OVD 11g Performance Issue When OVD Receives Err=53, Where an Account is Locked in the Backend Directory | OVD Closes the Connection When LDAP Backend Responds with LDAP error code 53 (Doc ID 1548070.1)

Last updated on JANUARY 06, 2016

Applies to:

Oracle Virtual Directory - Version 11.1.1.6.0 to 11.1.1.7.0 [Release 11g]
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory (OVD) 11g, i.e. 11.1.1.6 or 11.1.1.7, experiencing performance degradation when an err=53 (LDAP error code 53) occurs where an account is locked in the backend directory (e.g., ODSEE 11g).

Or, for example, where OVD with Oracle Internet Directory (OID) as the primary directory and Active Directory (AD) as read only - When a user authenticates with a locked account in OID, it disconnects the bind between OVD and OID for up to 10 seconds.

 

Sample access.log entry:

[2016-01-04T10:28:16.735-08:00] [octetstring] [NOTIFICATION] [OVD-20038] [com.octetstring.accesslog] [tid: 307] [ecid: 0000L8DtPZV7u1PLqeo2yY1MSuAl01dnLV,0] conn=1,132,536 op=11 BIND dn=uid=myuser,ou=people,dc=mycompany,dc=com method=0 version=3
...
[2016-01-04T10:28:26.749-08:00] [octetstring] [NOTIFICATION] [OVD-20039] [com.octetstring.accesslog] [tid: 307] [ecid: 0000L8DtPZV7u1PLqeo2yY1MSuAl01dnLV,0] conn=1,132,536 op=11 RESULT err=53 tag=0 nentries=0 etime={3}

Sample diagnostic.log entry:

[2016-01-04T10:28:26.746-08:00] [octetstring] [ERROR] [OVD-60143] [com.octetstring.vde.backend.jndi.MyAdapter.BackendJNDI] [tid: 307] [ecid: 0000L8DtPZV7u1PLqeo2yY1MSuAl01dnLV,0] [#MyAdapter] Unable to create connection to ldap://[ldaphost.mycompany.com]:1389 as uid=myuser,ou=people,dc=mycompany,dc=com.[[
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Account inactivated. Contact system administrator.]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3160)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
...<etc>...
]]
[2016-01-04T10:28:26.748-08:00] [octetstring] [ERROR] [OVD-60060] [com.octetstring.vde.operation.BindOperation] [tid: 307] [ecid: 0000L8DtPZV7u1PLqeo2yY1MSuAl01dnLV,0] An error occurred.[[
com.octetstring.vde.util.DirectoryException: LDAP Error 53 : [LDAP: error code 53 - Account inactivated. Contact system administrator.]
at com.octetstring.vde.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:1074)
at com.octetstring.vde.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:952)
at com.octetstring.vde.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:425)
...<etc>...
Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Account inactivated. Contact system administrator.]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3160)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2648)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2622)
at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2618)
at javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:192)
at com.octetstring.vde.backend.jndi.JNDIConnectionPool.rebind(JNDIConnectionPool.java:391)
at com.octetstring.vde.backend.jndi.JNDIConnectionPool.getLdapContext(JNDIConnectionPool.java:251)
at com.octetstring.vde.backend.jndi.JNDIConnectionPool.checkOutContext(JNDIConnectionPool.java:181)
at com.octetstring.vde.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:1051)
... 26 more

]]

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms