My Oracle Support Banner

OID 11g 11.1.1.9 and Oracle Password Filter on MS AD 2012 R2 Fails. After Reinstall, ldapbindssl.exe Works But Password Filter Main Log Shows: bind [cn=orcladmin] failed : Unavailable | Connection to OID failed (Doc ID 2135651.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

Installed Oracle Password Filter on Microsoft (MS) Active Directory (AD) Windows 2012 R2 server.

Created a autosigned (selfsigned) wallet with the certificated imported into AD, but ldapbindssl fails:

ldapbindssl.exe -h <oid host> -p <oid ssl port> -D cn=orcladmin
Please enter the password for OID :
************
Connecting server in SSL Mode
Checking if SSL is enabled
SSL not enabled.
SSL being enabled...
Binding ...
Ldap bindERROR
System Error Code: 0
LDAP Error Code: 52
Error Message: Server Unavailable

OID log related error shows:

[2016-04-25T10:10:31.942552-04:00] [OID] [TRACE:16] [] [OIDLDAPD] [host: oidhost] [pid: 7964] [tid: 16] SSLthread: ERROR * gslsflnNegotiateSSL * SSL Hand Shake failed                  Source address: ::ffff:<IP address> * (NZerr 29005)

Regular OID ldapbind works:

$ ldapbind -h <oidhost> -p <ssl port> -D cn=orcladmin -w <password> -U 2 -W file://oracle/app/oracle/product/fmw11g/asinst_1/OID/admin/ldap -P ""
bind successful

 

After full uninstall and reinstall of the Password Filter as per documentation:

   Oracle® Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform 11g Release 1 (11.1.1) E56469-02
   Chapter 22 Deploying the Oracle Password Filter for Microsoft Active Directory
   Section 22.6 Removing the Oracle Password Filter for Microsoft Active Directory

The ldapbindssl then works:

ldapbindssl.exe -h <oidhost> -p <oid ssl port> -D cn=orcladmin
Please enter the password for OID :
************
Connecting server in SSL Mode
Checking if SSL is enabled
SSL not enabled.
 SSL being enabled...
Binding ...
Bind Successful

However the Oracle Password Filter fails and its Main log shows:

Debug [02/05/2016 17:37:09] thr=620 SSL Type : 2
Debug [02/05/2016 17:37:09] thr=620 bind [cn=orcladmin] failed : Unavailable
Debug [02/05/2016 17:37:09] thr=620 Connection to OID failed
Debug [02/05/2016 17:37:09] thr=620 Pushing password to remote Directory
Debug [02/05/2016 17:37:09] thr=620 Setting Datastore to OID
Debug [02/05/2016 17:37:09] thr=620 userid length (first) = 6
Debug [02/05/2016 17:37:09] thr=620 userid (first) = testuser

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.