My Oracle Support Banner

OUD 12c - New Password Policy is not Assigned Correctly for User Accounts Existing in Sub-container (Doc ID 2702255.1)

Last updated on FEBRUARY 05, 2021

Applies to:

Oracle Unified Directory - Version 12.2.1.4.0 and later
Information in this document applies to any platform.

Symptoms

Customer created a new virtual attribute to assign a new password policy to accounts existing in a child container which at the parent container level, has a separate virtual attribute to assign a different password policy.

It is not getting assigned to the mentioned accounts.

Reproduction setup:

- Parent OU virtual attribute
./dsconfig -h OUD_HOST -p PORT -D "ROOT_DN" -X create-virtual-attribute --type user-defined
--name "NAME1" --set attribute-type:ds-pwp-password-policy-dn
--set conflict-behavior:real-overrides-virtual --set
value:"PASSWORD POLICY DN1" --set
base-dn:"CONTAINER_DN" --set
filter:"(FILTER)"

- Sub OU Virtual attribute
./dsconfig -h OUD_HOST -p PORT -D "ROOT_DN" -X create-virtual-attribute --type user-defined
--name "NAME2" --set attribute-type:ds-pwp-password-policy-dn
--set conflict-behavior:real-overrides-virtual --set
value:"PASSWORD POLICY DN2" --set
base-dn:"SUB_CONTAINER_DN" --set
filter:"(FILTER)"

- Sub OU incorrect password policy assigned
./ldapsearch -h OUS_HOST -p PORT -D "ROOT_DN" -b "SUB_CONTAINER_DN"
-s sub "FILTER" +
dn: ENTRY_DN
ds-pwp-password-policy-dn: "PASSWORD POLICY DN1"

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.