OVD 11g With Coordinator Plugin Applied Does Not Return Password Policy Violation Messages. OVD Returns Only "ldap_bind: Invalid credentials (49)" Instead of "ldap_bind: Invalid credentials (49); Password expired"

(Doc ID 2255416.1)

Last updated on APRIL 14, 2017

Applies to:

Oracle Virtual Directory - Version and later
Information in this document applies to any platform.


Oracle Virtual Directory (OVD) Server 11g

Reference Bug 20646557 - OVD 11g not returning password policy violation messages (duplicate of internal Bug 18034988 / OVD bug corresponding to LibOVD internal Bug 17873191).

This fix is already available in OVD Patchset 7 /, and a backport for OVD is also available via one-off Patch 18034988.

However if OVD is configured with the Coordinator Plugin, this fix stops working and password policy supported controls are no longer implemented / do not return the correct password policy message.

Example queries, using unix/Linux OS native / OpenLDAP /usr/bin/ldapsearch, which can return the password policy controls with the -e ppolicy option/argument:

Working search directly to backend non-Oracle LDAP server (e.g., Open LDAP):

As shown, when querying directly to the backend server, or to a plain OVD adapter virtualizing the backend without Coordinator plugin, the result includes the correct/expected "Password expired" message.

But with the Coordinator plugin applied, querying via OVD returns just "Invalid credentials (49)".




Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms