ISW Can Not Change Password With - "WARNING<38701> - isw - ... - Plugins cannot process bind request of ..., reason: bind request loop detected" (Doc ID 1359416.1)

Last updated on DECEMBER 08, 2016

Applies to:

Oracle Directory Server Enterprise Edition - Version 11.1.1.3.0 and later
Microsoft Windows (32-bit)
Microsoft Windows x64 (64-bit) - Version: 2008 R2
***Checked for relevance on 21-05-2013***

Symptoms

On ODSEE 11.1.1.5.0 and 11.1.1.3.0, Synchronization For Windows after completing a new installation of ISW, using directory server 11.1.1.3.0 on Windows 2003 and 2008 for both configuration repository and target user directory servers for the synchronization of users, a "looping" error message appears when attempting on demand synchronization in the logs of the masters configured as preferred (primary) or secondary masters by the connector.

When attempting to test on demand synchronization of password between AD and the DS, a bind on the directory server by a user who's password has changed on active directory, the psw-sync plugin on the directory server will use the bind provided to the DS to perform a bind against active directory with those credentials to verify them.  The term for this within ISW is called "on demand synchronization". It should take place without issue and not generate any kind of error messages when successful.

In windows environments, when impacted by this bug the following ERROR message will be seen

[28/Jun/2011:17:35:35 -0400] - WARNING<38701> - isw - conn=237 op=4 msgId=5 - Plugins cannot process bind request of 'uid=ltsldaptest,ou=domain users,ou=people,o=limited.com', reason: bind request loop detected




STEPS
-----------------------
The issue can be reproduced at will with the following steps:

1. Install and configure ODSEE 11.1.1.3.0 or 11.1.1.5.0 and set up a 4 way MMR topology, create DS instances using DSADM and then register the instances into a DSCC for management.

2. Install "Identity Synchronization Windows" from the 11.1.1.5.0 bundle, making sure to fully read the "Identity Synchronization for Windows 6.0 Service Pack 1 Installation Guide" with emphasis on the installation recommendations and known issues sections. That document is provided here http://download.oracle.com/docs/cd/E20295_01/html/821-1581/index.html

3. Configure ISW and prepare the directory servers following normal procedures described in the documentation

4. Install Connectors following documented steps

5. Link user accounts before initial synchronization

6. Start synchronization

7. Change user password on AD and attempt to verify that password change has been synchronized by attempting to bind as user with new version of password, against the DS

Ultimately a site could confuse setup/configuration issues with the fact that this takes place on windows.

Changes

This is seen only on windows system both in new installs and installations where the DS has been added to the MMR topology (and prepds/the console is used to prepare the ds's).  This is confirmed to not be taking place on Linux and Solaris installs of the DS.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms