ISW Can Not Change Password With - "WARNING<38701> - isw - ... - Plugins cannot process bind request of ..., reason: bind request loop detected"
Last updated on DECEMBER 08, 2016
Applies to:Oracle Directory Server Enterprise Edition - Version 18.104.22.168.0 and later
Microsoft Windows (32-bit)
Microsoft Windows x64 (64-bit) - Version: 2008 R2
***Checked for relevance on 21-05-2013***
On ODSEE 22.214.171.124.0 and 126.96.36.199.0, Synchronization For Windows after completing a new installation of ISW, using directory server 188.8.131.52.0 on Windows 2003 and 2008 for both configuration repository and target user directory servers for the synchronization of users, a "looping" error message appears when attempting on demand synchronization in the logs of the masters configured as preferred (primary) or secondary masters by the connector.
When attempting to test on demand synchronization of password between AD and the DS, a bind on the directory server by a user who's password has changed on active directory, the psw-sync plugin on the directory server will use the bind provided to the DS to perform a bind against active directory with those credentials to verify them. The term for this within ISW is called "on demand synchronization". It should take place without issue and not generate any kind of error messages when successful.
In windows environments, when impacted by this bug the following ERROR message will be seen
The issue can be reproduced at will with the following steps:
1. Install and configure ODSEE 184.108.40.206.0 or 220.127.116.11.0 and set up a 4 way MMR topology, create DS instances using DSADM and then register the instances into a DSCC for management.
2. Install "Identity Synchronization Windows" from the 18.104.22.168.0 bundle, making sure to fully read the "Identity Synchronization for Windows 6.0 Service Pack 1 Installation Guide" with emphasis on the installation recommendations and known issues sections. That document is provided here http://download.oracle.com/docs/cd/E20295_01/html/821-1581/index.html
3. Configure ISW and prepare the directory servers following normal procedures described in the documentation
4. Install Connectors following documented steps
5. Link user accounts before initial synchronization
6. Start synchronization
7. Change user password on AD and attempt to verify that password change has been synchronized by attempting to bind as user with new version of password, against the DS
Ultimately a site could confuse setup/configuration issues with the fact that this takes place on windows.
This is seen only on windows system both in new installs and installations where the DS has been added to the MMR topology (and prepds/the console is used to prepare the ds's). This is confirmed to not be taking place on Linux and Solaris installs of the DS.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms