OVD 11g 126.96.36.199 With Coordinator Plugin Applied Does Not Return Password Policy Violation Messages. OVD Returns Only "ldap_bind: Invalid credentials (49)" Instead of "ldap_bind: Invalid credentials (49); Password expired"
(Doc ID 2255416.1)
Last updated on MARCH 12, 2021
Applies to:Oracle Virtual Directory - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
Oracle Virtual Directory (OVD) Server 11g 184.108.40.206.0.
Reference Bug 20646557 - OVD 11g not returning password policy violation messages (duplicate of internal Bug 18034988 / OVD bug corresponding to LibOVD internal Bug 17873191).
This fix is already available in OVD Patchset 7 / 220.127.116.11.0, and a backport for OVD 18.104.22.168.0 is also available via one-off Patch 18034988.
However if OVD 22.214.171.124 is configured with the Coordinator Plugin, this fix stops working and password policy supported controls are no longer implemented / do not return the correct password policy message.
Example queries, using unix/Linux OS native / OpenLDAP /usr/bin/ldapsearch, which can return the password policy controls with the -e ppolicy option/argument:
Working search directly to backend non-Oracle LDAP server (e.g., Open LDAP):
As shown, when querying directly to the backend server, or to a plain OVD adapter virtualizing the backend without Coordinator plugin, the result includes the correct/expected "Password expired" message.
But with the Coordinator plugin applied, querying via OVD returns just "Invalid credentials (49)".
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document