ODSEE/DPS - End Users Not Receiving Expected Message of: "Password was reset and must be changed" Message when Going Through Directory Proxy Server (Doc ID 1447154.1)

Symptoms

DPS is configured with multiple DS backends in replication mode (all Primary Suppliers). Native LDAP clients on Solaris are connecting to this setup.
It was observed that when a user's password is reset ("pwdreset" attribute is seen as set to "true" in the user entry) and the "pwdMustChange" attribute in the password policy is set to "true",  that the user is NOT getting the "Password was reset and must be changed" message when logging into the Native LDAPclients.

It was discovered that this only happens when the client goes through the DPS server which had been set into place for testing purposes.  It was provided that previous to having the DPS in place these same clients DID get the password reset prompt when they connected directly to the DS servers.

In testing with ldapsearch (as a user whose password was reset) when going through the DPS server the user DOES see the "Password was reset and must be changed" message.  The issue is seen only when the users attempt an SSH login, in which case they do not see the password reset message.

Expected behavior is that a user should see the "Password was reset and must be changed" message when the user's password is reset ("pwdreset" attribute set to "true" in user's entry) and the "pwdMustChange" attribute in the password policy is set to "true" when logging into Native LDAPclients and the authentication request goes through the DPS 11.1.1.5.0 server to the backend DS 11.1.1.5.0 servers.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.