Active Directory (AD) Synchronization to OID 10g Via SSL Mode Fails: DIP_GEN_CONNECTION_FAILURE (Doc ID 300756.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 10.1.2.0.2 to 10.1.4.3 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.

Symptoms

Configuring OID to AD sync via SSL fails.

ActiveChgImp.trc file shows error:

LDAP URL : (< AD Host : SSLPort > cn=ADadmin,cn=users,dc=mycompany,dc=com
Connecting in SSL
Updated Attributes
orclodipLastExecutionTime: 20050225133619
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors: LDAP Connection Failure
Error in proxy connection : java.lang.NullPointerException
java.lang.NullPointerException
at oracle.ldap.odip.engine.AgentThread.updateExecStatus(AgentThread.java:487)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:192)
LDAP CommuncationException javax.naming.CommunicationException: < AD Host : SSLPort > [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted
certificate found] < AD Host : SSLPort >
ActiveChgImp:Error in Mapping EngineODIException: DIP_GEN_CONNECTION_FAILURE
ODIException: DIP_GEN_CONNECTION_FAILURE
at oracle.ldap.odip.gsi.LDAPConnector.connectLdap(LDAPConnector.java:249)
at oracle.ldap.odip.gsi.ActiveChgReader.initialise(ActiveChgReader.java:184)
at oracle.ldap.odip.engine.AgentThread.mapInitialise(AgentThread.java:327)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:253)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:149)


Active Directory server is only listening on SSL.

Ldapbinds from OID to AD work via SSL mode 2:

> ldapbind -h <ADHost> -p <AD SSL Port> -D <ADadmin@domain> -w <ADadminPassword> -P <WalletPassword> -W file:/etc/ORACLE/WALLETS/oracle/ -U 2
> bind successful



Another variation on the error may be as follows:

Trace Log Started at Wed Apr 13 07:21:44 EDT 2005
Request: 1 cancelled
ActiveChgImp:Error in Mapping EngineODIException: DIP_GEN_CONNECTION_FAILURE
ODIException: DIP_GEN_CONNECTION_FAILURE
at oracle.ldap.odip.gsi.LDAPConnector.connectLdap(LDAPConnector.java:249)
at oracle.ldap.odip.gsi.ActiveChgReader.initialise(ActiveChgReader.java:190)
at oracle.ldap.odip.engine.AgentThread.mapInitialise(AgentThread.java:335)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:261)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:155)
ActiveChgImp:about to Update exec status
Error in proxy connection : java.lang.NullPointerException
java.lang.NullPointerException
at oracle.ldap.odip.engine.AgentThread.updateExecStatus(AgentThread.java:500)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:278)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:155)
Updated Attributes
orclodipLastExecutionTime: 20050413072224
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors: LDAP Connection Failure
Sleeping for 1secs
Request: 1 cancelled

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms