My Oracle Support Banner

Active Directory (AD) Synchronization to OID 10g Via SSL Mode Fails: DIP_GEN_CONNECTION_FAILURE or "No trusted certificate found" (Doc ID 300756.1)

Last updated on SEPTEMBER 18, 2019

Applies to:

Oracle Internet Directory - Version 10.1.2.0.2 to 10.1.4.3 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.

Symptoms

Configuring OID to AD sync via SSL fails.

ActiveChgImp.trc file shows error:

LDAP URL : (<AD_HOSTNAME>:<AD_SSL_PORT> cn=<AD_ADMIN_USER>,cn=users,dc=<COMPANY>,dc=com
Connecting in SSL
Updated Attributes
orclodipLastExecutionTime: 20050225133619
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors: LDAP Connection Failure
Error in proxy connection : java.lang.NullPointerException
java.lang.NullPointerException
at oracle.ldap.odip.engine.AgentThread.updateExecStatus(AgentThread.java:487)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:192)
LDAP CommuncationException javax.naming.CommunicationException: <AD_HOSTNAME>:<AD_SSL_PORT> [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted
certificate found] <AD_HOSTNAME>:<AD_SSL_PORT>
ActiveChgImp:Error in Mapping EngineODIException: DIP_GEN_CONNECTION_FAILURE
ODIException: DIP_GEN_CONNECTION_FAILURE
at oracle.ldap.odip.gsi.LDAPConnector.connectLdap(LDAPConnector.java:249)
at oracle.ldap.odip.gsi.ActiveChgReader.initialise(ActiveChgReader.java:184)
at oracle.ldap.odip.engine.AgentThread.mapInitialise(AgentThread.java:327)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:253)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:149)


Active Directory server is only listening on SSL.

Ldapbinds from OID to AD work via SSL mode 2:

> ldapbind -h <AD_HOSTNAME> -p <AD_SSL_PORT> -D <AD_ADMIN_USER>@<DOMAIN> -w <PASSWORD> -P <WALLET_PASSWORD> -W file:<DIR_TO_WALLET> -U 2
> bind successful



Another variation on the error may be as follows:

Trace Log Started at Wed Apr 13 07:21:44 EDT 2005
Request: 1 cancelled
ActiveChgImp:Error in Mapping EngineODIException: DIP_GEN_CONNECTION_FAILURE
ODIException: DIP_GEN_CONNECTION_FAILURE
at oracle.ldap.odip.gsi.LDAPConnector.connectLdap(LDAPConnector.java:249)
at oracle.ldap.odip.gsi.ActiveChgReader.initialise(ActiveChgReader.java:190)
at oracle.ldap.odip.engine.AgentThread.mapInitialise(AgentThread.java:335)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:261)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:155)
ActiveChgImp:about to Update exec status
Error in proxy connection : java.lang.NullPointerException
java.lang.NullPointerException
at oracle.ldap.odip.engine.AgentThread.updateExecStatus(AgentThread.java:500)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:278)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:155)
Updated Attributes
orclodipLastExecutionTime: 20050413072224
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors: LDAP Connection Failure
Sleeping for 1secs
Request: 1 cancelled

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.