SSL LDAP Bind to Active Directory 2003 Fails With 'Unknown Error Encountered'
(Doc ID 470885.1)
Last updated on FEBRUARY 03, 2019
Applies to:Oracle Internet Directory - Version 10.1.4 and later
Information in this document applies to any platform.
Checked for Relevance on 04/02/2013
Oracle Internet Directory (OID) is being integrated with Microsoft Active Directory (AD) and there is a requirement to configure the communication between OID and AD to use Secure Sockets Layer (SSL). However the SSL connection to AD is failing.
In an effect to debug the issue, OID ldapbind commands are issued from the OID server commandline, with -U 2 and -U 3 flags for SSL connection.
The ldapbind -U 2 and ldapbind -U 3 commands fail with 'Unknown Error Encountered' when binding to the SSL port of Active Directory 2003.
dbms_ldap.simple_bind_s also fails with:
Error Message : ORA-31202: DBMS_LDAP: LDAP client/server error: UnKnown Error Encountered
Exception encountered .. exiting
The following has been verified:
- The ldapbind syntax for the wallet is correct:
For Windows, where the wallet is saved in directory D:\MyWallet:
ldapbind -h <ADHostname> -p 636 -U 2 -W "file:D:\MyWallet" -P <wallet_password>
For UNIX, where the wallet is saved in directory /u01/working/mywallet:
ldapbind -h <ADHostname> -p 636 -U 2 -W "file://u01/working/mywallet" -P <wallet_password>
- The wallet contains the root CA certificate for the AD server certificate.
- Other LDAP tools that do not verify the server certificate can bind successfully.
When ldapsearch -U 2 is run in debug mode 'Error Reading Peers SSL Credential' is seen.
sd 6 connected to: 10.10.10.10
sd 6 is now connected
ldap_open successful, ld_host is (null)
SSL Hand Negotiation successful
Error Reading Peers SSL Credential
UnKnown Error Encountered
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.|