LDAP Search Fails in OVD with "LDAP: error code 48 - Server is Configured to Deny Anonymous Binds" After Disabling Anonymous Bind in OID
(Doc ID 1610852.1)
Last updated on AUGUST 30, 2023
Applies to:
Oracle Virtual Directory - Version 11.1.1.0 and laterInformation in this document applies to any platform.
Symptoms
After disabling anonymous bind in Oracle Internet Directory (OID), ldapsearch to Oracle Virtual Directory (OVD) fails with following error message.
ldap_search: Inappropriate authentication
ldap_search: additional info: LDAP Error 48 : [LDAP: error code 48 - Server is Configured to Deny Anonymous Binds]
OVD and OID is integrated through LDAP Adapter.
From Diagnostic Log
:
[2013-11-19T21:15:20.854-08:00] [octetstring] [WARNING] [OVD-40066] [com.octetstring.vde.backend.jndi.<ADAPTER_NAME>.ConnectionHandle] [tid: xx] [ecid: ] [arg: <HOSTNAME:PORT>] [arg: javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; remaining name 'OU=<OU3>,OU=<OU2>,OU=<OU1>,DC=<COMPANY>,DC=com'] Remote Server Failure:<HOSTNAME:PORT>.
[2013-11-19T21:15:20.964-08:00] [octetstring] [NOTIFICATION] [] [com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid: xx] [ecid: ] !SEARCH Results: (Transaction#<ADAPTER_NAME> After.1) 1 sets returned.!
[2013-11-19T21:15:20.965-08:00] [octetstring] [NOTIFICATION] [] [com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid: xx] [ecid: ] !SEARCH Results: (Transaction#<ADAPTER_NAME>.Dump Before.1) 1 sets returned.!
[2013-11-19T21:15:20.974-08:00] [octetstring] [WARNING] [OVD-40066] [com.octetstring.vde.backend.jndi.<ADAPTER_NAME>.ConnectionHandle] [tid: xx] [ecid: ] [arg: <HOSTNAME:PORT>] [arg: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - Server is Configured to Deny Anonymous Binds]; remaining name 'ou=<OU2>,ou=<OU1>,dc=<COMPANY>,dc=com'] Remote Server Failure:<REMOTE HOST:PORT>.
[2013-11-19T21:17:01.785-08:00] [octetstring] [NOTIFICATION] [] [com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid: xx] [ecid: ] !SEARCH Operation: (Transaction#<ADAPTER_NAME>.Dump Before.2)[[ BindDN: <USERNAME> Base: dc=<COMPANY>,dc=com Scope: 2 Filter: (&(objectclass=inetorgperson)(&(uid=<UID>)(obUserAccountControl=ACTIVATED))) TypesOnly: FALSE Attrs: [cn]! ]]
For Example:
Failed Case:
ldapsearch -h <OVD HOSTNAME> -p <PORT> -D "<USERNAME>" -w xxxxxxx -b "dc=<COMPANY>,dc=com" -s sub uid=<UID>
ldap_search: Inappropriate authentication
ldap_search: additional info: LDAP Error 48 : [LDAP: error code 48 - Server is Configured to Deny Anonymous Binds]
Success Case:
ldapsearch -h <OVD HOSTNAME> -p <PORT> -D <USERNAME> -w xxxxxx -b "ou=people,dc=<COMPANY>,dc=com" -s sub uid=<UID>
uid=<UID>,ou=users,ou=people,dc=<COMPANY>,dc=com
mail=<EMAIL>
createdby=<ADMINUSERNAME>
usertype=0
userstatus=1
orclnormdn=uid=<UID>,ou=users,ou=people,dc=<COMPANY>,dc=com
Changes
Use ODSM to modify the adapter configuration and add a Proxy Bind DN and password for the adapter added, for example "<ADAPTER_NAME>" configured for ou=<OU2>,ou=<OU1>, dc=<COMPANY>,dc=com in adapters.os_xml
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |