My Oracle Support Banner

OVD 11g With Coordinator Plugin Applied Does Not Return Password Policy Violation Messages. OVD Returns Only "ldap_bind: Invalid credentials (49)" Instead of "ldap_bind: Invalid credentials (49); Password expired" (Doc ID 2255416.1)

Last updated on APRIL 27, 2021

Applies to:

Oracle Virtual Directory - Version and later
Information in this document applies to any platform.


Oracle Virtual Directory (OVD) Server 11g

Reference Bug 20646557 - OVD 11g not returning password policy violation messages (duplicate of internal Bug 18034988 / OVD bug corresponding to LibOVD internal Bug 17873191).

This fix is already available in OVD Patchset 7 /, and a backport for OVD is also available via one-off Patch 18034988.

However if OVD is configured with the Coordinator Plugin, this fix stops working and password policy supported controls are no longer implemented / do not return the correct password policy message.

Example queries, using unix/Linux OS native / OpenLDAP /usr/bin/ldapsearch, which can return the password policy controls with the -e ppolicy option/argument:

Working search directly to backend non-Oracle LDAP server (e.g., Open LDAP):

As shown, when querying directly to the backend server, or to a plain OVD adapter virtualizing the backend without Coordinator plugin, the result includes the correct/expected "Password expired" message.

But with the Coordinator plugin applied, querying via OVD returns just "Invalid credentials (49)".




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.