JDBC Thin Driver Connection Via Wallet and with LDAP Fails with ORA-1017
(Doc ID 2067207.1)
Last updated on OCTOBER 31, 2022
Applies to:
JDBC - Version 12.1.0.2.0 and laterInformation in this document applies to any platform.
Symptoms
On : 12.1.0.2.0 version, Thin JDBC driver
Java program using JDBC thin driver via wallet and with openLDAP or LDAP cannot connect to database.
An oracle external wallet authentication with mkstore has been set up to connect to the database without user/password. This setting works fine via Sql*Plus. However, when using JDBC, it throws an ORA-1017 invalid username/password.
ERROR
-----------------------
java.sql.SQLException: ORA-01017: invalid username/password; logon denied
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:450)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:392)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:385)
at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:1018)
at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:501)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:522)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:257)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:437)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:954)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:639)
at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:666)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:566)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:208)
at SecureExternalPassword.main(SecureExternalPassword.java:22)
STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Set up an Oracle external wallet authentication with mkstore to connect to the database without user/password.
2. Test the connection with SQL*Plus, which will work successfully.
3. Test the connection with JDBC using the LDAP entry on the URL (URL=jdbc:oracle:thin:/@ldap://<LDAP HOSTNAME>:<LDAP PORT>/<SERVICE>,cn=<COMMON NAME>"). These will fail with the error.
The connection without LDAP (with TNS descriptor) works successfully:
String url = "jdbc:oracle:thin:/@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<HOSTNAME>)(PORT=<DB PORT>))(CONNECT_DATA=(SERVICE_NAME=<SERVICE NAME>)))";
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |