OIM Password Sync Is Sending Outdated Password

(Doc ID 2355667.1)

Last updated on JANUARY 31, 2018

Applies to:

Identity Manager Connector - Version 9.1.1.5 and later
Information in this document applies to any platform.

Goal

When the OIM AD Password Sync running on a Domain Controllers (DC) is unable to change user password in OIM server, it is stores the password in Active directory for retry. Once the DC can connect to the OIM server the password is then sent to OIM for update. But it may happen that this password is now outdated.
For example, a user tries to change password (suppose password is: Password1) on DC1 and it fails to get updated in OIM. User then tries to change password to a new password say Password2 on DC2 and gets updated successfully in OIM side. Later when DC1 is able to connect to OIM, it send Password1 and user password gets sets to Password1 in OIM.

Now user tries to login and is not able to login using the Password2 since it was changed to Password1. Is there a workaround or solution for this problem?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms