My Oracle Support Banner

Ldapbind Via SSL To AD Server Fails With: Unknown Error Encountered (Doc ID 1288764.1)

Last updated on JANUARY 18, 2024

Applies to:

Oracle Internet Directory - Version 11.1.1.1.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Internet Directory (OID) Server has been properly synchronizing with Active Directory (AD) without SSL.  Non-SSL communication works as expected.

After configuring DIP to connect to AD over SSL, synchronization no longer works.

AD has been properly setup and tested for SSL communication on port 636 and is accepting external connections. Also exported the CA Certificate from the AD server by following <Note 178806.1> and imported it into the Wallet on the OID server.

To test communication over SSL to the AD server, using ldapbind command:

ldapbind -h <AD_HOSTNAME> -p <AD_LDAP_SSL_PORT> -U 2 -D "<AD_DOMAIN_ADMIN@DOMAIN>" -w <PASSWORD> -W file://<PATH_TO_ORACLE_WALLET> -P <WALLET_PASSWORD>

This returns:

UnKnown Error Encountered


After using debugging with the ldapsearch tool, ie -d -1 as outlined in <Note 470885.1>, it looks like the Wallet cannot be opened as the message now included is "Open Wallet failed."

Already verified the wallet path and password.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.