OID 11g DIP Fails to Connect to Backend LDAP via SSL after Restart of DIP "ODIException: LDAP Connection Failure" " javax.naming.CommunicationException: simple bind failed: HOSTNAME.DOMAIN:636 (Doc ID 2274145.1)

Last updated on JUNE 09, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.

Symptoms

Configured keystore for DIP by using manageDIPServerConfig to set the 'keystorelocation' and imported certx needed to connect to backend LDAP via SSL. 

Set profile to connect to backend via SSL port.  Sync works properly.

However, after restarting DIP 11g (or Managed Server wls_ods1) DIP is no longer able to connect to backend LDAP via SSL port

 

example error found in the log after stopping Managed Server or DIP and restarting

 

[2017-05-13T23:19:53.394-05:00] [wls_ods1] [ERROR] [DIP-10007] [oracle.dip.OIDSync] [tid: OIDSync] [userId: <anonymous>] [ecid: 0000LjXIkx78lnG_Qx_Aid1P3eex000003,0] [APP: DIP#11.1.1.2.0] error in execution of Agent thread: OIDSync[[
ODIException: LDAP Connection Failure
at oracle.ldap.odip.gsi.LDAPConnector.connectLdap(LDAPConnector.java:341)
at oracle.ldap.odip.gsi.ActiveChgReader.initialise(ActiveChgReader.java:178)
at oracle.ldap.odip.web.DIPSyncBean.readerInitialise(DIPSyncBean.java:509)
at oracle.ldap.odip.web.DIPSyncBean.mapInitialise(DIPSyncBean.java:550)
at oracle.ldap.odip.web.DIPSyncBean.execMapping(DIPSyncBean.java:458)
at oracle.ldap.odip.web.DIPSyncBean.doOneIteration(DIPSyncBean.java:348)
at oracle.ldap.odip.web.DIPSync_2r3ocw_EOImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.ldap.odip.web.DIPSync_2r3ocw_EOImpl.doOneIteration(Unknown Source)
at oracle.ldap.odip.web.SyncQuartzJobImpl.execute(SyncQuartzJobImpl.java:178)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: javax.naming.CommunicationException: simple bind failed: MYHOST.domain:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)

Changes

 DIP connecting to OID via SSL mode 1 (-U 1)

Profiles configured to connect to Backend LDAP via SSL mode 2 (-U 2)

Keystore created to store certx in order for DIP to connect to backend LDAP.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms