My Oracle Support Banner

OID 12c: After Reconfiguring DIP from SSL Mode 1 to SSL Mode 2, Connection to AD Fails with: cannot connect directory server at <AD_HOSTNAME> : <AD_SSL_PORT> (Doc ID 2627619.1)

Last updated on AUGUST 09, 2022

Applies to:

Oracle Internet Directory - Version and later
Information in this document applies to any platform.


Oracle Internet Directory (OID) 12c with Directory Integration Platform (DIP).

Initially configured DIP for SSL mode 1 with OID and non-ssl to Microsoft (MS) Active Directory (AD) profile and it worked.

After reconfiguring for SSL mode 2 for both OID and AD, ldapbinds all work but unable to connect to AD from the Test Connection button within the profile:

  (x) Error

  cannot connect directory server at <AD_HOSTNAME> : <AD_SSL_PORT>

Additional symptoms:

If setting only one cipher in DIP (e.g., matching an openssl test connection output to AD output), and removing the two anon ciphers (from the original SSL mode 1 configuration), then the following happens:
- MBeans and Quartz Scheduler are down
- Profile disappears / is no longer visible in Enterprise Manager (EM) Fusion Middleware (FMW) Control
- Errors trying to accessing DIP menu items

Adding the two anon ciphers back, the above all work but then unable to connect to AD from the Test Connection button within the profile again with the same error above.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.