OVD 11g: OID LDAP Password Policy Not Working Correctly With OVD Join Adapter - The OID pwdfailuretime Attribute is Being Updated Twice / With Two Values When the User Enters an Incorrect / Wrong Password

(Doc ID 2386487.1)

Last updated on APRIL 16, 2018

Applies to:

Oracle Virtual Directory - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory (OVD) 11g, e.g., 11.1.1.5.0 or higher.

Authenticating through OVD join adapter with one Ldap server (Oracle Internet Directory / OID) and one or more LDAP (Microsoft Active Directory / MS AD) adapters as members of the join adapter.

The OID password policy is set to be blocked after three incorrect authentication attempts.

If the OID user inserts an incorrect password one time, using the OVD join adapter DN, the pwdfailuretime attribute in OID password policy increasing by two (2) counts, not by one as it should.

Expected behavior is to have pwdfailuretime incremented by one (1) count only.

Steps to Reproduce:
1. Setup OID/LDAP adapter.

2. Setup AD/LDAP adapter.

3. Setup Join adapter and using both LDAP adapters set in 1 and 2, setting OID as Primary adapter.

4. Test at command line as follow:

a. Ldapbind command thru OVD/Join adapter with incorrect password:

 

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms