My Oracle Support Banner

OUD 12c: DIGEST-MD5 SASL Authentication Fails with LDAP Error 49 Invalid Credentials and authFailure if Entry under cn=OracleContext is Used as authid and Connecting LDAP-SSL Port (Doc ID 2540641.1)

Last updated on AUGUST 18, 2021

Applies to:

Oracle Unified Directory - Version 12.2.1.3.180829 and later
Information in this document applies to any platform.

Symptoms

The DIGEST-MD5 SASL authentication fails with LDAP error code 49 if using an entry under cn=OracleContext as authid and connecting LDAP-SSL (LDAPS) port, e.g.;

$ ldapsearch -h <OUD_HOSTNAME> -p <LDAP_SSL_PORT> -Z -X -j <PASSWORD_FILE> --saslOption mech=DIGEST-MD5 --saslOption authid=dn:cn=<USERNAME>,cn=OracleContext -b "" -s base "(objectClass=*)"
The SASL DIGEST-MD5 bind attempt failed
Result Code: 49 (Invalid Credentials)

 

"authFailureID=1245385" is logged into the OUD access log;

[10/Dec/2018:05:11:03 +0000] BIND REQ conn=5 op=1 msgID=2 type=SASL mechanism=DIGEST-MD5 dn="" version=3
[10/Dec/2018:05:11:03 +0000] BIND RES conn=5 op=1 msgID=2 result=49 authFailureID=1245385 authFailureReason="The server was not able to find any user entries for the provided username of dn:cn=<USERNAME>,cn=OracleContext" etime=27

This authentication error does NOT occur if using an entry other than cn=OracleContext as authid or connecting non-SSL port.

The issue has been reported in the OUD instance configured with Enterprise User Security (EUS) integration.

Changes

The authentication error occurs when meeting the following conditions:

- Connecting LDAP-SSL port
and
- Requesting DIGEST-MD5 SASL authentication.
and
- Using an entry under cn=OracleContext as authid

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.