DBMS_LDAP Compare Code Returns "ORA-31202: DBMS_LDAP: LDAP client/server error: No such attribute" When Used To Compare An AD Synchronized Account's Userpassword Against AD (Via External Auth Plugin)
(Doc ID 823461.1)
Last updated on AUGUST 11, 2021
Applies to:Oracle Internet Directory - Version 9.0.4 to 10.1.4.3 [Release 10gR1 to 10gR3]
Information in this document applies to any platform.
Using dbms_ldap compare code from <Note 820206.1> to compare userpassword for an Active Directory (AD) synchronized user with no password stored in Oracle Internet Directory (OID), using the external authentication plugin. The external authentication plugin works fine in oiddas for all AD sync'd users, both via command line ldapbinds and via oiddas logins.
The compare sdk code works fine while authenticating as root/super cn=orcladmin, or as the AD sync'd user/DN him/herself.
However, when authenticating as the realm orcladmin user (cn=orcladmin,cn=users,<realm>), the code fails with:
Similarly, an ldapcompare command line test while authenticating as the same realm orcladmin fails with same error:
<orcladmin_password> -b "cn=<AD USER>,cn=users,dc=<COMPANY>,dc=com" -a userPassword -v <AD_password>
ldap_compare_s: No such attribute
After enabling full OID debugging and reproducing the problem, the log shows the following:
Where RESULT = 16 above is the same ldap error code returned from dbms/ldapcompare before, against the cn=oracleusersecurityadmins group
(reference OID Admin Guide):
(Error) 16—LDAP_NO_SUCH_ATTRIBUTE = Attribute does not exist in the entry specified in the request.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document