OID 11g 11.1.1.9.0 Java External Authentication Plug-ins with AD Fails with SSL Enabled and JDK 7: "ldap_bind: Invalid credentials"
(Doc ID 2165849.1)
Last updated on SEPTEMBER 11, 2023
Applies to:
Oracle Internet Directory - Version 11.1.1.9.0 and laterInformation in this document applies to any platform.
Symptoms
When setting up SSL in OID 11.1.1.9's java external authentication plugins with AD and failed with "ldap_bind: Invalid credentials" error:
1. ldapbind via SSL port to AD with wallet is successful.
Example ldapbinds:
1- to AD:
ldapbind -h <AD HOSTNAME> -p <AD SSL PORT>-U 2 -D "cn=<USERNAME>cn=users,DC=<COMPANY NAME>,DC=net" -w <AD PASSWORD -W file://refresh/Middleware/asinst_1/config/oid1/OID/admin/oidwallet -P <WALLET PASSWORD>
bind successful
To OID with same account:
ldapbind -h <OID HOSTNAME -p <OID PORT> -D "cn=<USERNAME>cn=users,DC=<COMPANY NAME>,DC=net" -w %myadpwd
ldap_bind: Invalid credentials
NOTE: The DN (-D) in AD may not be exactly the same DN in OID. Confirm the correct DN for each LDAP server.
2. tcpdump shows error:
Alert (Level: Fatal, Description: Certificate Unknown)
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |