My Oracle Support Banner

OUD 12c - The 'eusm listDomains' Command Fails with "javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]" Using SASL Connection (Doc ID 2729029.1)

Last updated on MAY 22, 2023

Applies to:

Oracle Unified Directory - Version and later
Information in this document applies to any platform.


On : version, EUSM db command fails like the below:

 ./eusm listDomains realm_dn="dc=REALM,dc=DN" ldap_host=VIP.DN.COM ldap_port=VIP_PORT ldap_user_dn="cn=DS_ADMIN" ldap_user_password="xxxxx"
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]

The 12c OUD access log reports the connection as follows:

[26/Oct/2020:14:22:51 -0400] CONNECT conn=xxxxx from=VIP.IP.ADDR:PORT to=OUD12c.IP.ADDR:PORT protocol=LDAP
[26/Oct/2020:14:22:52 -0400] BIND REQ conn=xxxxx op=0 msgID=1 type=SASL mechanism=DIGEST-MD5 dn="" version=3
[26/Oct/2020:14:22:52 -0400] BIND RES conn=xxxxx op=0 msgID=1 result=14 etime=1
[26/Oct/2020:14:22:52 -0400] BIND REQ conn=xxxxx op=1 msgID=2 type=SASL mechanism=DIGEST-MD5 dn="" version=3
[26/Oct/2020:14:22:52 -0400] BIND RES conn=xxxxx op=1 msgID=2 result=49 authFailureID=1310929 authFailureReason="SASL DIGEST-MD5 protocol error: SaslException(DIGEST-MD5: digest response format violation. Mismatched URI: ldap/VIP.DN.COM; expecting: ldap/OUD12cHOST.DN.COM)" etime=0
[26/Oct/2020:14:22:52 -0400] DISCONNECT conn=xxxxx reason="Client Disconnect"

The issue can be reproduced at will by running the above command through the VIP.   When running the EUSM db command DIRECTLY towards the 12c OUD (skipping the VIP) the command is successful.


Moving from 11g to 12c and this issue occurs ONLY when pointing to the 12c server through the VIP.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.