My Oracle Support Banner

SSL in OID Java External Authentication Plug-in to AD Fails with ldap_bind: Invalid credentials (Doc ID 2128290.1)

Last updated on AUGUST 30, 2023

Applies to:

Oracle Internet Directory - Version to [Release 11g]
Information in this document applies to any platform.


Oracle Internet Directory (OID) 11g version with Directory Integration Platform (DIP).

OID Java External Authentication Plug-in fails to authenticate users to Microsoft (MS) Active Directory (AD) using SSL.

Performed all the configuration required to synchronize Active Directory with Oracle Internet Directory 11g, but the Java Plug-in for External Authentication is not working and fails with:  "Invalid Credentials".

ldap_bind: Invalid credentials

Steps to Reproduce:

1. Setup synchronization profile between OID and AD

REF: Active Directory OID 11g Synchronization Quick Start Guide (Doc ID 1263918.1)

2. Configure oidexplg_bind_ad and oidexplg_compare_ad in ODSM.
REF: How to Configure or Setup Java External Authentication Plugins in OID 11g (Doc ID 1270329.1)

3. Test ldapbind to AD:

Wireshark shows the following: Alert (Level: Fatal, Description: Certificate Unknown).


Possible changes:

- Changed Java External Authentication Plug-in from Non-SSL to SSL.

- Patched OID to from a previous OID (e.g. OID


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.