My Oracle Support Banner

OID 11g Java External Authentication Plug-ins with AD Fails with SSL Enabled and JDK 7: "ldap_bind: Invalid credentials" (Doc ID 2165849.1)

Last updated on OCTOBER 01, 2020

Applies to:

Oracle Internet Directory - Version and later
Information in this document applies to any platform.


When setting up SSL in OID's java external authentication plugins with AD and failed with "ldap_bind: Invalid credentials" error:

1. ldapbind via SSL port to AD with wallet is successful.

Example ldapbinds:

1- to AD:

ldapbind -h <AD HOSTNAME> -p <AD SSL PORT>-U 2 -D "cn=<USERNAME>cn=users,DC=<COMPANY NAME>,DC=net" -w <AD PASSWORD -W file://refresh/Middleware/asinst_1/config/oid1/OID/admin/oidwallet -P <WALLET PASSWORD>

bind successful

To OID with same account:

ldapbind -h <OID HOSTNAME -p <OID PORT> -D "cn=<USERNAME>cn=users,DC=<COMPANY NAME>,DC=net" -w %myadpwd

ldap_bind: Invalid credentials

 NOTE: The DN (-D) in AD may not be exactly the same DN in OID.  Confirm the correct DN for each LDAP server.


2. tcpdump shows error:

Alert (Level: Fatal, Description: Certificate Unknown)

ldap_bind: Invalid credentials




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.