After syncovdconfig, OVD 11g Target Server Shows AD Adapter Error Status; "Verify Host" Button Shows "Could not obtain current aliases"; Connections to AD Fail With: ldap_bind: Protocol error (2) / additional info: LDAP Error 2 : <adhost>:636 (Doc ID 1986037.1)

Last updated on APRIL 06, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory Server (OVD) 11g, i.e., 11.1.1.6.0.

Following MOS Notes and documentation to synchronize OVD configuration with syncovdconfig.

The syncovdconfig.pl command itself runs successfully.  However, in the target/destination OVD server, the connection to backend Active Directory (AD) servers via SSL port 636 fails with:

ldap_bind: Protocol error (2)
       additional info: LDAP Error 2 : myadhost.mycompany.com:636

In the AD Adapter configuration page, the LDAP / AD Server status is just "Error".

Clicking on "Verify Host" button returns:

Could not obtain current aliases

OVD diagnostic.log shows:

[2015-02-19T11:12:03.536-05:00] [octetstring] [WARNING] [OVD-60024] [com.octetstring.vde.backend.jndi.ADAdapter.JNDIConnectionPool] [tid: 55] [ecid: 0000KiYb3t94Us45NVDCie1KtWSR000Z^h,0] Connection error: myadhost.mycompany.com:636.
[2015-02-19T11:12:03.536-05:00] [octetstring] [ERROR] [OVD-60143] [com.octetstring.vde.backend.jndi.ADAdapter.BackendJNDI] [tid: 55] [ecid: 0000KiYb3t94Us45NVDCie1KtWSR000Z^h,0]  [#ADAdapter]  Unable to create connection to ldap://[myadhost.mycompany.com]:636 as null.[[
javax.naming.CommunicationException: myadhost.mycompany.com:636 [Root exception is java.io.IOException: Cannot create SSL socket factory.]
...<etc>...
Caused by: java.io.IOException: Cannot create SSL socket factory.

Workaround: Change the adapter to use the AD non-SSL port 389.

Using ldapsearch command line works to the same AD server via both ports 389 and 636.

Also getting the same above errors when creating a new/temporary AD adapter in a different system, so the issue is getting OVD to trust the LDAPS certificate in the backend AD server.


Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms