OID 12c: After Reconfiguring DIP from SSL Mode 1 to SSL Mode 2, Connection to AD Fails with: cannot connect directory server at <AD_HOSTNAME> : <AD_SSL_PORT>
(Doc ID 2627619.1)
Last updated on MARCH 12, 2021
Applies to:Oracle Internet Directory - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
Oracle Internet Directory (OID) 12c with Directory Integration Platform (DIP).
Initially configured DIP for SSL mode 1 with OID and non-ssl to Microsoft (MS) Active Directory (AD) profile and it worked.
After reconfiguring for SSL mode 2 for both OID and AD, ldapbinds all work but unable to connect to AD from the Test Connection button within the profile:
cannot connect directory server at <AD_HOSTNAME> : <AD_SSL_PORT>
If setting only one cipher in DIP (e.g., matching an openssl test connection output to AD output), and removing the two anon ciphers (from the original SSL mode 1 configuration), then the following happens:
- MBeans and Quartz Scheduler are down
- Profile disappears / is no longer visible in Enterprise Manager (EM) Fusion Middleware (FMW) Control
- Errors trying to accessing DIP menu items
Adding the two anon ciphers back, the above all work but then unable to connect to AD from the Test Connection button within the profile again with the same error above.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document