OID to AD Server Chaining (SC): Ldapbinds with Server Chained Users to OID Fail With: ldap_bind: Invalid credentials

(Doc ID 2252135.1)

Last updated on APRIL 06, 2017

Applies to:

Oracle Internet Directory - Version 10.1.4 and later
Information in this document applies to any platform.


Server Chaining (SC) configured in Oracle Internet Directory (OID) for Microsoft (MS) Active Directory (AD) access.

Searching the AD users work, however ldapbinds for AD server chained users via OID with valid/working AD passwords fail with:

ldapbind -h myoidhost -p 3060 -D "CN=my AD user,OU=Users,ou=ad,cn=users,dc=mycompany,dc=com" -q
Please enter bind password:
ldap_bind: Invalid credentials

Example OID 11g low level debug log shows:

[2017-04-05T07:49:09.678360-04:00] [OID] [TRACE:16] [] [OIDLDAPD] [host: myoidhost] [pid: 21135] [tid: 11] [ecid: 005J6buz73uEwGRLIY1Fif0005AF000EI2,0] ServerWorker (REG):[[
ConnID:829831 mesgID:1 OpID:0  OpName:bind ConnIP:<IP Address>:35620 ConnDN:Anonymous
INFO : gslfbidbDoBind *  Version=3 BIND dn="CN=my AD user,OU=Users,ou=ad,cn=users,dc=mycompany,dc=com" method=128
                 ConnId = 829831, op=0, IpAddr=<IP Address>
2017-04-05T07:49:09.680430 * INFO:gsleswrASndResult OPtime=2287 micro sec RESULT=49 tag=97 nentries=0
2017-04-05T07:49:09.680452 * Qtime=0 micro sec





Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms