WLS Cannot Connect to Active Directory on Port 636 - Attempts to Connect on an Example Domain
(Doc ID 2195595.1)
Last updated on SEPTEMBER 15, 2022
Applies to:Oracle WebLogic Server - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
On : 184.108.40.206.0 version, WLS Security
WLS server in production mode that will not connect to AD server on port 636. It will connect on 389 just fine, but not secure port on 636. There is a virtually identical Dev instance that will connect
The following works:
ldapsearch -x -LLL -H ldaps://host.domain.net -D REDACTED -w REDACTED -b"DC=domain,DC=net" -s sub "(objectClass=user)" sAMAccountName
This means the host can connect to the AD server just fine. WLS will not.
The error is this:
<Sep 22, 2016 4:42:11 PM CDT> <Warning> <Security> <BEA-099117> <The LDAP authentication provider named "ADLDAP" failed to make connection to ldap server at ldaps://example.com:636, the error cause is: Connection timed out.>"
-- Note "example.com" is the literal name in the log.
When changing the Host to "FAKE.domain.net" and restarted the admin console, the error message changed to:
<Sep 22, 2016 4:34:07 PM CDT> <Warning> <Security> <BEA-099117> <The LDAP authentication provider named "ADLDAP" failed to make connection to ldap server at ldaps://FAKE.domain.net:636, the error cause is: FAKE.domain.net: unknown error.>
The first thought of why this is failing is because of SSL improperly set up for port 636 as it was working on 389.
Oracle Documentation to verify configuration:
Oracle WebLogic Server 220.127.116.11 Documentation > Administration Console Online Help > Active Directory Authentication Provider: Provider Specific
Administering Security for Oracle WebLogic Server 12.1.3
14 Configuring LDAP Authentication Providers
- Configuring the Certificate Lookup and Validation Framework
- Configuring the WebLogic Keystore Provider
Use the Configuration > SSL page of the WebLogic Server Administration Console to specify identity and trust options when using a file or a JKS keystore accessed via the WebLogic Keystore provider.
Administration Console Online Help > Configure keystores
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!