OUD11g - The GSSAPI Authentication to Directory Server is Not Working

(Doc ID 2370675.1)

Last updated on MARCH 16, 2018

Applies to:

Oracle Unified Directory - Version 11.1.2.3.1 to 11.1.2.3.180116 [Release 11g]
Information in this document applies to any platform.

Symptoms

While attempting to perform GSSAPI authentication to the Directory Server.

The next error is observed

$ ./ldapsearch -h <OUD_HOST> -p 1389 -o mech=GSSAPI -o authid=<user> -o authzid="<user_DN>" -b "" -s base "(objectClass=*)"

An error occurred while attempting to perform GSSAPI authentication to the Directory Server: PrivilegedActionException(AccessController.java:-2)
Result Code: 82 (Local Error)"

In the OUD access logs observing: 

[17/Jan/2018:10:53:47 -0500] CONNECT conn=1001 from=xxxx:58786 to=xxxx:1389 protocol=LDAP 
[17/Jan/2018:10:53:48 -0500] BIND REQ conn=1001 op=0 msgID=1 type=SASL mechanism=GSSAPI dn="" version=3 
[17/Jan/2018:10:53:48 -0500] BIND RES conn=1001 op=0 msgID=1 result=7 message="Unable to process the bind request because it attempted to use an 
unknown SASL mechanism GSSAPI that is not available in the Directory Server" etime=0 
[17/Jan/2018:10:53:48 -0500] DISCONNECT conn=1001 reason="Client Disconnect"

  

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms