OVD 11g: OID LDAP Password Policy Not Working Correctly With OVD Join Adapter - The OID pwdfailuretime Attribute is Being Updated Twice / With Two Values When the User Enters an Incorrect / Wrong Password
(Doc ID 2386487.1)
Last updated on DECEMBER 02, 2019
Applies to:Oracle Virtual Directory - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
Oracle Virtual Directory (OVD) 11g, e.g., 18.104.22.168.0 or higher.
Authenticating through OVD join adapter with one Ldap server (Oracle Internet Directory / OID) and one or more LDAP (Microsoft Active Directory / MS AD) adapters as members of the join adapter.
The OID password policy is set to be blocked after three incorrect authentication attempts.
If the OID user inserts an incorrect password one time, using the OVD join adapter DN, the pwdfailuretime attribute in OID password policy increasing by two (2) counts, not by one as it should.
Expected behavior is to have pwdfailuretime incremented by one (1) count only.
Steps to Reproduce:
1. Setup OID/LDAP adapter.
2. Setup AD/LDAP adapter.
3. Setup Join adapter and using both LDAP adapters set in 1 and 2, setting OID as Primary adapter.
4. Test at command line as follow:
a. Ldapbind command thru OVD/Join adapter with incorrect password:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document