My Oracle Support Banner

DB EUS Logins Work with OID 11g Pre-11.1.1.9 But Fail with OID 11.1.1.9.0: ORA-28043: invalid bind credentials for DB-OID connection and/or ORA-28030: Server encountered problems accessing LDAP directory service. ldapbind Fails with: SSL handshake failed (Doc ID 2098621.1)

Last updated on SEPTEMBER 06, 2018

Applies to:

Oracle Internet Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

Existing Oracle Internet Directory (OID) 11g's, e.g., 11.1.1.7.0 and ealier, are working for Enterprise User Security (EUS) Database (DB) logins.

After installing a new OID 11.1.1.9.0 and migrating the EUS entries over from the older OID, EUS logins / global authentication configured to use the new 11.1.1.9 OID as LDAP server fail:

ORA-28043: invalid bind credentials for DB-OID connection

After correcting a password policy difference in the new 11.1.1.9 OID (for example, set the same value for pwdMaxAge to match the existing/working 11.1.1.5), EUS logins still fail with:

ORA-28030: Server encountered problems accessing LDAP directory service

The data in both OID match exactly, including all the operational attribute values.

An OID debugged log reveals the same problem as outlined in the Symptoms of Document 1546173.1, where the EUS related search as orcladmin returns all the requested operational attributes, but the same search as the DB user returns only the dn and the orclguid from the nonworking OID, however that same Document Solution does not resolve the problem here.

 

Changes

Migrated EUS entries from older OID to new 11.1.1.9.0 OID.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.