Ldapbind via SASL Digest-MD5 fail against NON-OID LDAP servers "ldap_sasl_bind: Invalid credentials"
(Doc ID 2046061.1)
Last updated on AUGUST 30, 2023
Applies to:
Oracle Internet Directory - Version 10.1.4 and laterInformation in this document applies to any platform.
Symptoms
Ldapbind via SASL Digest-MD5 fail against NON-OID LDAP servers.
Reported with RDBMS 12.2 LDAP client tools.
Example bind to AD using SASL DIGEST-MD5:
ldapbind -h <AD_HOSTNAME> -p 389 -D cn=username,cn=users,dc=<COMPANY_NAME>,dc=com -w <PASSWORD> -O auth -Y DIGEST-MD5
ldap_sasl_bind: Invalid credentials
ldap_sasl_bind: additional info: 80090308: LdapErr: DSID-0C0904D0, comment:
@ AcceptSecurityContext error, data 57, v1db0
NON SASL to ldapbinds to AD are successful.
$ ldapbind -h <AD_HOSTNAME> -p 389 -D cn=username,cn=users,dc=<COMPANY_NAME>,dc=com -w <PASSWORD>
bind successful
SASL DIGET-MD5 binds to OID are successful:
ldapsearch -h localhost -p 3060 -D cn=SOMEUSER,ou=Americas,o=ORG,c=COUNTRY -w <PASSWORD> -b
"" -s base "objectclass=*" supportedSASLMechanisms -o auth -y DIGEST-MD5
sasl bind successful
Confirm supportedSASLMechanisms in AD.
ldapsearch -h <AD_HOSTNAME> -p 389 -D ccn=username,cn=users,dc=<COMPANY_NAME>,dc=com -w <PASSWORD> -b "" -s base
"objectclass=*" supportedSASLMechanisms
supportedSASLMechanisms=GSSAPI
supportedSASLMechanisms=GSS-SPNEGO
supportedSASLMechanisms=EXTERNAL
supportedSASLMechanisms=DIGEST-MD5
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |