OID ldapbind Directly To AD Via SSL Returns Nothing, No Errors, Just The Prompt Back. (Non-SSL ldapbinds Still Work.) (Doc ID 1339406.1)

Last updated on AUGUST 18, 2022

Applies to:

Symptoms

Oracle Internet Directory (OID) 10g integrated with Active Directory (AD) for DIP Sync and External Authentication Plugin.

Logins of AD sync'd users stopped working suddenly.

An ldapbind directly to AD as an AD sync'd user via non-SSL works fine.

An ldapbind as an AD sync'd user via SSL directly to AD does not returning anything, just returns the prompt back.

Ensured the command is using the correct -U 2 switch, and only passing the wallet directory/location ok, etc.  Still no response from the SSL bind to AD, and it returns nothing, just back to the prompt.

Also tried a number of different notations in the ldapbind ssl command to AD, including with and without doublequotes around the argument values, verifying the wallet directory location, using file:/ and file:// for wallet location, etc., but still no errors returned, just the prompt back every time.

Even when purposely passing an incorrect AD username/DN or password, which should return an invalid credentials type error, the ldapbind still returns no errors at all.

Opening the wallet with Oracle Wallet Manager (OWM) shows a current root CA certificate, but there are also two other certificates with the AD server hostname which expired a few months back.  However the external authentication plugin using SSL to AD had been working fine up until now.

When trying command:

It immediately returns a connection closed or connection refused type message, instead of remaining open until a Ctrl+C is issued which is the typical behavior for a working connection to the LDAP port.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.