Starting the DIP Server in OID11g fails with DIP-10013 Invalid Credentials (Doc ID 1397413.1)

Last updated on SEPTEMBER 27, 2016

Applies to:

Oracle Internet Directory - Version 11.1.1.2.0 to 11.1.1.9.3 [Release 11g]
Information in this document applies to any platform.

Symptoms

When starting the DIP server, it is throwing the following exception in the managed server logs (eg wls_ods1.log) and it is not starting up:

[APP: DIP#11.1.1.2.0] Connection to LDAP server failed - Check configuration of DIP server.
[2011-12-21T03:13:17.206+00:00] [wls_ods3] [ERROR] [] [oracle.dip] [tid: SyncProfileMBean] [userId: weblogic] [ecid: 981e338bec02b1ac:-13f5dbcb:13441bee3a3:-8000-0000000000016710,0] [APP: DIP#11.1.1.2.0] Directory Integration Platform is not able to get the context with the given details : OID host: oidhost.oracle.com Port: 3131 SSL mode:1.
[2011-12-21T03:13:17.206+00:00] [wls_ods3] [ERROR] [DIP-10013] [oracle.dip] [tid: SyncProfileMBean] [userId: weblogic] [ecid: 981e338bec02b1ac:-13f5dbcb:13441bee3a3:-8000-0000000000016710,0] [APP: DIP#11.1.1.2.0] Exception[[
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
...
...

The OID debug trace (level 8193) shows:
[2011-12-16T16:34:44+00:00] [OID] [TRACE:16] [] [OIDLDAPD] [host: myoidhost] [pid: 10109] [tid: 8] [ecid: 004h3WhfC3sDsX25zrCCyW0002Tx000000,0] ServerWorker (REG):[[
BEGIN
ConnID:0 mesgID:1 OpID:0 OpName:bind ConnIP:::ffff:10.0.130.89 ConnDN:Anonymous
INFO : gslfbidbDoBind * Version=3 BIND dn="cn=odisrv,cn=Registered Instances,cn=Directory Integration Platform,cn=products,cn=oraclecontext" method=128
ConnId = 0, op=0, IpAddr=::ffff:10.0.130.89
2011-12-16T16:34:44 * INFO:gsleswrASndResult OPtime=4091 micro sec RESULT=49 tag=97 nentries=0
END

 

On last release (11.1.1.9) it is not specific exception it was identified just next messages in the wls_ods log file. So, consider this log output as symptom also:

[2016-08-10T16:37:56.938-04:00] [wls_ods1] [ERROR] [] [oracle.dip] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (s
elf-tuning)'] [userId: weblogic] [ecid: 78030552a20ab746:-d35ef94:156762a3cc1:-8000-0000000000000428,0] [APP: DIP#11.1.1.2.0] Connection to
LDAP server failed - Check configuration of DIP server.
[2016-08-10T16:37:56.938-04:00] [wls_ods1] [ERROR] [] [oracle.dip] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (s
elf-tuning)'] [userId: weblogic] [ecid: 78030552a20ab746:-d35ef94:156762a3cc1:-8000-0000000000000428,0] [APP: DIP#11.1.1.2.0] Directory Int
egration Platform is not able to get the context with the given details : OID host: oid-server1 Port: 3131 SSL mode:1.
[2016-08-10T16:37:56.939-04:00] [wls_ods1] [ERROR] [DIP-10013] [oracle.dip] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.D
efault (self-tuning)'] [userId: weblogic] [ecid: 78030552a20ab746:-d35ef94:156762a3cc1:-8000-0000000000000428,0] [APP: DIP#11.1.1.2.0] Exce
ption
[2016-08-10T16:37:56.953-04:00] [wls_ods1] [NOTIFICATION] [EVENT_NOT_ENABLED] [oracle.dip] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'we
blogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: 78030552a20ab746:-d35ef94:156762a3cc1:-8000-0000000000000428,0] [APP: DIP#1
1.1.1.2.0]

 

Changes

Prior to this, configured the "Server side authentication" mode SSL for the above mentioned OID instance using:
    Note 1203271.1 '11g - How To Create New OID Instance And Configure For SSL Server Auth (mode 2)'
     Note 1207673.1 '11g - How To Configure DIP Sync Profile To Run In SSL Server Auth (mode 2)'

However this does not seem to be a factor.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms