OID ldapbind Directly To AD Via SSL Returns Nothing, No Errors, Just The Prompt Back. (Non-SSL ldapbinds Still Work.)
(Doc ID 1339406.1)
Last updated on MARCH 08, 2017
Applies to:Oracle Internet Directory - Version 9.0.4 and later
Information in this document applies to any platform.
Oracle Internet Directory (OID) 10g integrated with Active Directory (AD) for DIP Sync and External Authentication Plugin.
Logins of AD sync'd users stopped working suddenly.
An ldapbind directly to AD as an AD sync'd user via non-SSL works fine.
An ldapbind as an AD sync'd user via SSL directly to AD does not returning anything, just returns the prompt back.
Ensured the command is using the correct -U 2 switch, and only passing the wallet directory/location ok, etc. Still no response from the SSL bind to AD, and it returns nothing, just back to the prompt.
Also tried a number of different notations in the ldapbind ssl command to AD, including with and without doublequotes around the argument values, verifying the wallet directory location, using file:/ and file:// for wallet location, etc., but still no errors returned, just the prompt back every time.
Even when purposely passing an incorrect AD username/DN or password, which should return an invalid credentials type error, the ldapbind still returns no errors at all.
Opening the wallet with Oracle Wallet Manager (OWM) shows a current root CA certificate, but there are also two other certificates with the AD server hostname which expired a few months back. However the external authentication plugin using SSL to AD had been working fine up until now.
When trying command:
It immediately returns a connection closed or connection refused type message, instead of remaining open until a Ctrl+C is issued which is the typical behavior for a working connection to the LDAP port.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.|