My Oracle Support Banner

OUD Pass Through Authentication Fails with ldapsearch Error "Result Code: 49 (Invalid Credentials)" and Logs Error "The password provided by the user did not match any password(s) stored in the user's entry" (Doc ID 2800589.1)

Last updated on AUGUST 30, 2021

Applies to:

Oracle Unified Directory - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

Seeing multiple users having login issues. Had setup PTA (Pass Through Authentication) with AD and it is working, but some are having issues. They have tried multiple times on many browsers, but it does not seem to work.

OUD access log file shows below error:


[2021-07-15T12:30:50.394-06:00] [OUD] [TRACE] [OUD-24641549] [PROTOCOL] [host:<OUD_HOSTNAME>] [nwaddr: <IP ADRESS>].........................................[authDN: cn=<OUD_ADMIN_ID>,cn=Root DNs,cn=config] [etime: 1] BIND

[2021-07-15T12:30:50.394-06:00] [OUD] [TRACE] [OUD-24641548] [PROTOCOL] [host:<OUD_HOSTNAME>] [nwaddr: <IP ADRESS>][...................... [category: REQ] [conn: 7168] [op: 1] [msgID: 2] [bindType: SIMPLE] [dn: cn=<USER_ID>,ou=<OU_ID>,dc=<SUFFIX>] BIND

[2021-07-15T12:30:50.395-06:00] [OUD] [TRACE] [OUD-24641549] [PROTOCOL] [host:<OUD_HOSTNAME>] [nwaddr: <IP ADRESS>]............... [category: RES] [conn: 7168] [op: 1] [msgID: 2] [result: 49] [authFailureID: 196887] [authFailureReason: The password provided by the user did not match any password(s) stored in the user's entry] [etime: 1] BIND

[2021-07-15T12:30:50.396-06:00] [OUD] [TRACE] [OUD-24641551] [PROTOCOL] [host:<OUD_HOSTNAME>] [nwaddr: <IP ADRESS>] [tid: 215] ......[category: REQ] [conn: 7167] [op: 2] [msgID: 3] [base: cn=cn=<USER_ID>,ou=<OU_ID>,dc=<SUFFIX>] [scope: base] [filter: (objectclass=*)] [attrs: orclaccountenabled,objectClass,orclGUID] SEARCH

ERROR
-----------------------
./ldapsearch -h <OUD_HOSTNAME> -p <OUD_NON_SSL_PORT> -D "cn=<USER_ID>,ou=<OU_ID>,dc=<Suffix>" -w <Password> -s sub -b "cn=<USER_ID>,ou=<OU_ID>,dc=<Suffix>" "objectclass=*" dn
The simple bind attempt failed
Result Code: 49 (Invalid Credentials)




STEPS
-----------------------
The issue can be reproduced at will with the following steps:
  If for a given PTA enabled user, if his/her password is saved in OUD from AD due to PTA flag set "save-password-on-successful-bind:true", and manipulated at OUD end, this issue will be faced.

Changes

 For PTA testing, on OUD node manually changed the password of the PTA enabled suffix user in OUD

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.