Creating OID 10g Custom Password Policy for a Container fails with LDAP: error code 53 - "Password Policy Error: 9017"

(Doc ID 443561.1)

Last updated on OCTOBER 13, 2016

Applies to:

Oracle Internet Directory - Version 10.1.4.0.1 and later
Information in this document applies to any platform.

Symptoms

1. )
Following Oracle Internet Directory Administrator's Guide
10g (10.1.4.0.1) > 19.2.1.3 Creating Password Policies by Using Oracle Directory Manager
to create a Custom password policy for a container can fail with LDAP: error code 53

for example:

1.a.)
Open Oracle Directory Manager, login as cn=orcladmin
On the left side, expand
    -Oracle Internet Directory Servers
        -orcladmin@<host>:<port>
            - Password Policy Management
Click "cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=oracle,dc=com" 


1.b.)
On the right side, click "Password Policy for Realm dc=oracle,dc=com"
Right click on it and choose "Create like". A dialog box is opened.
In General tab, check "Enable OID Password Policy"
In the "Display Name" field, enter "Password Policy for test" or something else such as to
personalise this.
Enter other settings in related tabs: "Account Lockout" "IP Lockout" "Password Syntax"
On the Effective Subtree tab, click ADD and in the second dialog box that is opened, use the Browse button to choose the container for which we intend to define the password policy.
For example, for "Root of Subtree: " choose "cn=local,cn=Users,dc=oracle,dc=com"
Click OK
This will fail with the following error:

Modify Failed,
Host='<oid_host>'
Details
[LDAP: error code 53 - Password Policy Error : 9017:
GSL_EC_PWDPOLSUBENTINV: The pwdPolicySubentry provided is invalid]


Click OK to close this.

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms