Hi,
Application
We are using OIM 11gR1 bundled with OAM (Oracle IDM Suite 11.1.1.7). We started facing this strange issue (strange for me). We have a SSO enabled application which returns OAM login page for authentication. LDAPSync is enabled between OIM and OID.
Issue
When user enters the credentials, application is redirected to OIM forgot password instead of returning home page to the user. This user has already logged many times before. This is not change password on first login case.
When we tested ldapbind with the credentials of this user, it is coming as successful. In OIM logs, i see GSL_ACCOUNTLOCKED_EXCP error getting logged. Below is a snippet of error trace.
<Mar 15, 2016 8:48:14 AM EDT> <Warning> <oracle.ods.virtualization.engine.backend.jndi.CHANGELOG_oid1> <LIBOVD-60024> <Connection error: [LD
AP: error code 53 - Password Policy Error :9001: GSL_ACCOUNTLOCKED_EXCP : Your account is locked. Contact your OID administrator.].>
<Mar 15, 2016 8:48:14 AM EDT> <Error> <oracle.ods.virtualization.engine.backend.jndi.CHANGELOG_oid1.BackendJNDI> <LIBOVD-60143> <[#changelog
_oid1] Unable to create connection to ldap://[<host>]:3060 as null.
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Password Policy Error :9001: GSL_ACCOUNTLOCKED_EXCP : Your account is lo
cked. Contact your OID administrator.]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729)
at com.sun.jndi.ldap.LdapCtx.\<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.\<init>(InitialLdapContext.java:134)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:464)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:495)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.\<init>(JNDIConnectionPool.java:157)
at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:988)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:931)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:416)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:251)
at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:221)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:732)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
at oracle.ods.virtualization.engine.chain.plugins.changelog.ChangelogPlugin.get(ChangelogPlugin.java:697)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.plugins.DMSMetrics.MonitorPerformance.get(MonitorPerformance.java:225)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:208)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:353)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:318)
at oracle.ods.virtualization.engine.backend.AdapterServiceInterface.getByAdapter(AdapterServiceInterface.java:585)
at oracle.ods.virtualization.engine.backend.AdapterServiceInterface.get(AdapterServiceInterface.java:456)
at oracle.ods.virtualization.engine.backend.BackendHandler.get(BackendHandler.java:431)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:295)
at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
at oracle.ods.virtualization.engine.chain.plugins.uniqueentry.UniqueEntryPlugin.get(UniqueEntryPlugin.java:133)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
at oracle.ods.virtualization.engine.chain.plugins.mlsfilter.MlsFilter.get(MlsFilter.java:117)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.plugins.genericmapping.GenericMapper.get(GenericMapper.java:257)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.plugins.DMSMetrics.MonitorPerformance.get(MonitorPerformance.java:225)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:208)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:353)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:318)
at oracle.ods.virtualization.engine.chain.GlobalServicesInterface.runGet(GlobalServicesInterface.java:135)
at oracle.ods.virtualization.operation.SearchOperation.process(SearchOperation.java:203)
at oracle.ods.virtualization.operation.SearchOperation.process(SearchOperation.java:47)
at oracle.ods.virtualization.service.DefaultVirtualizationSession.processOperation(DefaultVirtualizationSession.java:384)
at oracle.ods.virtualization.service.DefaultVirtualizationSession.search(DefaultVirtualizationSession.java:173)
at oracle.ods.virtualization.jndi.OVDContext.search(OVDContext.java:430)
at oracle.ods.virtualization.jndi.OVDContext.search(OVDContext.java:330)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.search(LDAPUtil.java:1049)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.getChangelogResults(LDAPDataProvider.java:1657)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.deltaDetect(LDAPDataProvider.java:1614)
at oracle.iam.ldapsync.scheduletasks.membership.LDAPRoleMembershipReconTask.execute(LDAPRoleMembershipReconTask.java:96)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:145)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
>
<Mar 15, 2016 8:48:14 AM EDT> <Error> <oracle.ods.virtualization.exception> <LIBOVD-60143> <{0} Unable to create connection to {1} as {2}.
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Password Policy Error :9001: GSL_ACCOUNTLOCKED_EXCP : Your account is lo
cked. Contact your OID administrator.]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729)
at com.sun.jndi.ldap.LdapCtx.\<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.\<init>(InitialLdapContext.java:134)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:464)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:495)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.\<init>(JNDIConnectionPool.java:157)
at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:988)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:931)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:416)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:251)
at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:221)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:732)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
at oracle.ods.virtualization.engine.chain.plugins.changelog.ChangelogPlugin.get(ChangelogPlugin.java:697)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.plugins.DMSMetrics.MonitorPerformance.get(MonitorPerformance.java:225)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:208)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:353)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:318)
at oracle.ods.virtualization.engine.backend.AdapterServiceInterface.getByAdapter(AdapterServiceInterface.java:585)
at oracle.ods.virtualization.engine.backend.AdapterServiceInterface.get(AdapterServiceInterface.java:456)
at oracle.ods.virtualization.engine.backend.BackendHandler.get(BackendHandler.java:431)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:295)
at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
at oracle.ods.virtualization.engine.chain.plugins.uniqueentry.UniqueEntryPlugin.get(UniqueEntryPlugin.java:133)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
at oracle.ods.virtualization.engine.chain.plugins.mlsfilter.MlsFilter.get(MlsFilter.java:117)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.plugins.genericmapping.GenericMapper.get(GenericMapper.java:257)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.plugins.DMSMetrics.MonitorPerformance.get(MonitorPerformance.java:225)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:208)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:353)
at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:318)
at oracle.ods.virtualization.engine.chain.GlobalServicesInterface.runGet(GlobalServicesInterface.java:135)
at oracle.ods.virtualization.operation.SearchOperation.process(SearchOperation.java:203)
at oracle.ods.virtualization.operation.SearchOperation.process(SearchOperation.java:47)
at oracle.ods.virtualization.service.DefaultVirtualizationSession.processOperation(DefaultVirtualizationSession.java:384)
at oracle.ods.virtualization.service.DefaultVirtualizationSession.search(DefaultVirtualizationSession.java:173)
at oracle.ods.virtualization.jndi.OVDContext.search(OVDContext.java:430)
at oracle.ods.virtualization.jndi.OVDContext.search(OVDContext.java:330)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.search(LDAPUtil.java:1049)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.getChangelogResults(LDAPDataProvider.java:1657)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.deltaDetect(LDAPDataProvider.java:1614)
at oracle.iam.ldapsync.scheduletasks.membership.LDAPRoleMembershipReconTask.execute(LDAPRoleMembershipReconTask.java:96)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:145)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
>
<Mar 15, 2016 8:48:14 AM EDT> <Error> <oracle.iam.platform.entitymgr.provider.ldap> <IAM-0042016> <An error occurred while getting the chang
e log from LDAP - {0}
javax.naming.OperationNotSupportedException: Error: UNWILLING_TO_PERFORM
LDAP Error 53 : [LDAP: error code 53 - Password Policy Error :9001: GSL_ACCOUNTLOCKED_EXCP : Your account is locked. Contact your OID admini
strator.] [Root exception is oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryExcep
tion: LDAP Error 53 : [LDAP: error code 53 - Password Policy Error :9001: GSL_ACCOUNTLOCKED_EXCP : Your account is locked. Contact your OID
administrator.]]
at oracle.ods.virtualization.jndi.OVDUtil.mapErrorCode(OVDUtil.java:175)
at oracle.ods.virtualization.jndi.OVDContext.search(OVDContext.java:440)
at oracle.ods.virtualization.jndi.OVDContext.search(OVDContext.java:330)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.search(LDAPUtil.java:1049)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.getChangelogResults(LDAPDataProvider.java:1657)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.deltaDetect(LDAPDataProvider.java:1614)
at oracle.iam.ldapsync.scheduletasks.membership.LDAPRoleMembershipReconTask.execute(LDAPRoleMembershipReconTask.java:96)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:145)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused By: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 5
3 : [LDAP: error code 53 - Password Policy Error :9001: GSL_ACCOUNTLOCKED_EXCP : Your account is locked. Contact your OID administrator.]
In weblogic console where my application is deployed, i can see all the users. Also, i can see the users in OIM weblogic console. So, i assume, the provider configuration is correctly connecting to LDAP. Any help is appreciated.
Regards,
Sai