OVD 11g: OID LDAP Password Policy Not Working Correctly With OVD Join Adapter - The OID pwdfailuretime Attribute is Being Updated Twice / With Two Values When the User Enters an Incorrect / Wrong Password (Doc ID 2386487.1)

Last updated on JUNE 04, 2024

Applies to:

Symptoms

Oracle Virtual Directory (OVD) 11g, e.g., 11.1.1.5.0 or higher.

Authenticating through OVD join adapter with one Ldap server (Oracle Internet Directory / OID) and one or more LDAP (Microsoft Active Directory / MS AD) adapters as members of the join adapter.

The OID password policy is set to be blocked after three incorrect authentication attempts.

If the OID user inserts an incorrect password one time, using the OVD join adapter DN, the pwdfailuretime attribute in OID password policy increasing by two (2) counts, not by one as it should.

Expected behavior is to have pwdfailuretime incremented by one (1) count only.

Steps to Reproduce:
1. Setup OID/LDAP adapter.

2. Setup AD/LDAP adapter.

3. Setup Join adapter and using both LDAP adapters set in 1 and 2, setting OID as Primary adapter.

4. Test at command line as follow:

a. Ldapbind command thru OVD/Join adapter with incorrect password:

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.