OUD 12c with BP 12.2.1.4.221009 - The Setting "bind-with-dn-requires-password: false" is Not Working as Expected with NPE Error: "...encountered an uncaught exception while processing operation BindOperation" (Doc ID 3015467.1)

Last updated on APRIL 09, 2024

Applies to:

Symptoms

After upgrading OUD to BP 12.2.1.4.221009 and JRE 1.8.0_341 applications performing LDAP binds without password are receiving NPE and the below error in seen in the access logs:

[23/Jan/2023:11:48:58 +0100] DISCONNECT conn=xxxx reason="Server Error" msg="Worker Thread xxx encountered an uncaught exception while processing operation BindOperation(connID=xxxx, opID=0, protocol="LDAPS 3, dn=UID=UID_TEST,dc=SUFFIX, authType=Simple): NullPointerException (AccessLogPublisher.java:1246 TextAccessLogPublisher.java:1347 TextAccessLogPublisher.java:740 AccessLogger.java:788 BindOperationBasis.java:1177 TraditionalWorkerThread.java:166)"

The OUD global configuration is set with bind-with-dn-requires-password:false, and LDAP binds with empty password worked with no issue before upgrade. 
We had to rollback upgrade in production and go back to previous deployed release, i.e. BP 12.2.1.4.211008 with JRE 1.8.0_271, which is working fine for LDAP binds with no password.

The NPE(Null pointer Exception) is triggered when the "log-connection-details" is enabled for file-based-access logger AND the use of "ldapsearch" from either OpenLDAP or OS.  It does NOT occur with the use of "ldapsearch" from OUD.

Customer needs searches to work (with our without a password) as they cannot control the applications that are authenticating directly to the OUD, nor the version of "ldapsearch" command that is used.  The expectation is that no client behavior should be able to trigger a null pointer exception for such a critical piece of infrastructure software.

Errors are recorded on the command line (as shown below) and in the access log (shown above) when applications doing LDAP binds with no password, example:

 $ ldapsearch -xLLLH ldaps://HOSTNAME.DOMAIN:LDAPS_PORT -W -D UID=UID_TEST,dc=SUFFIX -b ""  objectclass=*
Enter LDAP Password:
ldap_bind: Other (e.g., implementation specific) error (80)
        additional info: Worker Thread xx encountered an uncaught exception while processing operation BindOperation(connID=90, opID=0, protocol="LDAPS 3, dn=UID=UID_TEST,dc=SUFFIX, authType=Simple):  NullPointerException (AccessLogPublisher.java:1246 TextAccessLogPublisher.java:1328 TextAccessLogPublisher.java:735 AccessLogger.java:788 BindOperationBasis.java:1174 TraditionalWorkerThread.java:166)

Changes

An upgrade to OUD BP 12.2.1.4.221009 and Java: JRE 1.8.0_341

OUD was rolled back to previous deployed release, i.e. BP 12.2.1.4.211008 with JRE 1.8.0_271, which is working fine for LDAP binds with no password.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.