OID to AD Server Chaining (SC): Ldapbinds with Server Chained Users to OID Fail With: ldap_bind: Invalid credentials
(Doc ID 2252135.1)
Last updated on NOVEMBER 14, 2019
Applies to:
Oracle Internet Directory - Version 10.1.4 and laterInformation in this document applies to any platform.
Symptoms
Server Chaining (SC) configured in Oracle Internet Directory (OID) for Microsoft (MS) Active Directory (AD) access.
Searching the AD users work, however ldapbinds for AD server chained users via OID with valid/working AD passwords fail with:
ldapbind -h <OID_HOSTNAME> -p <OID_PORT> -D "CN=<AD_USERNAME>,OU=Users,ou=<OU>,cn=users,dc=<COMPANY>,dc=com" -q
Please enter bind password:
ldap_bind: Invalid credentials
Please enter bind password:
ldap_bind: Invalid credentials
Example OID 11g low level debug log shows:
[2017-04-05T07:49:09.678360-04:00] [OID] [TRACE:16] [] [OIDLDAPD] [host:<OID_HOSTNAME>] [pid: <PID>] [tid: <TID>] [ecid: <ECID>] ServerWorker (REG):[[
BEGIN
ConnID:829831 mesgID:1 OpID:0 OpName:bind ConnIP:<IP_ADDRESS>:35620 ConnDN:Anonymous
INFO : gslfbidbDoBind * Version=3 BIND dn="CN=<AD_USERNAME>,OU=Users,ou=<OU>,cn=users,dc=<COMPANY>,dc=com" method=128
ConnId = 829831, op=0, IpAddr=<IP_ADDRESS>
2017-04-05T07:49:09.680430 * INFO:gsleswrASndResult OPtime=2287 micro sec RESULT=49 tag=97 nentries=0
2017-04-05T07:49:09.680452 * Qtime=0 micro sec
END
]]
BEGIN
ConnID:829831 mesgID:1 OpID:0 OpName:bind ConnIP:<IP_ADDRESS>:35620 ConnDN:Anonymous
INFO : gslfbidbDoBind * Version=3 BIND dn="CN=<AD_USERNAME>,OU=Users,ou=<OU>,cn=users,dc=<COMPANY>,dc=com" method=128
ConnId = 829831, op=0, IpAddr=<IP_ADDRESS>
2017-04-05T07:49:09.680430 * INFO:gsleswrASndResult OPtime=2287 micro sec RESULT=49 tag=97 nentries=0
2017-04-05T07:49:09.680452 * Qtime=0 micro sec
END
]]
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |