My Oracle Support Banner

LDAP Configuration Changed during 11.2.3.3.0 Exadata Patching (Doc ID 1642662.1)

Last updated on AUGUST 04, 2018

Applies to:

Linux OS - Version Oracle Linux 5.8 with Unbreakable Enterprise Kernel [2.6.39] and later
Information in this document applies to any platform.
When patching to 11.2.3.3.0, the /etc/ ldap.conf and other authentication files are modified.
This change in behavior is part of a security enhancement.

The following lines are appended to your ldap.conf file.

# GEN008020
tls_checkpeer yes
# GEN008040
tls_crlcheck all

FIPS 140-2 approved hashing has also been added to the pam functionality.

Symptoms

 If you have LDAP setup on your Linux node and you are not able to log in, this may be the issue.

Changes

 Upgrading to 11.2.3.3.0 from 11.2.3.2.1.  Everything worked fine in 11.2.3.2.1.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.