My Oracle Support Banner

OID 11g DIP Fails to Connect to Backend LDAP via SSL after Restart of DIP "ODIException: LDAP Connection Failure" / javax.naming.CommunicationException: simple bind failed: <HOSTNAME>:<LDAP_SSL_PORT> / unable to find valid certification path to requested (Doc ID 2274145.1)

Last updated on AUGUST 30, 2023

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.

Symptoms

Configured keystore for Directory Integration Platform (DIP) by using manageDIPServerConfig to set the 'keystorelocation' and imported certificates needed to connect to backend LDAP via SSL. 

Set profile to connect to backend via SSL port.  Synchronization works properly.

However, after restarting DIP 11g (or Managed Server wls_ods1), DIP is no longer able to connect to backend LDAP via SSL port.

Example error found in the log after stopping Managed Server or DIP and restarting:

 

Changes

DIP connecting to OID via default SSL mode 1 (-U 1) (encryption only / no authentication SSL mode / no certificates/wallets used).

Profiles are configured to connect to backend LDAP server via SSL mode 2 (-U 2) (server authentication SSL mode).

Keystore was created to store certificates in order for DIP to connect to backend LDAP.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.