OUD11g - Enterprise User Security (EUS) Authentication Fails with "ORA-28030" and/or "SASL DIGEST-MD5 protocol error" using DB / RDBMS 12.2.0.1
(Doc ID 2280001.1)
Last updated on DECEMBER 09, 2024
Applies to:
Oracle Unified Directory - Version 11.1.2.3.0 to 11.1.2.3.170718 [Release 11g]Information in this document applies to any platform.
Symptoms
Enterprise User Security (EUS), using Oracle Unified Directory 11gR2PS3 as the LDAP server, is not working as expected with RDBMS version 12.2.0.1
ORA-28030 when trying to connect using the sqlplus command:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production
SQL> connect soe
Enter password:
ERROR:
ORA-28030: Server encountered problems accessing LDAP directory service
The EUS authentication fails in 12.2.0.1 with the following error:
kzld found pwd in wallet
KZLD_ERR: Failed to bind to LDAP server. Err=80
KZLD_ERR: 80
KZLD is doing LDAP unbind
KZLD_ERR: found err from kzldini.
The SASL bind fails on 12.2.0.1:
ldap_sasl_bind: Unknown error
And in the access log, the bind is performed with an empty dn:
[18/May/2017:17:28:49 +0200] BIND REQ conn=0 op=0 msgID=1 type=SASL mechanism=DIGEST-MD5 dn="" version=3
[18/May/2017:17:28:49 +0200] BIND RES conn=0 op=0 msgID=1 result=14 etime=39
[18/May/2017:17:28:49 +0200] DISCONNECT conn=0 reason="Client Disconnect"
While in the case of using Oracle Database 12.1.0.2, the bind is correctly performed:
[18/May/2017:17:29:52 +0200] BIND REQ conn=1 op=0 msgID=1 type=SASL mechanism=DIGEST-MD5 dn="cn=<DB12c>,cn=oraclecontext,dc=<SUFFIX>" version=3
[18/May/2017:17:29:52 +0200] BIND RES conn=1 op=0 msgID=1 result=14 etime=0
[18/May/2017:17:29:52 +0200] BIND REQ conn=1 op=1 msgID=2 type=SASL mechanism=DIGEST-MD5 dn="cn=<DB12c>,cn=oraclecontext,dc=<SUFFIX>" version=3
[18/May/2017:17:29:52 +0200] SEARCH REQ conn=-1 op=73 msgID=74 base="cn=<DB12c>,cn=oraclecontext,dc=<SUFFIX>" scope=base filter="(objectClass=*)" attrs="ds-privilege-name,*"
From a different case, the following errors were observed:
From DB trace:
kzld found pwd in wallet
KZLD_ERR: Failed to bind to LDAP server. Err=49
KZLD_ERR: 49
KZLD is doing LDAP unbind
KZLD_ERR: found err from kzldini.
From the OUD access log from that same connection attempt:
[25/May/2018:09:45:05 -0500] CONNECT conn=1620 from=<IP>:<> to=<IP>:<LDAPS_PORT> protocol=LDAPS
[25/May/2018:09:45:06 -0500] BIND REQ conn=1620 op=0 msgID=1 type=SASL mechanism=DIGEST-MD5 dn="" version=3
[25/May/2018:09:45:06 -0500] BIND RES conn=1620 op=0 msgID=1 result=14 etime=3
[25/May/2018:09:45:06 -0500] BIND REQ conn=1620 op=1 msgID=2 type=SASL mechanism=DIGEST-MD5 dn="" version=3
[25/May/2018:09:45:06 -0500] BIND RES conn=1620 op=1 msgID=2 result=49 authFailureID=1310929 authFailureReason="SASL DIGEST-MD5 protocol error: SaslException(DIGEST-MD5: digest response format violation. Nonexistent realm: )" etime=1
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |