OVD 10g Non-Admin Authenticated Search Fails: LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection.
(Doc ID 1160613.1)
Last updated on MAY 31, 2024
Applies to:
Oracle Virtual Directory - Version 10.1.4 to 10.1.4.3 [Release 10gR3]Information in this document applies to any platform.
Symptoms
Oracle Virtual Directory (OVD) 10g (i.e., 10.1.4.3).
Using simple ldapsearch scripts to monitor the Adapters in OVD.
When authenticating as the OVD Admin account, the scripts' ldapsearches work fine.
But, for security reasons, a new user in Active Directory (AD) was setup and ACLs configured for each Adapter using this user and the correct permissions to bind and search.
The bind and search appear to be successful, as an object match with attributes is returned, but at the tail end of the successful process, the following below error is thrown by the OVD Server:
The vde.log.exception file shows:
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772 ];
remaining name 'DC=<DOMAIN>,DC=<COMPANY>,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3028)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1811)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1734)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:328)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:313)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:238)
at com.octetstring.vde.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:369)
at com.octetstring.vde.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:222)
at com.octetstring.vde.backend.jndi.JNDIEntrySet.getNext(JNDIEntrySet.java:335)
at com.octetstring.vde.chain.ChainEntrySet.getNext(ChainEntrySet.java:108)
at com.octetstring.vde.operation.SearchOperation.perform(SearchOperation.java:609)
at com.octetstring.vde.MessageHandler.doSearch(MessageHandler.java:543)
at com.octetstring.vde.MessageHandler.answerRequest(MessageHandler.java:162)
at com.octetstring.vde.WorkThread.run(WorkThread.java:89)
Bypassing OVD and searching directly against AD with the same account works and the error does not reproduce.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |