Last updated on MARCH 08, 2017
Applies to:Oracle Virtual Directory - Version 220.127.116.11 and later
Information in this document applies to any platform.
Oracle Virtual Directory (OVD) 11g 18.104.22.168.0 integrated with Oracle Access Manager (OAM) 11gR2 22.214.171.124 with OVD as Identity Store which is a join of Oracle Unified Directory (OUD) as primary and bind adapter, and Active Directory (AD) as bind.
When logging into to a protected resource with a user that only has an OUD account, the login is successful.
However, when the user has an OUD account and joined AD account (sAMAccountName=uid), the OAM login fails with:
The OVD diagnostic log shows:
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unable to process the simple bind request because it contained a bind DN but no password, which is forbidden by the server configuration]
[2014-03-28T09:24:57.219-07:00] [octetstring] [TRACE] [OVD-20120] [com.octetstring.vde.backend.jndi.OUD User Adapter.JNDIConnectionPool] [tid: 29] [ecid: 0000KK9WYlTFw000jzwkno1JDQ2600000v,0] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] Expiring pool connection: Handle-4.
[2014-03-28T09:24:57.220-07:00] [octetstring] [TRACE]  [com.octetstring.vde.backend.jndi.OvdJndiSocket] [tid: 29] [ecid: 0000KK9WYlTFw000jzwkno1JDQ2600000v,0] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] Closing Socket: oudhost.mycompany.com/<IP address>:1389
[2014-03-28T09:24:57.221-07:00] [octetstring] [TRACE] [OVD-00617] [com.octetstring.vde.join.IAM User Adapter.JoinViewAdapter] [tid: 29] [ecid: 0000KK9WYlTFw000jzwkno1JDQ2600000v,0] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] Adapter [#IAM User Adapter] : Error while trying to bind to adapter OUD User Adapter: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]. [[
The user has two different passwords - one in OUD and another in AD. During this test, using the password for AD. Therefore would expect to see a bind failure for OUD in the logs, and since OUD and AD are both "bind" adapters, then would expect OVD to try a bind against AD after the bind against OUD failed. Instead, the bind against OUD fails and OVD does not try a bind against AD.
The OUD user adapter Pass Through (passCredentials) mode is set to Always. This scenario works when the OUD adapter is set to "BindOnly." However, need to use pass through of "Always" in order to make the OAM-OIM integration work.
In OVD, the only attributes joined on AD are memberOf, dn, sAMAaccountName and userAccountcontrol.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms