OUD11g - Enterprise User Security ( EUS) Authentication Fails With Database Version 12.2.0.1

(Doc ID 2280001.1)

Last updated on AUGUST 31, 2017

Applies to:

Oracle Unified Directory - Version 11.1.2.3.0 to 11.1.2.3.170418 [Release 11g]
Information in this document applies to any platform.

Symptoms

Enterprise User Security (EUS), using Oracle Unified Directory 11gR2PS3 as the LDAP server, is not working as expected with RDBMS version 12.2.0.1

ORA-28030 when trying to connect using the sqlplus command:

Connected to:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production

SQL> connect soe
Enter password:
ERROR:
ORA-28030: Server encountered problems accessing LDAP directory service

The EUS authentication fails in 12.2.0.1 with the following error:

kzld_discover received ldaptype: OID
kzld found pwd in wallet
KZLD_ERR: Failed to bind to LDAP server. Err=80
KZLD_ERR: 80
KZLD is doing LDAP unbind
KZLD_ERR: found err from kzldini.

The SASL bind fails on 12.2.0.1:

$ORACLE_DB_HOME/oracle/product/12.2.0.1/bin/ldapbind -h hostname -p 1636 -U 1 -D "cn=db12c,cn=OracleContext,dc=mycontext,dc=org" -w welcome1 -O auth -Y DIGEST-MD5
ldap_sasl_bind: Unknown error

And in the access log, the bind is performed with an empty dn:

[18/May/2017:17:28:49 +0200] CONNECT conn=0 from=<IP>:41428 to=<IP>:1636 protocol=LDAPS
[18/May/2017:17:28:49 +0200] BIND REQ conn=0 op=0 msgID=1 type=SASL mechanism=DIGEST-MD5 dn="" version=3
[18/May/2017:17:28:49 +0200] BIND RES conn=0 op=0 msgID=1 result=14 etime=39
[18/May/2017:17:28:49 +0200] DISCONNECT conn=0 reason="Client Disconnect"

While in the case of using Oracle Database 12.1.0.2, the bind is correctly performed:

[18/May/2017:17:29:52 +0200] CONNECT conn=1 from=<IP>:41463 to=<IP>:1636 protocol=LDAPS
[18/May/2017:17:29:52 +0200] BIND REQ conn=1 op=0 msgID=1 type=SASL mechanism=DIGEST-MD5 dn="cn=db12c,cn=oraclecontext,dc=mycontext,dc=org" version=3
[18/May/2017:17:29:52 +0200] BIND RES conn=1 op=0 msgID=1 result=14 etime=0
[18/May/2017:17:29:52 +0200] BIND REQ conn=1 op=1 msgID=2 type=SASL mechanism=DIGEST-MD5 dn="cn=db12c,cn=oraclecontext,dc=mycontext,dc=org" version=3
[18/May/2017:17:29:52 +0200] SEARCH REQ conn=-1 op=73 msgID=74 base="cn=db12c,cn=oraclecontext,dc=mycontext,dc=org" scope=base filter="(objectClass=*)" attrs="ds-privilege-name,*"

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms