OID 11G Java External Auth Plug-ins Fail When Using SSL and JDK 1.7.0_191 "ldap_bind: Invalid credentials" (Doc ID 2459842.1)

Last updated on AUGUST 30, 2023

Applies to:

Symptoms

Java External Auth plugins fail with insuffucient privileges when using SSL port to AD and Java 1.7.0_191 (prior to build 7u191-b32

Example java version

java -version
java version "1.7.0_191"
Java(TM) SE Runtime Environment (build 1.7.0_191-b08)
Java HotSpot(TM) 64-Bit Server VM (build 24.191-b08, mixed mode)

bash-4.1$ ldapbind -p 3060 -D "cn=user1,cn=users,dc=company,dc=com" -w Welcome1
ldap_bind: Invalid credentials

Current setup works fine when using non-SSL port 389.

Ldapbind directly to AD with wallet setup for Plugins is successful

example

ldapbind -h AD HOSTNAME -p 636 -U 2 -W file://refresh/middleware/asinst_1/OID/admin/ADwallet -P "" -D "cn=user1,dc=addomain,dc=com" -w "pwd"
bind successful

OID logs show the following:
after enabling trace this is all that is displayed in the log when trying to connect

[2018-10-09T12:50:23.698264-04:00] [OID] [TRACE:16] [] [OIDLDAPD] [host: myoidhost] [pid: 22884] [tid: 8] [ecid: ecid#] ServerWorker (REG):[[
BEGIN
 ConnID:461 mesgID:1 OpID:0 OpName:bind ConnIP:::ffff:10.10.10.10:57734 ConnDN:Anonymous
SUCCESS * sgslpvm_getJvmEnv * Attach to JVM succeeded
2018-10-09T12:50:24.233325 * SUCCESS * gslsbbExecWhenReplacePlugin * Successfully Executed Java Plug-in oidexplg.jar
2018-10-09T12:50:24.233370 * INFO * gslsbbExecWhenReplacePlugin * Operation Result Code returned from the when_replace_bind Java plug-in : 49
END
]]



Applied <Patch 20210792> . <Bug 20210792>: ORACLE WALLET DOES NOT FOLLOW JAVA SPEC OF X509CERTIFICATE.GETEXTENSIONVALUE()

Wallet set with file name included /refresh/middleware/asinst_1/OID/admin/ADwallet/ewallet.p12 as per <Doc ID 462285.1>

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.