OVD 11g 126.96.36.199 With Coordinator Plugin Applied Does Not Return Password Policy Violation Messages. OVD Returns Only "ldap_bind: Invalid credentials (49)" Instead of "ldap_bind: Invalid credentials (49); Password expired"
Last updated on APRIL 14, 2017
Applies to:Oracle Virtual Directory - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
Oracle Virtual Directory (OVD) Server 11g 184.108.40.206.0.
Reference Bug 20646557 - OVD 11g not returning password policy violation messages (duplicate of internal Bug 18034988 / OVD bug corresponding to LibOVD internal Bug 17873191).
This fix is already available in OVD Patchset 7 / 220.127.116.11.0, and a backport for OVD 18.104.22.168.0 is also available via one-off Patch 18034988.
However if OVD 22.214.171.124 is configured with the Coordinator Plugin, this fix stops working and password policy supported controls are no longer implemented / do not return the correct password policy message.
Example queries, using unix/Linux OS native / OpenLDAP /usr/bin/ldapsearch, which can return the password policy controls with the -e ppolicy option/argument:
Working search directly to backend non-Oracle LDAP server (e.g., Open LDAP):
As shown, when querying directly to the backend server, or to a plain OVD adapter virtualizing the backend without Coordinator plugin, the result includes the correct/expected "Password expired" message.
But with the Coordinator plugin applied, querying via OVD returns just "Invalid credentials (49)".
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms