My Oracle Support Banner

Ldapbind via SASL Digest-MD5 fail against NON-OID LDAP servers "ldap_sasl_bind: Invalid credentials" (Doc ID 2046061.1)

Last updated on FEBRUARY 03, 2019

Applies to:

Oracle Internet Directory - Version 10.1.4 and later
Information in this document applies to any platform.

Symptoms

 Ldapbind via SASL Digest-MD5 fail against NON-OID LDAP servers.

Reported with RDBMS 12.2 LDAP client tools.

Example bind to AD using SASL DIGEST-MD5:

ldapbind -h myADhost.oracle.com -p 389 -D cn=oratst,cn=users,dc=test2,dc=oracle,dc=com -w Welcome_1 -O auth -Y DIGEST-MD5
ldap_sasl_bind: Invalid credentials
ldap_sasl_bind: additional info: 80090308: LdapErr: DSID-0C0904D0, comment:
@ AcceptSecurityContext error, data 57, v1db0

 

NON SASL to ldapbinds to AD are successful.

$ ldapbind -h myADhost.oracle.com -p 389 -D cn=oratst,cn=users,dc=test2,dc=oracle,dc=com -w Welcome_1
bind successful

 

SASL DIGET-MD5 binds to OID are successful:

ldapsearch -h localhost -p 3060 -D cn=pagussha1,ou=Americas,o=oracle,l=redwoodshores,st=CA,c=US -w Welcome_1 -b
"" -s base "objectclass=*" supportedSASLMechanisms -o auth -y DIGEST-MD5
sasl bind successful

 

Confirm supportedSASLMechanisms in AD.

ldapsearch -h myADhost.oracle.com -p 389 -D cn=oratst,cn=users,dc=test2,dc=dbsec2008,dc=com -w Welcome_1 -b "" -s base
"objectclass=*" supportedSASLMechanisms

supportedSASLMechanisms=GSSAPI
supportedSASLMechanisms=GSS-SPNEGO
supportedSASLMechanisms=EXTERNAL
supportedSASLMechanisms=DIGEST-MD5

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References

This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.