My Oracle Support Banner

OID 10g Portal Default Group (orcldefaultprofilegroup Attribute Value) Is Automatically Getting Deleted Whenever A User's Password Is Changed Or Reset (Doc ID 1386635.1)

Last updated on MAY 19, 2021

Applies to:

Oracle Internet Directory - Version 9.0.4 to [Release 10gR1 to 10gR3]
Information in this document applies to any platform.


Oracle Internet Directory (OID) 10g, i.e.,, integrated with Portal.

The user's default group (orcldefaultprofilegroup attribute value) is being automatically deleted whenever a user's password is reset, even though the default group is not touched.

Steps to reproduce:
- Login to the home page for default group and navigate to this url, i.e.:

- There is a User portlet where the username that needs a password to be reset can be entered, then click the Edit button. The next page url is, i.e.:

- Enter the password in the Password and Confirm Password fields, click Submit. This redirects to this page:

- Click Done and it redirects back at the orginal page:

The problem may occur intermittently or only when starting from the Portal URL but not when going directly from the oiddas URL, i.e., https://<SSO_HOSTNAME>/oiddas.

After turning on OID debug level to 1, OID debugged log shows the attribute(s) deletion when the userpassword is changed, i.e., following Connection ID (ConnID:22067215) in this example:

2011/10/10:00:44:29 * ServerWorker (REG):8 * ConnID:22067215 * OpId:2 * OpName:bind
INFO : gslfbiADoBind * Version=3 BIND dn="cn=user1,cn=users,dc=<COMPANY_NAME>,dc=com" method=128
ConnId = 22067215, op=2, IpAddr=<IP address>
00:44:29 * INFO : gslfrsASendLdapResult2 RESULT = 0 nentries=0
2011/10/10:00:44:41 * ServerWorker (REG):7 * ConnID:22067215 * OpId:43 * OpName:modify
INFO : gslfmeADoModify: dn = cn=user1,cn=users,dc=<COMPANY_NAME>,dc=com
00:44:41 * gslfmeADoModify: dn (cn=user1,cn=users,dc=<COMPANY_NAME>,dc=com)
00:44:41 * gslfmeADoModify: modifications:
00:44:41 * replace: userpassword
00:44:41 * delete: orcldefaultprofilegroup
00:44:41 * delete: orclactivestartdate
00:44:41 * gslfmeADoModify:conn=22067215 op=43 MOD dn="cn=user1,cn=users,dc=<COMPANY_NAME>,dc=com"
00:44:41 * Replacing userpassword in gslsbmApplyModtoEntry()
00:44:41 * Deleting orcldefaultprofilegroup in gslsbmApplyModtoEntry()
00:44:41 * Deleting orclactivestartdate in gslsbmApplyModtoEntry()
00:44:41 * Replacing authpassword in gslsbmApplyModtoEntry()
00:44:41 * Replacing orclpassword in gslsbmApplyModtoEntry()
00:44:41 * Deleting pwdfailuretime in gslsbmApplyModtoEntry()
00:44:41 * Deleting pwdaccountlockedtime in gslsbmApplyModtoEntry()
00:44:41 * INFO : gslfrsASendLdapResult2 RESULT = 0 nentries=0

A little later, this is propagated to Portal via DIP provisioning.  Below is an example from the Portal profile audit log:

Mon Oct 10 00:44:54 GMT 2011 - Audit Log Start
User Exists Check - UID : user1 ,GUID (<GUID>) - Response : 1
=============Event ID : 29866 - (USER_MODIFY)=============
Source : cn=user1,cn=users,dc=<COMPANY_NAME>,dc=com
Time : 20111010004441z
Object Name: user1
Object GUID: <GUID>
Object DN : cn=user1,cn=users,dc=<COMPANY_NAME>,dc=com
AttrName - OpType - Value
orcldefaultprofilegroup - DELETE -
EVENT_NTFY Response : 1
29866 : Success : MODIFY : cn=user1,cn=users,dc=<COMPANY_NAME>,dc=com
Mon Oct 10 00:44:54 GMT 2011 - Audit Log End

And turning on SSO/DAS debug, the oc4j security debugged log also shows the deletion:

11/12/01 04:56:06 [info] attr orcldefaultprofilegroup will be removed !
11/12/01 04:56:06 [info] i = 0 attr is userpassword op is REPLACE; val is <password>
11/12/01 04:56:06 [info] i = 1 attr is orcldefaultprofilegroup op is REMOVE
11/12/01 04:56:06 [info] Successfully modify user !




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.