OUD 12c - The 'eusm listDomains' Command Fails with "javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]" Using SASL Connection
(Doc ID 2729029.1)
Last updated on MAY 22, 2023
Applies to:
Oracle Unified Directory - Version 12.2.1.3.0 and laterInformation in this document applies to any platform.
Symptoms
On : 12.2.1.3.0 version, EUSM db command fails like the below:
./eusm listDomains realm_dn="dc=REALM,dc=DN" ldap_host=VIP.DN.COM ldap_port=VIP_PORT ldap_user_dn="cn=DS_ADMIN" ldap_user_password="xxxxx"
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
The 12c OUD access log reports the connection as follows:
[26/Oct/2020:14:22:51 -0400] CONNECT conn=xxxxx from=VIP.IP.ADDR:PORT to=OUD12c.IP.ADDR:PORT protocol=LDAP
[26/Oct/2020:14:22:52 -0400] BIND REQ conn=xxxxx op=0 msgID=1 type=SASL mechanism=DIGEST-MD5 dn="" version=3
[26/Oct/2020:14:22:52 -0400] BIND RES conn=xxxxx op=0 msgID=1 result=14 etime=1
[26/Oct/2020:14:22:52 -0400] BIND REQ conn=xxxxx op=1 msgID=2 type=SASL mechanism=DIGEST-MD5 dn="" version=3
[26/Oct/2020:14:22:52 -0400] BIND RES conn=xxxxx op=1 msgID=2 result=49 authFailureID=1310929 authFailureReason="SASL DIGEST-MD5 protocol error: SaslException(DIGEST-MD5: digest response format violation. Mismatched URI: ldap/VIP.DN.COM; expecting: ldap/OUD12cHOST.DN.COM)" etime=0
[26/Oct/2020:14:22:52 -0400] DISCONNECT conn=xxxxx reason="Client Disconnect"
[26/Oct/2020:14:22:52 -0400] BIND REQ conn=xxxxx op=0 msgID=1 type=SASL mechanism=DIGEST-MD5 dn="" version=3
[26/Oct/2020:14:22:52 -0400] BIND RES conn=xxxxx op=0 msgID=1 result=14 etime=1
[26/Oct/2020:14:22:52 -0400] BIND REQ conn=xxxxx op=1 msgID=2 type=SASL mechanism=DIGEST-MD5 dn="" version=3
[26/Oct/2020:14:22:52 -0400] BIND RES conn=xxxxx op=1 msgID=2 result=49 authFailureID=1310929 authFailureReason="SASL DIGEST-MD5 protocol error: SaslException(DIGEST-MD5: digest response format violation. Mismatched URI: ldap/VIP.DN.COM; expecting: ldap/OUD12cHOST.DN.COM)" etime=0
[26/Oct/2020:14:22:52 -0400] DISCONNECT conn=xxxxx reason="Client Disconnect"
The issue can be reproduced at will by running the above command through the VIP. When running the EUSM db command DIRECTLY towards the 12c OUD (skipping the VIP) the command is successful.
Changes
Moving from 11g to 12c and this issue occurs ONLY when pointing to the 12c server through the VIP.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |