OUD11g - Enterprise User Security ( EUS) Authentication Fails With Database Version

(Doc ID 2280001.1)

Last updated on AUGUST 31, 2017

Applies to:

Oracle Unified Directory - Version to [Release 11g]
Information in this document applies to any platform.


Enterprise User Security (EUS), using Oracle Unified Directory 11gR2PS3 as the LDAP server, is not working as expected with RDBMS version

ORA-28030 when trying to connect using the sqlplus command:

Connected to:
Oracle Database 12c Enterprise Edition Release - 64bit Production

SQL> connect soe
Enter password:
ORA-28030: Server encountered problems accessing LDAP directory service

The EUS authentication fails in with the following error:

kzld_discover received ldaptype: OID
kzld found pwd in wallet
KZLD_ERR: Failed to bind to LDAP server. Err=80
KZLD is doing LDAP unbind
KZLD_ERR: found err from kzldini.

The SASL bind fails on

$ORACLE_DB_HOME/oracle/product/ -h hostname -p 1636 -U 1 -D "cn=db12c,cn=OracleContext,dc=mycontext,dc=org" -w welcome1 -O auth -Y DIGEST-MD5
ldap_sasl_bind: Unknown error

And in the access log, the bind is performed with an empty dn:

[18/May/2017:17:28:49 +0200] CONNECT conn=0 from=<IP>:41428 to=<IP>:1636 protocol=LDAPS
[18/May/2017:17:28:49 +0200] BIND REQ conn=0 op=0 msgID=1 type=SASL mechanism=DIGEST-MD5 dn="" version=3
[18/May/2017:17:28:49 +0200] BIND RES conn=0 op=0 msgID=1 result=14 etime=39
[18/May/2017:17:28:49 +0200] DISCONNECT conn=0 reason="Client Disconnect"

While in the case of using Oracle Database, the bind is correctly performed:

[18/May/2017:17:29:52 +0200] CONNECT conn=1 from=<IP>:41463 to=<IP>:1636 protocol=LDAPS
[18/May/2017:17:29:52 +0200] BIND REQ conn=1 op=0 msgID=1 type=SASL mechanism=DIGEST-MD5 dn="cn=db12c,cn=oraclecontext,dc=mycontext,dc=org" version=3
[18/May/2017:17:29:52 +0200] BIND RES conn=1 op=0 msgID=1 result=14 etime=0
[18/May/2017:17:29:52 +0200] BIND REQ conn=1 op=1 msgID=2 type=SASL mechanism=DIGEST-MD5 dn="cn=db12c,cn=oraclecontext,dc=mycontext,dc=org" version=3
[18/May/2017:17:29:52 +0200] SEARCH REQ conn=-1 op=73 msgID=74 base="cn=db12c,cn=oraclecontext,dc=mycontext,dc=org" scope=base filter="(objectClass=*)" attrs="ds-privilege-name,*"



Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms