OVD 11g 11.1.1.7 ODSM Interface Deletes the Ping BIND Password During Any Adapter Change

(Doc ID 1983467.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory (OVD) 11g 11.1.1.7.0 with Oracle Directory Services Manager (ODSM).

An OVD LDAP adapter is configured to use the LDAP Ping BINDDN and BIND password.

When modifying that adapter, and not retyping or re-entering the password, at saving the changes the PingBindPassword setting is removed from the adapters.os_xml file.

After that, the BINDs to LDAP checks begin to fail as the LDAP servers do not allow anonymous binds.

The OVD diagnostic.log shows:

[2014-07-08T12:56:46.021-04:00] [octetstring] [WARNING] [] [com.octetstring.vde.backend.jndi.Intranet.HeartBeatThread] [tid: 866] [ecid: 0000KSMt4dA6YNoYCTq2VS1JYE0w005cUP,0] Received exception javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unauthenticated binds are not allowed]

If going back into the adapter and retyping the ping bind password value, the adapters.so_xml file is then updated with the pingbindpassword setting and the binds begin to succeed.

This can be repeated every time the adapter is changed and the ping bind password is not retyped.

The same issue does not occur with the BINDDN value, just the pingbindpass gets removed if it is not retyped.


Tried changing the jdk to 1.7 for both the OVD server and for the WLS Admin and Managed (wls_ods1/ODSM) Servers, but the issue remains.

 

Steps to Reproduce:
1. Setup an LDAP adapters to use LDAP ping binddn and ping bind password.  Verify that the adapter is working.  Output the ping setup from the adapters.os_xml file, e.g., by performing a "grep ping adapters.os_xml".
2. Setup the backend LDAP server to not allow anonymous binds."
3. Using ODSM, modify the adapter to change a setting not related to the password and save the changes.
4. Repeat the "grep ping adapters.os_xml" and notice that the pingbindpass setting is gone.

Workaround:
Retype the ping bind password value on ODSM adapter modify screen each and any time attempting to change the adapter, even if not changing the password.  However, an admin who forgets or is not aware of this behavior can make changes does not realize this happens, so the server eventually (after a couple days) starts filling up the log files with the error every couple of minutes.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms