CommunicationException: [LDAP: error code 2 - LDAP Error 2 : Bad LDAP Filter.]; remaining name 'samaccountname=12345,ou=Users,dc=mycompany,dc=com'
The same error continues if escaping each parenthesis with back slash, e.g., cn=First \(M\) Last.
Removing the plugin or the parentheses from the CN value allows authentication to work
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |