Unable to LDAPBIND to OVD 11g with AD Adapter and Kerberos "LDAP Error 49 : Client not found in Kerberos database (6)" (Doc ID 2000239.1)

Last updated on SEPTEMBER 14, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.0 and later
Information in this document applies to any platform.

Symptoms

It was observed that users that had a "dot" in their UIDs or a space in their DNs could not ldapbind to OVD via an Active Directory adapter with Kerberos.

For example:

ldapbind -p 6501 -D "CN=John Smith,CN=Users,dc=oracle,dc=com" -w password
ldap_bind: Invalid credentials
ldap_bind: additional info: LDAP Error 49 : Client not found in Kerberos database (6)

 

The rest of the users would ldapbind just fine:

ldapbind -p 6501 -D "CN=supportuser,CN=Users,dc=oracle,dc=com" -w password
bind successful

 

In the OVD diagnostic log the following is found for the failed binds:

 

[2014-04-30T05:55:16.465-04:00] [octetstring] [NOTIFICATION] []
[com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid: 18] [ecid: <ECID Number>,0] !BIND Operation:
(Transaction#rroo_OAM_LDAP_adapter.Dump After.3162)[[
BindDN: CN=John Smith,CN=Users,dc=oracle,dc=com
Password: *********!
]]
[2014-04-30T05:55:16.498-04:00] [octetstring] [ERROR] [OVD-60284]
[com.octetstring.vde.backend.jndi.rdmo_OAM_LDAP_adapter.KerbLogin] [tid: 18]
[ecid: <ECID Number>,0] Logging Exception when trying to call login Client not found in Kerberos database (6).
[2014-04-30T05:55:16.499-04:00] [octetstring] [NOTIFICATION] []
[com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid:
18] [ecid: <ECID Number>,0] !BIND Results: (Transaction#rdmo_OAM_LDAP_adapter.Dump After.3162) FALSE![[
com.octetstring.vde.util.DirectoryException: LDAP Error 49 : Client not found in Kerberos database (6)
at com.octetstring.vde.backend.jndi.BackendJNDI.bind(BackendJNDI.java:554)
at com.octetstring.vde.chain.Chain.nextBind(Chain.java:223)
at
com.octetstring.vde.chain.plugins.usermanagement.UserManagement.bind(UserManagement.java:660)
at com.octetstring.vde.chain.Chain.nextBind(Chain.java:233)
.
.
.
 Caused by: javax.security.auth.login.LoginException: Client not found in Kerberos database (6)

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms