Linux O/S Authentication Against OID / Ldapsearch Fails With "ldap_sasl_interactive_bind_s: Local error" / su to a user Fails With "user does not exist". Or Fails with: /usr/bin/id: cannot find name for group ID <GROUP_ID> (Doc ID 277739.1)

Last updated on AUGUST 23, 2022

Applies to:

Symptoms

Oracle Internet Directory (OID).

OID built-in ldap command line, clients and applications are working and authenticating against OID without problems.

Trying to use OID ldap for Operating System (OS / O/S) or corportate authentication mechanism, i.e., Redhat Unix boxes to authenticate via OID.

Scenario 1

When running the client ldap_search, it returns:

When trying "su" to a user defined in oracle LDAP server, it returns:

It appears that redhat openldap has built-in sasl, so to authenticate without sasl, tried downloading and recompiling, and reinstalling openldap on redhat without sasl, ran authconfig and put in the OID server ip address and the base db of cn=Users,<subscriber domain>. Ldapsearch return all users, but su to a user still fails with the same user does not exist error.

Cron adds these errors in the log:

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.