After syncovdconfig, OVD 11g Target Server Shows AD Adapter Error Status; "Verify Host" Button Shows "Could not obtain current aliases"; Connections to AD Fail With: ldap_bind: Protocol error (2) / additional info: LDAP Error 2 : <adhost>:636
Last updated on APRIL 06, 2017
Applies to:Oracle Virtual Directory - Version 184.108.40.206 and later
Information in this document applies to any platform.
Oracle Virtual Directory Server (OVD) 11g, i.e., 220.127.116.11.0.
Following MOS Notes and documentation to synchronize OVD configuration with syncovdconfig.
The syncovdconfig.pl command itself runs successfully. However, in the target/destination OVD server, the connection to backend Active Directory (AD) servers via SSL port 636 fails with:
additional info: LDAP Error 2 : myadhost.mycompany.com:636
In the AD Adapter configuration page, the LDAP / AD Server status is just "Error".
Clicking on "Verify Host" button returns:
OVD diagnostic.log shows:
[2015-02-19T11:12:03.536-05:00] [octetstring] [ERROR] [OVD-60143] [com.octetstring.vde.backend.jndi.ADAdapter.BackendJNDI] [tid: 55] [ecid: 0000KiYb3t94Us45NVDCie1KtWSR000Z^h,0] [#ADAdapter] Unable to create connection to ldap://[myadhost.mycompany.com]:636 as null.[[
javax.naming.CommunicationException: myadhost.mycompany.com:636 [Root exception is java.io.IOException: Cannot create SSL socket factory.]
Caused by: java.io.IOException: Cannot create SSL socket factory.
Workaround: Change the adapter to use the AD non-SSL port 389.
Using ldapsearch command line works to the same AD server via both ports 389 and 636.
Also getting the same above errors when creating a new/temporary AD adapter in a different system, so the issue is getting OVD to trust the LDAPS certificate in the backend AD server.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms