OUD Pass Through Authentication Fails with ldapsearch Error "Result Code: 49 (Invalid Credentials)" and Logs Error "The password provided by the user did not match any password(s) stored in the user's entry"
(Doc ID 2800589.1)
Last updated on DECEMBER 29, 2022
Applies to:
Oracle Unified Directory - Version 11.1.2.3.0 and laterInformation in this document applies to any platform.
Symptoms
Seeing multiple users having login issues. Had setup PTA (Pass Through Authentication) with AD and it is working, but some are having issues. They have tried multiple times on many browsers, but it does not seem to work.
OUD access log file shows below error:
[2021-07-15T12:30:50.394-06:00] [OUD] [TRACE] [OUD-24641549] [PROTOCOL] [host:<OUD_HOSTNAME>] [nwaddr: <IP ADRESS>].........................................[authDN: cn=<OUD_ADMIN_ID>,cn=Root DNs,cn=config] [etime: 1] BIND
[2021-07-15T12:30:50.394-06:00] [OUD] [TRACE] [OUD-24641548] [PROTOCOL] [host:<OUD_HOSTNAME>] [nwaddr: <IP ADRESS>][...................... [category: REQ] [conn: 7168] [op: 1] [msgID: 2] [bindType: SIMPLE] [dn: cn=<USER_ID>,ou=<OU_ID>,dc=<SUFFIX>] BIND
[2021-07-15T12:30:50.395-06:00] [OUD] [TRACE] [OUD-24641549] [PROTOCOL] [host:<OUD_HOSTNAME>] [nwaddr: <IP ADRESS>]............... [category: RES] [conn: 7168] [op: 1] [msgID: 2] [result: 49] [authFailureID: 196887] [authFailureReason: The password provided by the user did not match any password(s) stored in the user's entry] [etime: 1] BIND
[2021-07-15T12:30:50.396-06:00] [OUD] [TRACE] [OUD-24641551] [PROTOCOL] [host:<OUD_HOSTNAME>] [nwaddr: <IP ADRESS>] [tid: 215] ......[category: REQ] [conn: 7167] [op: 2] [msgID: 3] [base: cn=cn=<USER_ID>,ou=<OU_ID>,dc=<SUFFIX>] [scope: base] [filter: (objectclass=*)] [attrs: orclaccountenabled,objectClass,orclGUID] SEARCH
ERROR
-----------------------
./ldapsearch -h <OUD_HOSTNAME> -p <OUD_NON_SSL_PORT> -D "cn=<USER_ID>,ou=<OU_ID>,dc=<Suffix>" -w <Password> -s sub -b "cn=<USER_ID>,ou=<OU_ID>,dc=<Suffix>" "objectclass=*" dn
The simple bind attempt failed
Result Code: 49 (Invalid Credentials)
STEPS
-----------------------
The issue can be reproduced at will with the following steps:
If for a given PTA enabled user, if his/her password is saved in OUD from AD due to PTA flag set "save-password-on-successful-bind:true", and manipulated at OUD end, this issue will be faced.
Changes
For PTA testing, on OUD node manually changed the password of the PTA enabled suffix user in OUD
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |