OrclActiveEndDate Attribute Does Not Affect SSO or OID Login (Doc ID 266709.1)

Last updated on JULY 01, 2016

Applies to:

Oracle Internet Directory - Version 9.0.4 to 10.1.2.3 [Release 10gR1 to 10gR2]
Oracle Application Server Single Sign-On - Version 9.0.4 to 10.1.2.3 [Release 10gR1 to 10gR2]
Information in this document applies to any platform.
***Checked for relevance on 20-May-2013***


Goal

Setting OrclActiveEndDate attribute to automatically disable a users account once a specified date has been passed has no effect on SSO logins or OID binds

This is implemented in Oracle Single Sign-On (OSSO) version 10.1.4.x. In this case the user would fail to login to SSO and the following error would be reported in the ssoServer.log:

... [ERROR] AJPRequestHandler-ApplicationServerThread-8 OIDAPIERROR: !!53
oracle.ldap.util.AccountInactiveException: The account is inactive [LDAP: error code 53 - Account Policy Error :9053: GSL_ACCTINACTIVE_EXCP :Your account is not active.]
at oracle.ldap.util.User.authenticateUser(User.java:1317)
at oracle.security.sso.server.ldap.OIDUserRepository.authenticate(OIDUserRepository.java:960)
...

Other possible symptoms:

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms