My Oracle Support Banner

OVD 11g 11.1.1.9 With Coordinator Plugin Applied Does Not Return Password Policy Violation Messages. OVD Returns Only "ldap_bind: Invalid credentials (49)" Instead of "ldap_bind: Invalid credentials (49); Password expired" (Doc ID 2255416.1)

Last updated on MARCH 12, 2021

Applies to:

Oracle Virtual Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory (OVD) Server 11g 11.1.1.9.0.

Reference Bug 20646557 - OVD 11g not returning password policy violation messages (duplicate of internal Bug 18034988 / OVD bug corresponding to LibOVD internal Bug 17873191).

This fix is already available in OVD Patchset 7 / 11.1.1.9.0, and a backport for OVD 11.1.1.7.0 is also available via one-off Patch 18034988.


However if OVD 11.1.1.9 is configured with the Coordinator Plugin, this fix stops working and password policy supported controls are no longer implemented / do not return the correct password policy message.


Example queries, using unix/Linux OS native / OpenLDAP /usr/bin/ldapsearch, which can return the password policy controls with the -e ppolicy option/argument:

Working search directly to backend non-Oracle LDAP server (e.g., Open LDAP):


As shown, when querying directly to the backend server, or to a plain OVD adapter virtualizing the backend without Coordinator plugin, the result includes the correct/expected "Password expired" message.

But with the Coordinator plugin applied, querying via OVD returns just "Invalid credentials (49)".

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.