Unexpected Behavior When Changing Credentials In Java IntialDirContext With OID 11g - Works with a Password Provided, but the User is Also Authenticated with an Empty or no Password
(Doc ID 1596411.1)
Last updated on OCTOBER 25, 2019
Applies to:Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.
Oracle Internet Directory (OID) 11g, i.e., 220.127.116.11.
Binding to OID with an administrative user and searching for the dn of a user. Then updating the Authentication information to match that of the user that the dn search was done on as described in the "Using Different Authentication Information for a Context" documentation. The purpose is to authenticate a user without creating multiple connections to the ldap.
This works as expected if a password is supplied, however if an empty or no password is supplied, the user is authenticated when it should not be.
Already disabled anonymous binds in OID but the issue still exists.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document