SSL LDAP Bind to Active Directory 2003 Fails With 'Unknown Error Encountered' (Doc ID 470885.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 10.1.4 and later
Information in this document applies to any platform.
Checked for Relevance on 04/02/2013

Symptoms

Oracle Internet Directory (OID) is being integrated with Microsoft Active Directory (AD) and there is a requirement to configure the communication between OID and AD to use Secure Sockets Layer (SSL). However the SSL connection to AD is failing.

In an effect to debug the issue, OID ldapbind commands are issued from the OID server commandline, with -U 2 and -U 3 flags for SSL connection.

The ldapbind -U 2 and ldapbind -U 3 commands fail with 'Unknown Error Encountered' when binding to the SSL port of Active Directory 2003.

dbms_ldap.simple_bind_s also fails with:

Error code : -31202
Error Message : ORA-31202: DBMS_LDAP: LDAP client/server error: UnKnown Error Encountered
Exception encountered .. exiting

 

 

The following has been verified:

When ldapsearch -U 2 is run in debug mode 'Error Reading Peers SSL Credential' is seen.

Example:

ldapsearch -h ad.oracle.com -p 636 -U 2 -W "file://u01/working/mywallet" -P Welcome123 -d -1 -b "dc=oracle,dc=com" -s sub "(cn=dummy)" dn >/tmp/outfile2.txt 2>&1

ldap_open
ora_ldap_open
ldap_open
gslcopi_LdapInit
gslcopc_OpenLdapConnection
gslcoic_ConnectToHost: ad.oracle.com:636
sd 6 connected to: 10.10.10.10
sd 6 is now connected
ldap_open successful, ld_host is (null)
ldap_get_option
ora_ldap_get_option
ldap_get_option
ora_ldap_get_option
ldap_init_SSL
ora_ldap_init_SSL
....
....
SSL Hand Negotiation successful
Error Reading Peers SSL Credential
....
....
ldap_err2string
ora_ldap_err2string
ldap_err2string
UnKnown Error Encountered

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms