My Oracle Support Banner

OUD 12c Password Policy Virtual Attribute Is Not Applied After OUD Restart (Doc ID 2468250.1)

Last updated on MARCH 13, 2020

Applies to:

Oracle Unified Directory - Version 12.2.1.3.180626 and later
Information in this document applies to any platform.

Symptoms

1. When applying password policies via a virtual attribute in a cascade structure, the initial application of the virtual attribute results in the password policies being applied correctly.

Level one of cascade structure.   "ou=<TEST_ON2>,dc=<SUFFIX_DN>"

Level two of cascade structure.   "ou=<TEST_OFF2>,ou=<TEST_ON2>,dc=<SUFFIX_DN>"

2. However when the hosting OUD instance is restarted the virtual attribute on the level two now is not working. The accounts on level two now have the password policy from level one applied.

 

Typical configuration for the virtual attributes and password policies.

Level One
/dsconfig -p <OUD_ADMIN_PORT> -h <OUD_HOSTNAME> -D <OUD_ADMIN_ACCOUNT> -j <PASSWORD_FILE> -X create-virtual-attribute \
--name "ThisisNOexpire2" \
--type user-defined \
--set enabled:true \
--set attribute-type:ds-pwp-password-policy-dn \
--set conflict-behavior:real-overrides-virtual \
--set value:"cn=PasswordDoesNotExpire,cn=Password Policies,cn=config" \
--set base-dn:"ou=<TEST_ON2>,dc=<SUFFIX_DN>" \
--set filter:"(objectclass=person)"

Level Two
./dsconfig -p <OUD_ADMIN_PORT> -h <OUD_HOSTNAME> -D <OUD_ADMIN_ACCOUNT> -j <PASSWORD_FILE> -X \
create-virtual-attribute \
--name "Thisisexpire2" \
--type user-defined \
--set enabled:true \
--set attribute-type:ds-pwp-password-policy-dn \
--set conflict-behavior:real-overrides-virtual \
--set value:"cn=PasswordExpire,cn=Password Policies,cn=config" \
--set base-dn:"ou=<TEST_OFF2>,ou=<TEST_ON2>,dc=<SUFFIX_DN>" \
--set filter:"(objectclass=person)"


Changes

The initial application of the virtual attributes results in the password policies being applied.

Restart of the instance.

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.