OUD 12c: DIGEST-MD5 SASL Authentication Fails with LDAP Error 49 Invalid Credentials and authFailure if Entry under cn=OracleContext is Used as authid and Connecting LDAP-SSL Port
(Doc ID 2540641.1)
Last updated on AUGUST 18, 2021
Applies to:Oracle Unified Directory - Version 220.127.116.11.180829 and later
Information in this document applies to any platform.
The DIGEST-MD5 SASL authentication fails with LDAP error code 49 if using an entry under cn=OracleContext as authid and connecting LDAP-SSL (LDAPS) port, e.g.;
$ ldapsearch -h <OUD_HOSTNAME> -p <LDAP_SSL_PORT> -Z -X -j <PASSWORD_FILE> --saslOption mech=DIGEST-MD5 --saslOption authid=dn:cn=<USERNAME>,cn=OracleContext -b "" -s base "(objectClass=*)"
The SASL DIGEST-MD5 bind attempt failed
Result Code: 49 (Invalid Credentials)
"authFailureID=1245385" is logged into the OUD access log;
[10/Dec/2018:05:11:03 +0000] BIND REQ conn=5 op=1 msgID=2 type=SASL mechanism=DIGEST-MD5 dn="" version=3
[10/Dec/2018:05:11:03 +0000] BIND RES conn=5 op=1 msgID=2 result=49 authFailureID=1245385 authFailureReason="The server was not able to find any user entries for the provided username of dn:cn=<USERNAME>,cn=OracleContext" etime=27
This authentication error does NOT occur if using an entry other than cn=OracleContext as authid or connecting non-SSL port.
The issue has been reported in the OUD instance configured with Enterprise User Security (EUS) integration.
The authentication error occurs when meeting the following conditions:
- Connecting LDAP-SSL port
- Requesting DIGEST-MD5 SASL authentication.
- Using an entry under cn=OracleContext as authid
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document