OID 10g Portal Default Group (orcldefaultprofilegroup Attribute Value) Is Automatically Getting Deleted Whenever A User's Password Is Changed Or Reset (Doc ID 1386635.1)

Last updated on SEPTEMBER 16, 2016

Applies to:

Oracle Internet Directory - Version 9.0.4 to 10.1.4.3 [Release 10gR1 to 10gR3]
Information in this document applies to any platform.

Symptoms

Oracle Internet Directory (OID) 10g, i.e.,10.1.2.3, integrated with Portal.

The user's default group (orcldefaultprofilegroup attribute value) is being automatically deleted whenever a user's password is reset, even though the default group is not touched.

Steps to reproduce:
- Login to the home page for default group and navigate to this url, i.e.:
https://portal.mycompany.com/portal/page/portal/staff/user_administration

- There is a User portlet where the username that needs a password to be reset can be entered, then click the Edit button. The next page url is, i.e.:
https://sso.mycompany.com/oiddas/ui/oracle/ldap/das/user/AppEditUserAdmin?doneurl=https://portal.mycompany.com/portal/page/portal/staff/user_administration?_mode=16&homeurl=https://portal.mycompany.com/portal/page/portal/staff/user_administration?_mode%
3D16&userguid=30191736C9A7E725E040928DC3D03995&enablePA=true


- Enter the password in the Password and Confirm Password fields, click Submit. This redirects to this page:
https://sso.mycompany.com/oiddas/ui/oracle/ldap/das/user/AppEditUserInfoAdmin

- Click Done and it redirects back at the orginal page:
https://portal.mycompany.com/portal/page/portal/staff/user_administration


The problem may occur intermittently or only when starting from the Portal URL but not when going directly from the oiddas URL, i.e., https://sso.mycompany.com/oiddas.


After turning on OID debug level to 1, OID debugged log shows the attribute(s) deletion when the userpassword is changed, i.e., following Connection ID (ConnID:22067215) in this example:

BEGIN
2011/10/10:00:44:29 * ServerWorker (REG):8 * ConnID:22067215 * OpId:2 * OpName:bind
INFO : gslfbiADoBind * Version=3 BIND dn="cn=user1,cn=users,dc=mycompany,dc=com" method=128
ConnId = 22067215, op=2, IpAddr=<IP address>
00:44:29 * INFO : gslfrsASendLdapResult2 RESULT = 0 nentries=0
END
..........................
BEGIN
2011/10/10:00:44:41 * ServerWorker (REG):7 * ConnID:22067215 * OpId:43 * OpName:modify
INFO : gslfmeADoModify: dn = cn=user1,cn=users,dc=mycompany,dc=com
00:44:41 * gslfmeADoModify: dn (cn=user1,cn=users,dc=mycompany,dc=com)
00:44:41 * gslfmeADoModify: modifications:
00:44:41 * replace: userpassword
00:44:41 * delete: orcldefaultprofilegroup
00:44:41 * delete: orclactivestartdate
00:44:41 * gslfmeADoModify:conn=22067215 op=43 MOD dn="cn=user1,cn=users,dc=mycompany,dc=com"
00:44:41 * Replacing userpassword in gslsbmApplyModtoEntry()
00:44:41 * Deleting orcldefaultprofilegroup in gslsbmApplyModtoEntry()
00:44:41 * Deleting orclactivestartdate in gslsbmApplyModtoEntry()
00:44:41 * Replacing authpassword in gslsbmApplyModtoEntry()
00:44:41 * Replacing orclpassword in gslsbmApplyModtoEntry()
00:44:41 * Deleting pwdfailuretime in gslsbmApplyModtoEntry()
00:44:41 * Deleting pwdaccountlockedtime in gslsbmApplyModtoEntry()
00:44:41 * INFO : gslfrsASendLdapResult2 RESULT = 0 nentries=0
END


A little later, this is propagated to Portal via DIP provisioning.  Below is an example from the Portal profile audit log:

Mon Oct 10 00:44:54 GMT 2011 - Audit Log Start
-----------------------------------------------------
User Exists Check - UID : user1 ,GUID (A04AF5A230158FAFE040928DC3D04025) - Response : 1
=============Event ID : 29866 - (USER_MODIFY)=============
Source : cn=user1,cn=users,dc=mycompany,dc=com
Time : 20111010004441z
Object Name: user1
Object GUID: A04AF5A230158FAFE040928DC3D04025
Object DN : cn=user1,cn=users,dc=mycompany,dc=com
AttrName - OpType - Value
-------------------------------------------
orcldefaultprofilegroup - DELETE -
EVENT_NTFY Response : 1
29866 : Success : MODIFY : cn=user1,cn=users,dc=mycompany,dc=com
Mon Oct 10 00:44:54 GMT 2011 - Audit Log End


And turning on SSO/DAS debug, the oc4j security debugged log also shows the deletion:

.........
11/12/01 04:56:06 [info] attr orcldefaultprofilegroup will be removed !
11/12/01 04:56:06 [info] i = 0 attr is userpassword op is REPLACE; val is <password>
11/12/01 04:56:06 [info] i = 1 attr is orcldefaultprofilegroup op is REMOVE
11/12/01 04:56:06 [info] Successfully modify user !
.........

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms