LDAP Search Fails in OVD with "LDAP: error code 48 - Server is Configured to Deny Anonymous Binds" After Disabling Anonymous Bind in OID (Doc ID 1610852.1)

Last updated on AUGUST 30, 2023

Applies to:

Symptoms

After disabling anonymous bind in Oracle Internet Directory (OID), ldapsearch to Oracle Virtual Directory (OVD) fails with following error message.

ldap_search: Inappropriate authentication

ldap_search: additional info: LDAP Error 48 : [LDAP: error code 48 - Server is Configured to Deny Anonymous Binds]

OVD and OID is integrated through LDAP Adapter.

From Diagnostic Log

:

[2013-11-19T21:15:20.854-08:00] [octetstring] [WARNING] [OVD-40066] [com.octetstring.vde.backend.jndi.<ADAPTER_NAME>.ConnectionHandle] [tid: xx] [ecid: ] [arg: <HOSTNAME:PORT>] [arg: javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; remaining name 'OU=<OU3>,OU=<OU2>,OU=<OU1>,DC=<COMPANY>,DC=com'] Remote Server Failure:<HOSTNAME:PORT>.

[2013-11-19T21:15:20.964-08:00] [octetstring] [NOTIFICATION] [] [com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid: xx] [ecid: ] !SEARCH Results: (Transaction#<ADAPTER_NAME> After.1) 1 sets returned.!

[2013-11-19T21:15:20.965-08:00] [octetstring] [NOTIFICATION] [] [com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid: xx] [ecid: ] !SEARCH Results: (Transaction#<ADAPTER_NAME>.Dump Before.1) 1 sets returned.!

[2013-11-19T21:15:20.974-08:00] [octetstring] [WARNING] [OVD-40066] [com.octetstring.vde.backend.jndi.<ADAPTER_NAME>.ConnectionHandle] [tid: xx] [ecid: ] [arg: <HOSTNAME:PORT>] [arg: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - Server is Configured to Deny Anonymous Binds]; remaining name 'ou=<OU2>,ou=<OU1>,dc=<COMPANY>,dc=com'] Remote Server Failure:<REMOTE HOST:PORT>.

[2013-11-19T21:17:01.785-08:00] [octetstring] [NOTIFICATION] [] [com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid: xx] [ecid: ] !SEARCH Operation: (Transaction#<ADAPTER_NAME>.Dump Before.2)[[ BindDN: <USERNAME> Base: dc=<COMPANY>,dc=com Scope: 2 Filter: (&(objectclass=inetorgperson)(&(uid=<UID>)(obUserAccountControl=ACTIVATED))) TypesOnly: FALSE Attrs: [cn]! ]]

For Example:

Failed Case:

ldapsearch -h <OVD HOSTNAME> -p <PORT> -D "<USERNAME>" -w xxxxxxx -b "dc=<COMPANY>,dc=com" -s sub uid=<UID>

ldap_search: Inappropriate authentication
ldap_search: additional info: LDAP Error 48 : [LDAP: error code 48 - Server is Configured to Deny Anonymous Binds]

Success Case:

ldapsearch -h <OVD HOSTNAME> -p <PORT> -D <USERNAME> -w xxxxxx -b "ou=people,dc=<COMPANY>,dc=com" -s sub uid=<UID>
uid=<UID>,ou=users,ou=people,dc=<COMPANY>,dc=com
mail=<EMAIL>
createdby=<ADMINUSERNAME>
usertype=0
userstatus=1
orclnormdn=uid=<UID>,ou=users,ou=people,dc=<COMPANY>,dc=com

Changes

Use ODSM to modify the adapter configuration and add a Proxy Bind DN and password for the adapter added, for example "<ADAPTER_NAME>" configured for ou=<OU2>,ou=<OU1>, dc=<COMPANY>,dc=com in adapters.os_xml

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.