OVD 11g Logging Authentication Failures As Errors With Stack Trace / Unable To Filter Out Authentication Failures From OVD Log
(Doc ID 1404500.1)
Last updated on MARCH 13, 2019
Applies to:
Oracle Virtual Directory - Version 11.1.1.2.0 and laterInformation in this document applies to any platform.
Symptoms
Oracle Virtual Directory (OVD) 11g, i.e., 11.1.1.5.
After creating an LDAP adapter that points to a backend directory such as Microsoft ADAM directory, attempts to bind to OVD using an account from the ADAM directory with an invalid password (i.e., accidentally) is logged in the OVD diagnostic.log file as an error with a full DirectoryException stack trace, i.e.:
com.octetstring.vde.util.DirectoryException: LDAP Error 49 : [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C090336, comment: AcceptSecurityContext error, data 52e, vece ]
at com.octetstring.vde.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:1052)
at com.octetstring.vde.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:944)
at com.octetstring.vde.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:425)
at com.octetstring.vde.backend.jndi.ConnectionHandle.bind(ConnectionHandle.java:181)
at com.octetstring.vde.backend.jndi.BackendJNDI.bind(BackendJNDI.java:510)
at com.octetstring.vde.chain.Chain.nextBind(Chain.java:223)
at com.octetstring.vde.chain.BasePlugin.bind(BasePlugin.java:73)
at com.octetstring.vde.chain.Chain.nextBind(Chain.java:233)
at com.octetstring.vde.chain.plugins.performance.MonitorPerformance.bind(MonitorPerformance.java:333)
at com.octetstring.vde.chain.Chain.nextBind(Chain.java:233)
at com.octetstring.vde.chain.PluginChain.runBind(PluginChain.java:201)
at com.octetstring.vde.chain.PluginManager.runBind(PluginManager.java:376)
at com.octetstring.vde.chain.PluginManager.runBind(PluginManager.java:341)
at com.octetstring.vde.backend.AdapterServiceInterface.bind(AdapterServiceInterface.java:368)
at com.octetstring.vde.backend.BackendHandler.bind(BackendHandler.java:534)
at com.octetstring.vde.chain.Chain.nextBind(Chain.java:215)
at com.octetstring.vde.chain.BasePlugin.bind(BasePlugin.java:73)
at com.octetstring.vde.chain.plugins.upnbind.UPNBindPlugin.bind(UPNBindPlugin.java:156)
at com.octetstring.vde.chain.Chain.nextBind(Chain.java:233)
at com.octetstring.vde.chain.plugins.performance.MonitorPerformance.bind(MonitorPerformance.java:333)
at com.octetstring.vde.chain.Chain.nextBind(Chain.java:233)
at com.octetstring.vde.chain.plugins.AclCheckerPlugin.bind(AclCheckerPlugin.java:239)
at com.octetstring.vde.chain.Chain.nextBind(Chain.java:233)
at com.octetstring.vde.chain.PluginChain.runBind(PluginChain.java:201)
at com.octetstring.vde.chain.PluginManager.runBind(PluginManager.java:376)
at com.octetstring.vde.chain.PluginManager.runBind(PluginManager.java:341)
at com.octetstring.vde.chain.GlobalServicesInterface.runBind(GlobalServicesInterface.java:188)
at com.octetstring.vde.operation.BindOperation.run(BindOperation.java:234)
at com.octetstring.vde.operation.AbstractOperation.perform(AbstractOperation.java:122)
at com.octetstring.vde.MessageHandler.doBind(MessageHandler.java:345)
at com.octetstring.vde.MessageHandler.answerRequest(MessageHandler.java:185)
at com.octetstring.vde.OperationHandler.run(OperationHandler.java:118)
Tried different log levels and granular logging, but it did not help filter out the above type error.
As authentication failures can occur frequently, this would result in a lot of noise in the OVD log that will make it difficult to detect real errors.
Still would like to see OVD errors and warnings in the log, but not errors and stack trace whenever a user enters an incorrect password.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |