E-LDAP: PT 8.55 LDAP Code Not Looping Through Multiple Domains
Last updated on APRIL 18, 2018
Applies to:PeopleSoft Enterprise PT PeopleTools - Version 8.56 and later
Information in this document applies to any platform.
LDAP authentication giving Invalid Username\password with the Network ID exists in multiple domains
Upgrading to PT 8.55.21 and PT 8.56
LDAP authentication giving Invalid Username\password with the Network ID exists in multiple domains.
Customer Network ID's are unique by domain\username. For instance domain1\username and domain2\username. After upgrading from 8.55.11 to 8.55.21 and 8.56.06 tools and users that have a username that exists in two domains are now getting authenticated and are getting the error Invalid
Username\password. After doing a trace within the code we are finding that when username (from domain1) logs into the system, the LDAP SEARCH code is validating against username in domain2 and therefore the user is getting error because the password for domain1\username doesn't equal the
password for domain2\username.
LDAP Error Code : 49
The issue can be reproduced at will with the following steps:
1. Setup LDAP authentication with one map and multiple LDAP servers.
2. User logs in with LDAP password but because there are similar LDAP users IDs in different locations, domain1 and domain2, the users have different passwords. The user from domain2 hits the domain1 LDAP server first, but instead of the code looping and checking the domain1 server, it fails the login and exits the code.
This was working correctly in PT 8.55.11
The issue has the following business impact:
Due to this issue, users cannot login via LDAP authentication consistently.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms