OAM Through OVD 11g Authentication (AD Backend) Fails for Users with Foreign Characters in their Passwords: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]
Last updated on MARCH 08, 2017
Applies to:Oracle Virtual Directory - Version 22.214.171.124 and later
Information in this document applies to any platform.
Oracle Access Manager (OAM) connecting to Oracle Virtual Directory (OVD) 11g which in turn connects to Microsoft (MS) Active Directory (AD) backend LDAP server.
Some of the users fail to authenticate.
OAM diagnostic log shows:
OVD log with Dump Transaction Plugin enabled shows a fewer number of asterisks than the number of characters in the password entered.
For example, the password entered may have say 20 characters, but OVD log shows only 9 asterisks for it:
[2015-09-21T09:48:45.696+02:00] [octetstring] [NOTIFICATION]  [com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid: 150] [ecid: 0000Kzis5rREoIK6yVEgMG1Lw^j20004oA,0] !BIND Results: (Transaction#AD_Users.Dump After.736410) FALSE![[
com.octetstring.vde.util.DirectoryException: LDAP Error 49 : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1 ]
Whereas for the users with working passwords, the same number or characters in the password is correctly represented in the OVD log with the same number of asterisks.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms