My Oracle Support Banner

OVD 11g Returns Inappropriate Ldap Error Code Error 49 - Invalid Credentials Or Does Not Include Additional Information (Doc ID 2158746.1)

Last updated on APRIL 28, 2021

Applies to:

Oracle Virtual Directory - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

On : 11g version, Virtual Directory Server 

ACTUAL BEHAVIOR
---------------
OVD Returns inappropriate ldap error code or does not include a additional information

OVD is configured as a join adapter with an OID adapter and AD adapter as the backend.

When attempting to bind as a user that is disabled in OID, OVD will always return [Error 49 - Invalid Credentials] regardless what the OID backend backend response is.


EXPECTED BEHAVIOR
-----------------------
OVD should return the same message as OID when a disabled user attempts to bind.

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Example 1: OID User Enabled, Bind to OVD with correct username and correct password
ldapsearch -x -LLL -o ldif-wrap=no -h <OVD_HOSTNAME> -p 6501 -D "uid=USERNAME,cn=Users,cn=ACCOUNTS,dc=<COMPANY_NAME_NET>,dc=com,dc=<COMPANY_NAME>,dc=dev" -w '<PASSWORD>' -b "dc=<COMPANY_NAME>,dc=com" "uid=<USERNAME>" cn
dn: uid=USERNAME,cn=Users,cn=ACCOUNTS,dc=COMPANYnet,dc=com,dc=external,dc=<COMPANY_NAME>,dc=com
cn: John S Test

2. Example 2: OID User Enabled, Bind to OID with correct username and correct password
ldapsearch -x -LLL -o ldif-wrap=no -h <OID_HOSTNAME> -p 3060 -D "uid=<USERNAME>,cn=Users,cn=ACCOUNTS,dc=<COMPANY_NAME_NET>,dc=com" -w '<PASSWORD>' -b "dc=<COMPANY_NAME_NET>,dc=com" "uid=<USERNAME>" uid
dn: uid=<USERNAME>,cn=Users,cn=ACCOUNTS,dc=<COMPANY_NAME_NET>,dc=com
uid: <USERNAME>

3. Example 3: OID User Disabled, Bind to OVD with correct username and correct password.
ldapsearch -x -LLL -o ldif-wrap=no -h <OVD_HOSTNAME> -p 6501 -D "uid=<USERNAME>,cn=Users,cn=ACCOUNTS,dc=<COMPANY_NAME_NET>,dc=com,dc=<COMPANY_NAME>,dc=dev" -w '<PASSWORD>' -b "dc=<COMPANY_NAME>,dc=com" "uid=<USERNAME>" cn
ldap_bind: Invalid credentials (49)

4. Example 4: OID User Disabled, Bind to OID with correct username and correct password.
ldapsearch -x -LLL -o ldif-wrap=no -h <OID_HOSTNAME> -p 3060 -D "uid=<USERNAME>,cn=Users,cn=ACCOUNTS,dc=<COMPANY_NAME_NET>,dc=com" -w '<PASSWORD>' -b "dc=<COMPANY_NAME_NET>,dc=com" "uid=<USERNAME>" cn
ldap_bind: Server is unwilling to perform (53)
additional info: Account Policy Error :9050: GSL_ACCTDISABLED_EXCP :Your Account has been disabled. Please contact the administrator.


BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, users cannot determine when their account is disabled.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.