My Oracle Support Banner

OAM Through OVD 11g Authentication (AD Backend) Fails for Users with Foreign Characters in their Passwords: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials] (Doc ID 2061672.1)

Last updated on AUGUST 18, 2022

Applies to:

Oracle Virtual Directory - Version and later
Information in this document applies to any platform.


Oracle Access Manager (OAM) connecting to Oracle Virtual Directory (OVD) 11g which in turn connects to Microsoft (MS) Active Directory (AD) backend LDAP server.

Some of the users fail to authenticate.

OAM diagnostic log shows:

[2015-09-21T09:48:45.715+02:00] [<OAM_SERVER>] [ERROR] [OAMSSA-20023] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: <ECID>] [APP: <OAM>] [URI: /oam/server/auth_cred_submit] Authentication Failure for user : CN=<USERNAME>,OU=Users,DC=<COMPANY>,DC=com, for idstore <IDSTORE_NAME> with exception oracle.igf.ids.AuthenticationException: Authentication failed for user CN=<USERNAME>,OU=Users,DC=<COMPANY>,DC=com. AdditionalInfo: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials] with primary error message {3}

OVD log with Dump Transaction Plugin enabled shows a fewer number of asterisks than the number of characters in the password entered.

For example, the password entered may have say 20 characters, but OVD log shows only 9 asterisks for it:

[2015-09-21T09:48:45.667+02:00] [octetstring] [NOTIFICATION] [] [com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid: xxx] [ecid:<ECID>] !BIND Operation: (Transaction#<ADAPTER_NAME>.Dump[[
Password: **********!
[2015-09-21T09:48:45.696+02:00] [octetstring] [NOTIFICATION] [] [com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid: xxx] [ecid:<ECID> !BIND Results: (Transaction#<ADAPTER_NAME>.Dump FALSE![[
com.octetstring.vde.util.DirectoryException: LDAP Error 49 : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1 ]

Whereas for the users with working passwords, the same number or characters in the password is correctly represented in the OVD log with the same number of asterisks.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.