OID 11g Server Chaining With SSL-Only Enabled AD / ODSM Missing SSL Configuration Fields / "Verify Login Credential" Button Fails With Error: The User Credentials provided are invalid.
(Doc ID 1484485.1)
Last updated on JUNE 30, 2017
Applies to:Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.
Oracle Internet Directory (OID) 11g, i.e., 126.96.36.199.
Setting up Server Chaining (SC) against Active Directory (AD), where AD is configured to only allow binds via SSL.
Verfied that binds to AD SSL port works both with and without credentials and using the wallet/password, e.g.:
$ ldapbind -h myadhost.mycompany.com -p 636 -U 2 -W file://<walletdir> -P <wallet password>
The SC screen in ODSM does not include a way/field to specify the wallet information for the bind to AD.
Oracle® Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1) E10029-06
Chapter 38 Configuring Server Chaining
Section 38.3.5 Active Directory with SSL Example
Instructs to configure Server Chaining (SC) to AD via NON-SSL first, then switch to SSL, however since there is no AD access via NON-SSL, there is no clear directions how to do this when SSL only is available.
Able to go ahead and configure with SSL via ldif file modification as per documentation above. The following ldif file of changes were added:
orcloidscwalletpassword: <wallet password>
However when clicking the "Verify Login Credential" button fails with:
The User Credentials provided are invalid.
The corresponding wls_ods-diagnostics.log shows error :
This maybe expected for not providing any ssl credentials, which appears to be required, although the end goal is not to provide any credentials and only use the wallet/password with SC, but the same happens whether entering credentials or not.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document