Use Case : Centralize Database Users/Roles using Enterprise User Security to enable Password-based authentication via Oracle Unified Directory(OUD) connecting to Active Directory
Issue : After following all the pre-requistes and steps needed to setup EUS, we get the below error while trying to connect to the DB using AD user/password.
SQL> CONNECT username@service_name;
ORA-28030: Server encountered problems accessing LDAP directory service
DB Trace Logs show the following -
*** ACTION NAME:() 2016-08-15 13:16:50.270
*** MODULE NAME:(sqlplus@recoverdwp (TNS V1-V3)) 2016-08-15 13:16:50.270
*** SERVICE NAME:(desanew) 2016-08-15 13:16:50.270
*** SESSION ID:(159.13) 2016-08-15 13:16:50.270
kzld_discover received ldaptype: OID
kzld found pwd in wallet
KZLD_ERR: Failed to bind to LDAP server. Err=-1
KZLD_ERR: -1
KZLD is doing LDAP unbind
KZLD_ERR: found err from kzldini.
Cause inference
The OUD server, as defined in ldap.ora, is not reachable from the RDBMS Server's machine. Also looks like the SASL bind requires that both forward and reverse lookup are defined in DNS for the target OUD hostname.
A database can bind to OUD by using password/SASL-based authentication. SASL (Simple Authentication and Security Layer) is a standard defined in the Internet Engineering Task Force RFC 2222. It is a method for adding authentication support to connection-based protocols such as LDAP.
Solution
The following are the two options to fix/workaround this issue -
1) Edit file /etc/hosts and add the IP address to the DB Server, FQDN and alias, eg:xxx.xxx.xxx.xxx hostname.domain_name hostname
This step would need to be repeated for all DB Servers which need to be configured for EUS.
2) Ensure that the forward and reverse lookup are properly defined in the DNS for OUD Hosts. (nslookup should succeed for both IP and HostName)
This is a one-time activity and will be available for all DB Servers in the network
References
Note 331538.1 (Ora-7445 [Gslcoish_saslhostconnectedto()+78] Connecting as Enterprise User)
Note 1270342.1 (EUS User Can Not Login To The Database)
Issue : After following all the pre-requistes and steps needed to setup EUS, we get the below error while trying to connect to the DB using AD user/password.
SQL> CONNECT username@service_name;
ORA-28030: Server encountered problems accessing LDAP directory service
DB Trace Logs show the following -
*** ACTION NAME:() 2016-08-15 13:16:50.270
*** MODULE NAME:(sqlplus@recoverdwp (TNS V1-V3)) 2016-08-15 13:16:50.270
*** SERVICE NAME:(desanew) 2016-08-15 13:16:50.270
*** SESSION ID:(159.13) 2016-08-15 13:16:50.270
kzld_discover received ldaptype: OID
kzld found pwd in wallet
KZLD_ERR: Failed to bind to LDAP server. Err=-1
KZLD_ERR: -1
KZLD is doing LDAP unbind
KZLD_ERR: found err from kzldini.
Cause inference
The OUD server, as defined in ldap.ora, is not reachable from the RDBMS Server's machine. Also looks like the SASL bind requires that both forward and reverse lookup are defined in DNS for the target OUD hostname.
A database can bind to OUD by using password/SASL-based authentication. SASL (Simple Authentication and Security Layer) is a standard defined in the Internet Engineering Task Force RFC 2222. It is a method for adding authentication support to connection-based protocols such as LDAP.
Solution
The following are the two options to fix/workaround this issue -
1) Edit file /etc/hosts and add the IP address to the DB Server, FQDN and alias, eg:xxx.xxx.xxx.xxx hostname.domain_name hostname
This step would need to be repeated for all DB Servers which need to be configured for EUS.
2) Ensure that the forward and reverse lookup are properly defined in the DNS for OUD Hosts. (nslookup should succeed for both IP and HostName)
This is a one-time activity and will be available for all DB Servers in the network
References
Note 331538.1 (Ora-7445 [Gslcoish_saslhostconnectedto()+78] Connecting as Enterprise User)
Note 1270342.1 (EUS User Can Not Login To The Database)