OVD 10g Non-Admin Authenticated Search Fails: LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection. (Doc ID 1160613.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Virtual Directory - Version 10.1.4.3.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory (OVD) 10g (i.e., 10.1.4.3).

Using simple ldapsearch scripts to monitor the Adapters in OVD.

When authenticating as the OVD Admin cn=admin account, the scripts' ldapsearches work fine.

But, for security reasons, a new user in Active Directory (AD) was setup and ACLs configured for each Adapter using this user and the correct permissions to bind and search.

The bind and search appear to be successful, as an object match with attributes is returned, but at the tail end of the successful process, the following below error is thrown by the OVD Server:

ldap_search: additional info: LDAP Error 1 : [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772


The vde.log.exception file shows:

[2010-07-26 11:16:51,359] Error from search
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772 ];
remaining name 'DC=mydc,DC=mycompany,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3028)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1811)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1734)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:328)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:313)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:238)
at com.octetstring.vde.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:369)
at com.octetstring.vde.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:222)
at com.octetstring.vde.backend.jndi.JNDIEntrySet.getNext(JNDIEntrySet.java:335)
at com.octetstring.vde.chain.ChainEntrySet.getNext(ChainEntrySet.java:108)
at com.octetstring.vde.operation.SearchOperation.perform(SearchOperation.java:609)
at com.octetstring.vde.MessageHandler.doSearch(MessageHandler.java:543)
at com.octetstring.vde.MessageHandler.answerRequest(MessageHandler.java:162)
at com.octetstring.vde.WorkThread.run(WorkThread.java:89)


Bypassing OVD and searching directly against AD with the same account works and the error does not reproduce.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms