My Oracle Support Banner

CMU authentication fails ORA-1017, but ldapbind ldapsearch succeeds. 'kzlg DSI off: 8' 'kzic IDCS off: 8' (Doc ID 2622539.1)

Last updated on JANUARY 07, 2020

Applies to:

Oracle Database - Enterprise Edition - Version and later
Information in this document applies to any platform.


Configuring CMU password authentication from 19.3 Database to AD server, CMU authentication fails with 'ORA-1017'.

SQL> conn ad_sec_adm/*****@adpdb1
ERROR: ORA-01017: invalid username/password; logon denied

The alert log show the following error...
ADPDB1(3):Login failed due to ORA-28030: ORA-28030: Server encountered problems accessing LDAP directory service

The trace file generated has the following...
kzlg DSI off: 8
kzlg DSI off: 8
kzic IDCS off: 8


ldapbind, ldapsearch succeeds, but still CMU authentication is failing with ORA-1017

ldapbind -h <AD server> -p 636 -D "CN=Oracle Service Directory User,OU=Oracle,OU=***,DC=****,DC=****,DC=com" -U 2 -W "file:/****/wallet/" -P ****
bind successful

ldapsearch -h <AD server> -p 636 -D "CN=ad_oracle,OU=Oracle,OU=***,DC=****,DC=***,DC=com" -w **** -U 2 -W "file:/***********/wallet/" -P **** "OU=Oracle,OU=**,DC=*****,DC=***,DC=com" -s sub "(sAMAccountName=ad*)" dn orclCommonAttribute

CN=ad_oracle,OU=Oracle,OU=**,DC=****,DC=***,DC=com orclCommonAttribute=
CN=ad_sec_adm,OU=Oracle,OU=***,DC=****,DC=***,DC=com orclCommonAttribute={MR-SHA512}************************


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.