OID 12c: After Reconfiguring DIP from SSL Mode 1 to SSL Mode 2, Connection to AD Fails with: cannot connect directory server at <AD_HOSTNAME> : <AD_SSL_PORT> (Doc ID 2627619.1)

Last updated on MAY 01, 2024

Applies to:

Symptoms

Oracle Internet Directory (OID) 12c with Directory Integration Platform (DIP).

Initially configured DIP for SSL mode 1 with OID and non-ssl to Microsoft (MS) Active Directory (AD) profile and it worked.

After reconfiguring for SSL mode 2 for both OID and AD, ldapbinds all work but unable to connect to AD from the Test Connection button within the profile:

Additional symptoms:

If setting only one cipher in DIP (e.g., matching an openssl test connection output to AD output), and removing the two anon ciphers (from the original SSL mode 1 configuration), then the following happens:
- MBeans and Quartz Scheduler are down
- Profile disappears / is no longer visible in Enterprise Manager (EM) Fusion Middleware (FMW) Control
- Errors trying to accessing DIP menu items

Adding the two anon ciphers back, the above all work but then unable to connect to AD from the Test Connection button within the profile again with the same error above.

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.