Knowledge Base : How to fix an ORA-28043 error between Oracle database and LDAP directory

Sometimes, an Oracle database loses the connection to it’s LDAP (OID) directory after time.

Users cannot login any more using Enterprise User Security (user accounts in LDAP) and get this error message:


The underlying reason is that the Oracle database uses a user account to connect to the LDAP directory server. This user account has been provided at the time the database directory connection was configured initially with Database Configuration Assistant.

Usually, this user account  would be set up without any password expiration rules in place in the directory. If password expiration is configured, though, the password has to be reset in the LDAP server and in the database LDAP configuration periodically.

Once the password is expired, it can be reset to re-enable the database directory integration.

$ dbca -silent -configureDatabase -sourceDB orcl -unregisterWithDirService true -dirServiceUserName cn=orcladmin -dirServicePassword ****** -walletPassword ******
$ dbca -silent -configureDatabase -sourceDB orcl -registerWithDirService true -dirServiceUserName cn=orcladmin -dirServicePassword ****** -walletPassword ******

You can also check this beforehand:

$ ldapbind -h oidserver -p 3060 -D cn=ORCL,cn=OracleContext,DC=ppl,DC=com -w Z8p9a1j1 
ldap_bind: Invalid credentials 
ldap_bind: additional info: Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired. 
Please contact the Administrator to change your password.