OID Password Filter Main Log Shows Successful Password Updated, But Ldapbinds To OID With Working AD Passwords Fail With "Invalid credentials" (Doc ID 1349704.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 10.1.4 and later
Information in this document applies to any platform.

Symptoms

Oracle Internet Directory (OID) 10g or 11g.

Configured Password Filter to sync passwords from Active Directory (AD) to OID.

Passwords seem to be updated ok as per the Password Filter's Main log, which show no errors and only successful update entries such as below:

...<snip>....

Search Succeeded
DN IS -->
cn=user1,cn=users,dc=mycompany,dc=com


cn=user1,cn=users,dc=mycompany,dc=com


Inside UpdatePassword

Password Updated

After Update Password

Deleting the record from datastore if it exists

Inside sgsladds::sgslperdeleteData
Only dataattribute
Got Registry enteries
contact
description
Got Entiredn

cn=user1,OU=myou,DC=mycompany,DC=com
Inside sgsladdsSearchUser
Firing Search Request

AD search for a user objectGUID is successfull

Inside sgslodac destructor
Inside sgsladac destructor
Password Updation successful in child process

...<snip>...



However, ldapbinds to OID as the AD user fail:

ldapbind -h <oid hostname> -p <port> -D "cn=user1,cn=users,dc=mycompany,dc=com" -w <AD user password>
ldap_bind: Invalid credentials



Already doublechecked and confirmed that the same AD password works fine with an ldapbind directly against AD, i.e.:

ldapbind -h <AD hostname> -p <port> -D "cn=user1,OU=myou,DC=mycompany,DC=com" -w <AD user password>
bind successful

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms