My Oracle Support Banner

Ldapbind via SASL Digest-MD5 fail against NON-OID LDAP servers "ldap_sasl_bind: Invalid credentials" (Doc ID 2046061.1)

Last updated on APRIL 28, 2021

Applies to:

Oracle Internet Directory - Version 10.1.4 and later
Information in this document applies to any platform.

Symptoms

 Ldapbind via SASL Digest-MD5 fail against NON-OID LDAP servers.

Reported with RDBMS 12.2 LDAP client tools.

Example bind to AD using SASL DIGEST-MD5:

ldapbind -h <AD_HOSTNAME> -p 389 -D cn=username,cn=users,dc=<COMPANY_NAME>,dc=com -w <PASSWORD> -O auth -Y DIGEST-MD5
ldap_sasl_bind: Invalid credentials
ldap_sasl_bind: additional info: 80090308: LdapErr: DSID-0C0904D0, comment:
@ AcceptSecurityContext error, data 57, v1db0

 

NON SASL to ldapbinds to AD are successful.

$ ldapbind -h <AD_HOSTNAME> -p 389 -D cn=username,cn=users,dc=<COMPANY_NAME>,dc=com -w <PASSWORD>
bind successful

 

SASL DIGET-MD5 binds to OID are successful:

ldapsearch -h localhost -p 3060 -D cn=SOMEUSER,ou=Americas,o=ORG,c=COUNTRY -w <PASSWORD> -b
"" -s base "objectclass=*" supportedSASLMechanisms -o auth -y DIGEST-MD5
sasl bind successful

 

Confirm supportedSASLMechanisms in AD.

ldapsearch -h <AD_HOSTNAME> -p 389 -D ccn=username,cn=users,dc=<COMPANY_NAME>,dc=com -w <PASSWORD> -b "" -s base
"objectclass=*" supportedSASLMechanisms

supportedSASLMechanisms=GSSAPI
supportedSASLMechanisms=GSS-SPNEGO
supportedSASLMechanisms=EXTERNAL
supportedSASLMechanisms=DIGEST-MD5

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.