Wednesday, July 29, 2009

WebLogic 10 Active Directory Authentication Provider Bug


This is a simple symptom-cause-solution blog entry only. I hope these blogs will help fellow administrators.

Symptom

With an Active Directory Authenticator configured, if a user logs in once with incorrect credentials further attempts to log in will fail, even with the correct username and password (until the server is restarted). If the user continues to login with correct credentials, WebLogic will eventually lockout the account.

Cause

This is a known bug for WebLogic 10 MP1.
During authentication the AD provider binds twice using the same LDAP connection, once with the username password being authenticated, and once with the credentials supplied when you configure the LDAP provider. If authentication fails, the second binding doesn’t happen, and the unauthenticated LDAP connection is returned to the internal LDAP connection pool. This poses a problem when later trying to authenticate and the unauthenticated LDAP connection is retrieved from the pool...
-Cobbie Behrend (Source: Bastion)

Solution

Contact Oracle for a WebLogic patch, or upgrade to a later service pack.

Note to Vignette users: If you encounter this problem with VCM 7.6, Vignette will supply SP1 to fix the issue.

References

No comments:

Post a Comment