LDAP Configuration Changed during 11.2.3.3.0 Exadata Patching (Doc ID 1642662.1)

Last updated on APRIL 04, 2014

Applies to:

Linux OS - Version Oracle Linux 5.8 with Unbreakable Enterprise Kernel [2.6.39] and later
Information in this document applies to any platform.
When patching to 11.2.3.3.0, the /etc/ ldap.conf and other authentication files are modified.
This change in behavior is part of a security enhancement.

The following lines are appended to your ldap.conf file.

# GEN008020
tls_checkpeer yes
# GEN008040
tls_crlcheck all

FIPS 140-2 approved hashing has also been added to the pam functionality.

Symptoms

 If you have LDAP setup on your Linux node and you are not able to log in, this may be the issue.

Changes

 Upgrading to 11.2.3.3.0 from 11.2.3.2.1.  Everything worked fine in 11.2.3.2.1.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms