Enterprise User Security LDAP issue
Date: Wed, 2 Sep 2015 13:27:57 +0000
Message-ID: <D4EBD31A58EB64419330A4F471BB2F242677CAF7_at_CINURCNA02.e2k.ad.ge.com>
I'm attempting to set up Enterprise User Security using the Oracle Unified Directory (OUD) as my ldap server.
I have OUD set up and running. I've registered the database with OUD successfully. I've set up the ldap.ora file, and created an entry in the sqlnet.ora file that points to the correct wallet location. The LDAP_DIRECTORY_ACCESS init.ora parameter is set to 'PASSWORD'
I can 'ldapbind' and 'ldapsearch' from the DB server to the ldap server using either the ldap server's admin credentials or the credentials stored in the wallet with no issues
However, when a user attempts to log into the database and have his credentials verified by the LDAP server, I'm getting ORA-28030: Server encountered problems accessing LDAP directory service (most unhelpful generic error if I've ever seen one).
I've gone through the standard troubleshooting steps I've seen on the internet, and they have not resolved the issue.
After doing a trace/dump of the error (using "alter system set events...."), I see this in the resulting trace file.
kzld_discover received ldaptype: OID KZLD_ERR: DB-OID SSL noauth failed. Err=554 KZLD_ERR: 554
KZLD is doing LDAP unbind
KZLD_ERR: found err from kzldini
If I'm understanding things correctly (by no means a sure thing), by setting the LDAP_DIRECTORY_ACCESS to 'PASSWORD' (rather than 'SSL'), Oracle should be using the credentials stored in the wallet, rather than SSL certificates to authenticate to the LDAP server. But this trace file seem to indicated that an attempt to use SSL is happening.
If anybody has encountered any similar issues before, any help would be appreciated.
Matt Adams
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Sep 02 2015 - 15:27:57 CEST