My Oracle Support Banner

OID 11g 11.1.1.9.0 Java External Authentication Plug-ins with AD Fails with SSL Enabled and JDK 7: "ldap_bind: Invalid credentials" (Doc ID 2165849.1)

Last updated on SEPTEMBER 11, 2023

Applies to:

Oracle Internet Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms


When setting up SSL in OID 11.1.1.9's java external authentication plugins with AD and failed with "ldap_bind: Invalid credentials" error:

1. ldapbind via SSL port to AD with wallet is successful.

Example ldapbinds:

1- to AD:

ldapbind -h <AD HOSTNAME> -p <AD SSL PORT>-U 2 -D "cn=<USERNAME>cn=users,DC=<COMPANY NAME>,DC=net" -w <AD PASSWORD -W file://refresh/Middleware/asinst_1/config/oid1/OID/admin/oidwallet -P <WALLET PASSWORD>

bind successful

To OID with same account:

ldapbind -h <OID HOSTNAME -p <OID PORT> -D "cn=<USERNAME>cn=users,DC=<COMPANY NAME>,DC=net" -w %myadpwd

ldap_bind: Invalid credentials

 NOTE: The DN (-D) in AD may not be exactly the same DN in OID.  Confirm the correct DN for each LDAP server.

 

2. tcpdump shows error:

Alert (Level: Fatal, Description: Certificate Unknown)

ldap_bind: Invalid credentials



Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.