JDBC Thin Driver Connection Via Wallet and with LDAP Fails with ORA-1017 (Doc ID 2067207.1)

Last updated on MAY 19, 2017

Applies to:

JDBC - Version 12.1.0.2.0 and later
Information in this document applies to any platform.

Symptoms

On : 12.1.0.2.0 version, Thin JDBC driver

Java program using JDBC thin driver via wallet and with openLDAP or LDAP cannot connect to database.
An oracle external wallet authentication with mkstore has been set up to connect to the database without user/password. This setting works fine via Sql*Plus. However, when using JDBC, it throws an ORA-1017 invalid username/password.


ERROR
-----------------------

java.sql.SQLException: ORA-01017: invalid username/password; logon denied

  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:450)
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:392)
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:385)
  at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:1018)
  at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:501)
  at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:522)
  at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:257)
  at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:437)
  at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:954)
  at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:639)
  at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:666)
  at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
  at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:566)
  at java.sql.DriverManager.getConnection(DriverManager.java:664)
  at java.sql.DriverManager.getConnection(DriverManager.java:208)
  at SecureExternalPassword.main(SecureExternalPassword.java:22)



STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Set up an Oracle external wallet authentication with mkstore to connect to the database without user/password.
2. Test the connection with SQL*Plus, which will work successfully.
3. Test the connection with JDBC using the LDAP entry on the URL (URL=jdbc:oracle:thin:/@ldap://host1.us.oracle.com:389/ORCL2,cn=OracleContext"). These will fail with the error.


The connection without LDAP (with TNS descriptor) works successfully:
String url = "jdbc:oracle:thin:/@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=host1.us.oracle.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=orcl2.us.oracle.com)))";

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms