Active Directory (AD) Synchronization to OID 10g Via SSL Mode Fails: DIP_GEN_CONNECTION_FAILURE or "No trusted certificate found"
(Doc ID 300756.1)
Last updated on AUGUST 23, 2022
Applies to:
Oracle Internet Directory - Version 10.1.2.0.2 to 10.1.4.3 [Release 10gR2 to 10gR3]Information in this document applies to any platform.
Symptoms
Configuring OID to AD sync via SSL fails.
ActiveChgImp.trc file shows error:
LDAP URL : (<AD_HOSTNAME>:<AD_SSL_PORT> cn=<AD_ADMIN_USER>,cn=users,dc=<COMPANY>,dc=com
Connecting in SSL
Updated Attributes
orclodipLastExecutionTime: 20050225133619
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors: LDAP Connection Failure
Error in proxy connection : java.lang.NullPointerException
java.lang.NullPointerException
at oracle.ldap.odip.engine.AgentThread.updateExecStatus(AgentThread.java:487)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:192)
LDAP CommuncationException javax.naming.CommunicationException: <AD_HOSTNAME>:<AD_SSL_PORT> [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted
certificate found] <AD_HOSTNAME>:<AD_SSL_PORT>
ActiveChgImp:Error in Mapping EngineODIException: DIP_GEN_CONNECTION_FAILURE
ODIException: DIP_GEN_CONNECTION_FAILURE
at oracle.ldap.odip.gsi.LDAPConnector.connectLdap(LDAPConnector.java:249)
at oracle.ldap.odip.gsi.ActiveChgReader.initialise(ActiveChgReader.java:184)
at oracle.ldap.odip.engine.AgentThread.mapInitialise(AgentThread.java:327)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:253)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:149)
Connecting in SSL
Updated Attributes
orclodipLastExecutionTime: 20050225133619
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors: LDAP Connection Failure
Error in proxy connection : java.lang.NullPointerException
java.lang.NullPointerException
at oracle.ldap.odip.engine.AgentThread.updateExecStatus(AgentThread.java:487)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:192)
LDAP CommuncationException javax.naming.CommunicationException: <AD_HOSTNAME>:<AD_SSL_PORT> [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted
certificate found] <AD_HOSTNAME>:<AD_SSL_PORT>
ActiveChgImp:Error in Mapping EngineODIException: DIP_GEN_CONNECTION_FAILURE
ODIException: DIP_GEN_CONNECTION_FAILURE
at oracle.ldap.odip.gsi.LDAPConnector.connectLdap(LDAPConnector.java:249)
at oracle.ldap.odip.gsi.ActiveChgReader.initialise(ActiveChgReader.java:184)
at oracle.ldap.odip.engine.AgentThread.mapInitialise(AgentThread.java:327)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:253)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:149)
Active Directory server is only listening on SSL.
Ldapbinds from OID to AD work via SSL mode 2:
> ldapbind -h <AD_HOSTNAME> -p <AD_SSL_PORT> -D <AD_ADMIN_USER>@<DOMAIN> -w <PASSWORD> -P <WALLET_PASSWORD> -W file:<DIR_TO_WALLET> -U 2
> bind successful
> bind successful
Another variation on the error may be as follows:
Trace Log Started at Wed Apr 13 07:21:44 EDT 2005
Request: 1 cancelled
ActiveChgImp:Error in Mapping EngineODIException: DIP_GEN_CONNECTION_FAILURE
ODIException: DIP_GEN_CONNECTION_FAILURE
at oracle.ldap.odip.gsi.LDAPConnector.connectLdap(LDAPConnector.java:249)
at oracle.ldap.odip.gsi.ActiveChgReader.initialise(ActiveChgReader.java:190)
at oracle.ldap.odip.engine.AgentThread.mapInitialise(AgentThread.java:335)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:261)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:155)
ActiveChgImp:about to Update exec status
Error in proxy connection : java.lang.NullPointerException
java.lang.NullPointerException
at oracle.ldap.odip.engine.AgentThread.updateExecStatus(AgentThread.java:500)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:278)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:155)
Updated Attributes
orclodipLastExecutionTime: 20050413072224
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors: LDAP Connection Failure
Sleeping for 1secs
Request: 1 cancelled
Request: 1 cancelled
ActiveChgImp:Error in Mapping EngineODIException: DIP_GEN_CONNECTION_FAILURE
ODIException: DIP_GEN_CONNECTION_FAILURE
at oracle.ldap.odip.gsi.LDAPConnector.connectLdap(LDAPConnector.java:249)
at oracle.ldap.odip.gsi.ActiveChgReader.initialise(ActiveChgReader.java:190)
at oracle.ldap.odip.engine.AgentThread.mapInitialise(AgentThread.java:335)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:261)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:155)
ActiveChgImp:about to Update exec status
Error in proxy connection : java.lang.NullPointerException
java.lang.NullPointerException
at oracle.ldap.odip.engine.AgentThread.updateExecStatus(AgentThread.java:500)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:278)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:155)
Updated Attributes
orclodipLastExecutionTime: 20050413072224
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors: LDAP Connection Failure
Sleeping for 1secs
Request: 1 cancelled
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |