After syncovdconfig, OVD 11g Target Server Shows AD Adapter Error Status; "Verify Host" Button Shows "Could not obtain current aliases"; Connections to AD Fail With: ldap_bind: Protocol error (2) / additional info: LDAP Error 2 : <AD_HOSTNAME>:<SSL_PORT>.
(Doc ID 1986037.1)
Last updated on DECEMBER 20, 2019
Applies to:
Oracle Virtual Directory - Version 11.1.1.0 and laterInformation in this document applies to any platform.
Symptoms
Oracle Virtual Directory Server (OVD) 11g, i.e., 11.1.1.6.0.
Following MOS Notes and documentation to synchronize OVD configuration with syncovdconfig.
The syncovdconfig.pl command itself runs successfully. However, in the target/destination OVD server, the connection to backend Active Directory (AD) servers via SSL port 636 fails with:
additional info: LDAP Error 2 : <AD_HOSTNAME>:<SSL_PORT>.
In the AD Adapter configuration page, the LDAP / AD Server status is just "Error".
Clicking on "Verify Host" button returns:
OVD diagnostic.log shows:
[2015-02-19T11:12:03.536-05:00] [octetstring] [ERROR] [OVD-60143] [com.octetstring.vde.backend.jndi.<AD_ADAPTER_NAME>.BackendJNDI] [tid: xx] [ecid: <ECID>] [#<AD_ADAPTER_NAME>] Unable to create connection to ldap://<AD_HOSTNAME>:<SSL_PORT>. as null.[[
javax.naming.CommunicationException: <AD_HOSTNAME>:<SSL_PORT>. [Root exception is java.io.IOException: Cannot create SSL socket factory.]
...<etc>...
Caused by: java.io.IOException: Cannot create SSL socket factory.
Workaround: Change the adapter to use the AD non-SSL port
Using ldapsearch command line works to the same AD server via both ports
Also getting the same above errors when creating a new/temporary AD adapter in a different system, so the issue is getting OVD to trust the LDAPS certificate in the backend AD server.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |