SSL in OID 126.96.36.199 Java External Authentication Plug-in to AD Fails with ldap_bind: Invalid credentials
(Doc ID 2128290.1)
Last updated on OCTOBER 08, 2021
Applies to:Oracle Internet Directory - Version 188.8.131.52.0 to 184.108.40.206.3 [Release 11g]
Information in this document applies to any platform.
Oracle Internet Directory (OID) 11g 220.127.116.11.0 version with Directory Integration Platform (DIP).
OID 18.104.22.168 Java External Authentication Plug-in fails to authenticate users to Microsoft (MS) Active Directory (AD) using SSL.
Performed all the configuration required to synchronize Active Directory with Oracle Internet Directory 11g, but the Java Plug-in for External Authentication is not working and fails with: "Invalid Credentials".
Steps to Reproduce:
1. Setup synchronization profile between OID 22.214.171.124 and AD
REF: Active Directory OID 11g Synchronization Quick Start Guide (Doc ID 1263918.1)
2. Configure oidexplg_bind_ad and oidexplg_compare_ad in ODSM.
REF: How to Configure or Setup Java External Authentication Plugins in OID 11g (Doc ID 1270329.1)
3. Test ldapbind to AD:
Wireshark shows the following: Alert (Level: Fatal, Description: Certificate Unknown).
- Changed Java External Authentication Plug-in from Non-SSL to SSL.
- Patched OID to 126.96.36.199 from a previous OID (e.g. OID 188.8.131.52).
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document