OID 11g 11.1.1.9.0 Java External Authentication Plug-ins with AD Fails with SSL Enabled and JDK 7: "ldap_bind: Invalid credentials"

(Doc ID 2165849.1)

Last updated on DECEMBER 08, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms


When setting up SSL in OID 11.1.1.9's java external authentication plugins with AD and failed with "ldap_bind: Invalid credentials" error:

1. ldapbind via SSL port to AD with wallet is successful.

Example ldapbinds:

1- to AD:

ldapbind -h myadserver.example.com -p 636 -U 2 -D "cn=testuser1,OU=Corp,cn=users,DC=us,DC=myADhost,DC=net" -w %myadpwd -W file://refresh/Middleware/asinst_1/config/oid1/OID/admin/oidwallet -P xxx

bind successful

To OID with same account:

ldapbind -h myoidhost -p 3060 -D "cn=testuser1,cn=users,dc=myoidhost,dc=net" -w %myadpwd

ldap_bind: Invalid credentials

 

 

2. tcpdump shows error:

Alert (Level: Fatal, Description: Certificate Unknown)

ldap_bind: Invalid credentials



Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms