My Oracle Support Banner

OAM with OVD 11g Login Fails: An incorrect Username or Password was specified | OVD Log: [LDAP: error code 53 - Unable to process the simple bind request because it contained a bind DN but no password, which is forbidden by the server configuration] (Doc ID 1643192.1)

Last updated on AUGUST 18, 2022

Applies to:

Oracle Virtual Directory - Version 11.1.1.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory (OVD) 11g 11.1.1.7.0 integrated with Oracle Access Manager (OAM) 11gR2 11.1.2.2 with OVD as Identity Store which is a join of Oracle Unified Directory (OUD) as primary and bind adapter, and Active Directory (AD) as bind.

When logging into to a protected resource with a user that only has an OUD account, the login is successful.

However, when the user has an OUD account and joined AD account (sAMAccountName=uid), the OAM login fails with:

An incorrect Username or Password was specified

The OVD diagnostic log shows:

[2014-03-28T09:24:57.234-07:00] [octetstring] [ERROR] [OVD-60143] [com.octetstring.vde.backend.jndi.<OUD_ADAPTER>.BackendJNDI] [tid: 29] [ecid: <ECID>]  [#<OUD_ADAPTER>]  Unable to create connection to ldap://<OUD_HOSTNAME>:<PORT> as cn=<USERNAME>,cn=users,dc=<COMPANY>,dc=com..[[
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unable to process the simple bind request because it contained a bind DN but no password, which is forbidden by the server configuration]

And:

[2014-03-28T09:24:57.186-07:00] [octetstring] [TRACE] [] [com.octetstring.vde.router.RoutingRule] [tid: xx] [ecid: <ECID>] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] Rule[OUD User Adapter] dn:cn=<USERNAME>,cn=users,dc=<COMPANY>,dc=com MAPPED TO: cn=<USERNAME>,cn=users,dc=<COMPANY>,dc=com
[2014-03-28T09:24:57.219-07:00] [octetstring] [TRACE] [OVD-20120] [com.octetstring.vde.backend.jndi.<OUD_ADAPTER>.JNDIConnectionPool] [tid: xx] [ecid: <ECID>] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] Expiring pool connection: Handle-4.
[2014-03-28T09:24:57.220-07:00] [octetstring] [TRACE] [] [com.octetstring.vde.backend.jndi.OvdJndiSocket] [tid: xx] [ecid: <ECID>] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] Closing Socket: <OUD_HOSTNAME>:<PORT>
[2014-03-28T09:24:57.221-07:00] [octetstring] [TRACE] [OVD-00617] [com.octetstring.vde.join<JOIN_ADAPTER>JoinViewAdapter] [tid: xx] [ecid: <ECID>] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] Adapter [#<JOIN_ADAPTER>] : Error while trying to bind to adapter <OUD_ADAPTER>: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]. [[


The user has two different passwords - one in OUD and another in AD.  During this test, using the password for AD.  Therefore would expect to see a bind failure for OUD in the logs, and since OUD and AD are both "bind" adapters, then  would expect OVD to try a bind against AD after the bind against OUD failed.  Instead, the bind against OUD fails and OVD does not try a bind against AD.

The OUD user adapter Pass Through (passCredentials) mode is set to Always.  This scenario works when the OUD adapter is set to "BindOnly."  However, need to use pass through of "Always" in order to make the OAM-OIM integration work.

In OVD, the only attributes joined on AD are memberOf, dn, sAMAaccountName and userAccountcontrol.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.