Ldapbind Via SSL To AD Server Fails With: Unknown Error Encountered (Doc ID 1288764.1)

Last updated on SEPTEMBER 13, 2016

Applies to:

Oracle Internet Directory - Version 9.0.4 and later
Information in this document applies to any platform.
***Checked for relevance on 12-Dec-2013***

Symptoms

Oracle Internet Directory (OID) Server has been properly synchronizing with Active Directory (AD) without SSL.  Non-SSL communication works as expected.

After configuring DIP to connect to AD over SSL, synchronization no longer works.

AD has been properly setup and tested for SSL communication on port 636 and is accepting external connections. Also exported the CA Certificate from the AD server by following <Note 178806.1> and imported it into the Wallet on the OID server.

To test communication over SSL to the AD server, using ldapbind command:

ldapbind -h <AD hostname> -p 636 -U 2 -D "<AD_DOMAIN_ADMIN@DOMAIN>" -w <password> -W file://<path_to_oracle_wallet> -P <Wallet_Password>


This returns:

UnKnown Error Encountered


After using debugging with the ldapsearch tool, ie -d -1 as outlined in <Note 470885.1>, it looks like the Wallet cannot be opened as the message now included is "Open Wallet failed."

Already verified the wallet path and password.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms