After Migrating EUS Entries from Older OID 11g Version to OID 11.1.1.9, EUS Logins Fail with ORA-28043: invalid bind credentials for DB-OID connection and/or ORA-28030: Server encountered problems accessing LDAP directory service (Doc ID 2098621.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

Existing Oracle Internet Directory (OID) 11g, e.g., 11.1.1.5.0 is working for Enterprise User Security (EUS) logins.

After installing a new OID 11.1.1.9.0 and migrating the EUS entries over from 11.1.1.5 using either ldifwrite/bulkload or oidcmprec reconcile, EUS logins / global authentication configured to use the new 11.1.1.9 OID as LDAP server fail:

ORA-28043: invalid bind credentials for DB-OID connection

After correcting a password policy difference in the new 11.1.1.9 OID (for example, set the same value for pwdMaxAge to match the existing/working 11.1.1.5), EUS logins still fail with:

ORA-28030: Server encountered problems accessing LDAP directory service

The data in both OID match exactly, including all the operational attribute values.

An OID debugged log reveals the same problem as outlined in the Symptoms of Document 1546173.1, where the EUS related search as orcladmin returns all the requested operational attributes, but the same search as the DB user returns only the dn and the orclguid from the nonworking OID, however that same Document Solution does not resolve the problem here.

 

Changes

Migrated EUS entries from older OID to new 11.1.1.9.0 OID.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms