Unexpected Behavior When Changing Credentials In Java IntialDirContext With OID 11g - Works with a Password Provided, but the User is Also Authenticated with an Empty or no Password (Doc ID 1596411.1)

Last updated on OCTOBER 11, 2016

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.

Goal

Oracle Internet Directory (OID) 11g, i.e., 11.1.1.5.

Binding to OID with an administrative user and searching for the dn of a user.  Then updating the Authentication information to match that of the user that the dn search was done on as described in the "Using Different Authentication Information for a Context" documentation.  The purpose is to authenticate a user without creating multiple connections to the ldap.

This works as expected if a password is supplied, however if an empty or no password is supplied, the user is authenticated when it should not be.

Already disabled anonymous binds in OID but the issue still exists.


 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms