Unable to LDAPBIND to OVD 11g with AD Adapter and Kerberos "LDAP Error 49 : Client not found in Kerberos database (6)"
(Doc ID 2000239.1)
Last updated on FEBRUARY 21, 2019
Applies to:
Oracle Virtual Directory - Version 11.1.1.0 and laterInformation in this document applies to any platform.
Symptoms
It was observed that users that had a "dot" in their UIDs or a space in their DNs could not ldapbind to OVD via an Active Directory adapter with Kerberos.
For example:
ldapbind -p 6501 -D "CN=<NON-WORKING USER>,CN=Users,dc=<COMPANY>,dc=com" -w password
ldap_bind: Invalid credentials
ldap_bind: additional info: LDAP Error 49 : Client not found in Kerberos database (6)
ldap_bind: Invalid credentials
ldap_bind: additional info: LDAP Error 49 : Client not found in Kerberos database (6)
The rest of the users would ldapbind just fine:
ldapbind -p 6501 -D "CN=<WORKING USER>,CN=Users,dc=<COMPANY>,dc=com" -w password
bind successful
bind successful
In the OVD diagnostic log the following is found for the failed binds:
[2014-04-30T05:55:16.465-04:00] [octetstring] [NOTIFICATION] []
[com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid: 18] [ecid: <ECID Number>,0] !BIND Operation:
(Transaction#rroo_OAM_LDAP_adapter.Dump After.3162)[[
BindDN: CN=<NON-WORKING USER>,CN=Users,dc=<COMPANY>,dc=com
Password: *********!
]]
[2014-04-30T05:55:16.498-04:00] [octetstring] [ERROR] [OVD-60284]
[com.octetstring.vde.backend.jndi.rdmo_OAM_LDAP_adapter.KerbLogin] [tid: 18]
[ecid: <ECID Number>,0] Logging Exception when trying to call login Client not found in Kerberos database (6).
[2014-04-30T05:55:16.499-04:00] [octetstring] [NOTIFICATION] []
[com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid:
18] [ecid: <ECID Number>,0] !BIND Results: (Transaction#rdmo_OAM_LDAP_adapter.Dump After.3162) FALSE![[
com.octetstring.vde.util.DirectoryException: LDAP Error 49 : Client not found in Kerberos database (6)
at com.octetstring.vde.backend.jndi.BackendJNDI.bind(BackendJNDI.java:554)
at com.octetstring.vde.chain.Chain.nextBind(Chain.java:223)
at
com.octetstring.vde.chain.plugins.usermanagement.UserManagement.bind(UserManagement.java:660)
at com.octetstring.vde.chain.Chain.nextBind(Chain.java:233)
.
.
.
Caused by: javax.security.auth.login.LoginException: Client not found in Kerberos database (6)
[com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid: 18] [ecid: <ECID Number>,0] !BIND Operation:
(Transaction#rroo_OAM_LDAP_adapter.Dump After.3162)[[
BindDN: CN=<NON-WORKING USER>,CN=Users,dc=<COMPANY>,dc=com
Password: *********!
]]
[2014-04-30T05:55:16.498-04:00] [octetstring] [ERROR] [OVD-60284]
[com.octetstring.vde.backend.jndi.rdmo_OAM_LDAP_adapter.KerbLogin] [tid: 18]
[ecid: <ECID Number>,0] Logging Exception when trying to call login Client not found in Kerberos database (6).
[2014-04-30T05:55:16.499-04:00] [octetstring] [NOTIFICATION] []
[com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions] [tid:
18] [ecid: <ECID Number>,0] !BIND Results: (Transaction#rdmo_OAM_LDAP_adapter.Dump After.3162) FALSE![[
com.octetstring.vde.util.DirectoryException: LDAP Error 49 : Client not found in Kerberos database (6)
at com.octetstring.vde.backend.jndi.BackendJNDI.bind(BackendJNDI.java:554)
at com.octetstring.vde.chain.Chain.nextBind(Chain.java:223)
at
com.octetstring.vde.chain.plugins.usermanagement.UserManagement.bind(UserManagement.java:660)
at com.octetstring.vde.chain.Chain.nextBind(Chain.java:233)
.
.
.
Caused by: javax.security.auth.login.LoginException: Client not found in Kerberos database (6)
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |