My Oracle Support Banner

Ldapbind via SASL Digest-MD5 fail against NON-OID LDAP servers "ldap_sasl_bind: Invalid credentials" (Doc ID 2046061.1)

Last updated on FEBRUARY 03, 2019

Applies to:

Oracle Internet Directory - Version 10.1.4 and later
Information in this document applies to any platform.


 Ldapbind via SASL Digest-MD5 fail against NON-OID LDAP servers.

Reported with RDBMS 12.2 LDAP client tools.

Example bind to AD using SASL DIGEST-MD5:

ldapbind -h -p 389 -D cn=oratst,cn=users,dc=test2,dc=oracle,dc=com -w Welcome_1 -O auth -Y DIGEST-MD5
ldap_sasl_bind: Invalid credentials
ldap_sasl_bind: additional info: 80090308: LdapErr: DSID-0C0904D0, comment:
@ AcceptSecurityContext error, data 57, v1db0


NON SASL to ldapbinds to AD are successful.

$ ldapbind -h -p 389 -D cn=oratst,cn=users,dc=test2,dc=oracle,dc=com -w Welcome_1
bind successful


SASL DIGET-MD5 binds to OID are successful:

ldapsearch -h localhost -p 3060 -D cn=pagussha1,ou=Americas,o=oracle,l=redwoodshores,st=CA,c=US -w Welcome_1 -b
"" -s base "objectclass=*" supportedSASLMechanisms -o auth -y DIGEST-MD5
sasl bind successful


Confirm supportedSASLMechanisms in AD.

ldapsearch -h -p 389 -D cn=oratst,cn=users,dc=test2,dc=dbsec2008,dc=com -w Welcome_1 -b "" -s base
"objectclass=*" supportedSASLMechanisms




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.