My Oracle Support Banner

OUD Pass Through Authentication Fails with ldapsearch Error "Result Code: 49 (Invalid Credentials)" and Logs Error "The password provided by the user did not match any password(s) stored in the user's entry" (Doc ID 2800589.1)

Last updated on DECEMBER 29, 2022

Applies to:

Oracle Unified Directory - Version and later
Information in this document applies to any platform.


Seeing multiple users having login issues. Had setup PTA (Pass Through Authentication) with AD and it is working, but some are having issues. They have tried multiple times on many browsers, but it does not seem to work.

OUD access log file shows below error:

[2021-07-15T12:30:50.394-06:00] [OUD] [TRACE] [OUD-24641549] [PROTOCOL] [host:<OUD_HOSTNAME>] [nwaddr: <IP ADRESS>].........................................[authDN: cn=<OUD_ADMIN_ID>,cn=Root DNs,cn=config] [etime: 1] BIND

[2021-07-15T12:30:50.394-06:00] [OUD] [TRACE] [OUD-24641548] [PROTOCOL] [host:<OUD_HOSTNAME>] [nwaddr: <IP ADRESS>][...................... [category: REQ] [conn: 7168] [op: 1] [msgID: 2] [bindType: SIMPLE] [dn: cn=<USER_ID>,ou=<OU_ID>,dc=<SUFFIX>] BIND

[2021-07-15T12:30:50.395-06:00] [OUD] [TRACE] [OUD-24641549] [PROTOCOL] [host:<OUD_HOSTNAME>] [nwaddr: <IP ADRESS>]............... [category: RES] [conn: 7168] [op: 1] [msgID: 2] [result: 49] [authFailureID: 196887] [authFailureReason: The password provided by the user did not match any password(s) stored in the user's entry] [etime: 1] BIND

[2021-07-15T12:30:50.396-06:00] [OUD] [TRACE] [OUD-24641551] [PROTOCOL] [host:<OUD_HOSTNAME>] [nwaddr: <IP ADRESS>] [tid: 215] ......[category: REQ] [conn: 7167] [op: 2] [msgID: 3] [base: cn=cn=<USER_ID>,ou=<OU_ID>,dc=<SUFFIX>] [scope: base] [filter: (objectclass=*)] [attrs: orclaccountenabled,objectClass,orclGUID] SEARCH

./ldapsearch -h <OUD_HOSTNAME> -p <OUD_NON_SSL_PORT> -D "cn=<USER_ID>,ou=<OU_ID>,dc=<Suffix>" -w <Password> -s sub -b "cn=<USER_ID>,ou=<OU_ID>,dc=<Suffix>" "objectclass=*" dn
The simple bind attempt failed
Result Code: 49 (Invalid Credentials)

The issue can be reproduced at will with the following steps:
  If for a given PTA enabled user, if his/her password is saved in OUD from AD due to PTA flag set "save-password-on-successful-bind:true", and manipulated at OUD end, this issue will be faced.


 For PTA testing, on OUD node manually changed the password of the PTA enabled suffix user in OUD


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.