OVD 11g 11.1.1.9 With Coordinator Plugin Applied Does Not Return Password Policy Violation Messages. OVD Returns Only "ldap_bind: Invalid credentials (49)" Instead of "ldap_bind: Invalid credentials (49); Password expired" (Doc ID 2255416.1)

Last updated on APRIL 14, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory (OVD) Server 11g 11.1.1.9.0.

Reference Bug 20646557 - OVD 11g not returning password policy violation messages (duplicate of internal Bug 18034988 / OVD bug corresponding to LibOVD internal Bug 17873191).

This fix is already available in OVD Patchset 7 / 11.1.1.9.0, and a backport for OVD 11.1.1.7.0 is also available via one-off Patch 18034988.


However if OVD 11.1.1.9 is configured with the Coordinator Plugin, this fix stops working and password policy supported controls are no longer implemented / do not return the correct password policy message.


Example queries, using unix/Linux OS native / OpenLDAP /usr/bin/ldapsearch, which can return the password policy controls with the -e ppolicy option/argument:

Working search directly to backend non-Oracle LDAP server (e.g., Open LDAP):


As shown, when querying directly to the backend server, or to a plain OVD adapter virtualizing the backend without Coordinator plugin, the result includes the correct/expected "Password expired" message.

But with the Coordinator plugin applied, querying via OVD returns just "Invalid credentials (49)".

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms