LDAP OFSAA Users Do Not Authenticate Correctly if Multiple LDAP Directories Are Used (Doc ID 2199836.1)

Last updated on MAY 10, 2017

Applies to:

Oracle Financial Services Analytical Applications Infrastructure - Version 7.3.5.1.0 and later
Information in this document applies to any platform.
Oracle Financial Services Analytical Applications (OFSAA)
Oracle Financial Services Analytical Applications Infrastructure (OFSAAI)

Symptoms

On OFSAAI 7.3.5.1.0, after applying <Patch 21106965> "ADD ABILITY TO CONFIGURE OFSAA WITH MULTIPLE LDAP DIRECTORIES" and setting up with two different LDAP directories, the LDAP users from the second added directory does not appear to be properly validating their OFSAA logins if incorrect server is selected.

ACTUAL BEHAVIOR

It seems users recognized by LDAP can login only with AD password, but all other users setup in CSSMS_USR_PROFILE can login with any password, and date is not even checked for expiry etc.  Have a merger between for two different LDAP directories.  With a original LDAP user ID, if selected, it validates, but if choosing user from second LDAP directory, it allows login with any password.

EXPECTED BEHAVIOR
Expect LDAP users from both LDAP directories to properly validate with correct password when logging into OFSAA.

The issue can be reproduced at will with the following steps:
1. Login with wrong password for second LDAP user. Find successful login.
2. Login with wrong password for second LDAP user. Find invalid username/password error.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms