OID 10g ldapcompare and ldapbind using Ext Auth plugins on AIX fail with "UnKnown Error Encountered"
(Doc ID 1253287.1)
Last updated on AUGUST 30, 2023
Applies to:
Oracle Internet Directory - Version 10.1.4.3 and laterInformation in this document applies to any platform.
Symptoms
- ldapcompare and ldapbind to OID using the AD External Authentication plugins fail with:
OID 10.1.4.3 on AIX.
Issue #1:
-----------------------
After a successful WNA login to OIDDAS from a WNA-enabled browser, selecting any tab returns error:
Error encountered while connecting to Directory Server
This is the same as Note: "Accessing Tabs in OIDDAS by WNA Users Fails With "Error connecting to directory service" (Doc ID 313316.1)", however none of those Solutions resolves the problem.
Issue #2:
-----------------------
From a non-WNA enabled browser, for fallback authentication via the external authentication plugin, getting the OID login page, but the login fails and the external auth plug-in does not work.
Ldapbind and ldapcompare tests fail as follows:
$ ldapbind -h <OID HOSTNAME> -p <OID PORT#> -D "cn=<USERNAME>,cn=users,dc=<COMPANY NAME>,dc=com" -w <PASSWORD>
ldap_bind: UnKnown Error Encountered
$ ldapcompare -h <OID HOSTNAME> -p <OID PORT#> -D "cn=orcladmin" -w <ORCLADMIN_PASSWORD> -b "cn=<USERNAME>,cn=users,dc=<COMPANY NAME>,dc=com" -a userPassword -v <USER_PASSWORD_IN_AD>
ldap_compare_s: UnKnown Error Encountered
The ssoServer.log shows:
Wed Aug 14 10:25:47 CDT 2013 [DEBUG] AJPRequestHandler-ApplicationServerThread-9 Authenticating against OID using username/password
Wed Aug 14 10:25:48 CDT 2013 [DEBUG] AJPRequestHandler-ApplicationServerThread-9 OID UtilException
oracle.ldap.util.AuthFailureException: Unable to authenticate user: cn=<USERNAME>,cn=users, dc=<COMPANYNAME>,dc=com [LDAP: error code 73
An OID server debugged log shows:
oidldapd01s14614894.log included in ssodbg.zip
See the following error:
...<snip>...
BEGIN
2013/08/14:10:25:47 * ServerWorker (REG):7
ConnID:108 * mesgID:9 * OpID:8 * OpName:compare
ConnIP:10.111.248.55 ConnDN: orclapplicationcommonname=orasso_ssoserver,cn=sso,cn=products,cn=oraclecontext
gslfcmADoCompare: IP Address (<IP address>) dn (cn=<USERNAME>,cn=users,dc=<COMPANY NAME>,dc=com) attr (userpassword) value(******)
10:25:47 * NOT
10:25:47 * AND
10:25:47 * => gslffeETestFilterList
10:25:47 * EQUALITY
10:25:47 * <= gslffeATestFilter 0
10:25:47 * EQUALITY
10:25:47 * <= gslffeATestFilter 0
10:25:47 * <= gslffeETestFilterList 0
10:25:47 * <= gslffeATestFilter 0
10:25:47 * <= gslffeATestFilter 1010
10:25:48 * INFO : gsleswrASndResult2 RESULT = 73 nentries=0
END
...<snip>...
What works:
-----------------------
Login to oiddas as orcladmin does not get this error.
Disabling the external authentication plugin resolves Issue #1, and WNA users are able to login to OIDDAS as well as navigate through all the OIDDAS tabs without errors.Cause
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
Symptoms Cause Solution References
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.