Ldapbind via SASL Digest-MD5 fail against NON-OID LDAP servers "ldap_sasl_bind: Invalid credentials" (Doc ID 2046061.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 10.1.4 and later
Information in this document applies to any platform.

Symptoms

 Ldapbind via SASL Digest-MD5 fail against NON-OID LDAP servers.

Reported with RDBMS 12.2 LDAP client tools.

Example bind to AD using SASL DIGEST-MD5:

ldapbind -h myADhost.oracle.com -p 389 -D cn=oratst,cn=users,dc=test2,dc=oracle,dc=com -w Welcome_1 -O auth -Y DIGEST-MD5
ldap_sasl_bind: Invalid credentials
ldap_sasl_bind: additional info: 80090308: LdapErr: DSID-0C0904D0, comment:
@ AcceptSecurityContext error, data 57, v1db0

 

NON SASL to ldapbinds to AD are successful.

$ ldapbind -h myADhost.oracle.com -p 389 -D cn=oratst,cn=users,dc=test2,dc=oracle,dc=com -w Welcome_1
bind successful

 

SASL DIGET-MD5 binds to OID are successful:

ldapsearch -h localhost -p 3060 -D cn=pagussha1,ou=Americas,o=oracle,l=redwoodshores,st=CA,c=US -w Welcome_1 -b
"" -s base "objectclass=*" supportedSASLMechanisms -o auth -y DIGEST-MD5
sasl bind successful

 

Confirm supportedSASLMechanisms in AD.

ldapsearch -h myADhost.oracle.com -p 389 -D cn=oratst,cn=users,dc=test2,dc=dbsec2008,dc=com -w Welcome_1 -b "" -s base
"objectclass=*" supportedSASLMechanisms

supportedSASLMechanisms=GSSAPI
supportedSASLMechanisms=GSS-SPNEGO
supportedSASLMechanisms=EXTERNAL
supportedSASLMechanisms=DIGEST-MD5

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms