Hi Scotti et al...
Yes - Oracle has promised to fix the 10 character password limit for some time now. I talked to them about this at least 2 years ago, and in fact I believe that its under my name that is sponsoring the Quest bug ! I certainly hope that they do, since integrating directly to LDAP works pretty well - BUT its a major data structure change that will have to occur to a very deep part of the system code.
On the subject of 9.2 - I really expected that applications release to have been launched at Collaborate, since they promised 9.2 at "some point in FY15". The 9.1.5.x tools release coming out last December seemed to support that BUT almost certainly would have ensured that the 10 character password limit has NOT been fixed for 9.2. However, we didn't see any information on 9.2 at all in Vegas - which both concerns me and provides some hope for the 10char password expansion. The next big event will be Openworld - which would absolutely make marketing sense for Oracle to start releasing JDE products at that event from now on AND is at the end of their FY (October 2015)- BUT to release 9.2 applications, we would have to have 9.2 Tools Release released ahead of time. Why ? Because Tools Releases have always supported prior-supported versions, and JDE would certainly want to "bed in" their Tools Release before releasing the functional changes.
Secondly, the 10 character password limitation is NOT viewed as a major "issue" at Oracle - since it supports the sale of the Oracle Security products - such as OAM. The answer from oracle has been "if you want to get around the issue, then buy OAM". So I don't see the pressure being applied at Oracle to resolve this.
Now, I am probably wrong about this - I hope I am wrong, and at Openworld they release a 9.2 Tools Release AND a 9.2 Application and they have the 10 character password limit removed and all the users rejoice and praise the great Oracle. I will be the first in line to rejoice ! But I'm also a realist when it comes to these kind of "announcements" - and since they haven't announced anything yet - my recommendation to customers is to look at alternatives so they can both correctly secure their implementation AND ensure they deliver SSO to their end-users.