Skip to main content

Hello All

 

one of the IFS9 Customer want to change the Authentication ( LDAP) from AD Server 2012 to 2016 , ( using SSL, on Port 636) , the connection working fine with non SSL ( on port 389) . But even with correct security certificate imported to java key stores, when it using SSL port 636, it result an error when users trying to login,

 

The managed server logs shows 

“####<Mar 28, 2022 3:33:00,871 PM CEST> <Warning> <Security> <IFS9APPTEST> <ManagedServer1> <;STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <3e72f314-9066-464c-8bdf-1e050e44d802-00000002> <1648474380871> <;severity-value: 16] :rid: 0] dpartition-id: 0] dpartition-name: DOMAIN] > <BEA-099117> <The LDAP authentication provider named "ADAuthenticator" failed to make a connection to LDAP server at ldaps://nlXXX-ldap001.XXXXXXXXX.local:636, the error cause is: Unsupported curveId: 29.>”

 

Upon checking oracle support, found a document Doc ID 2325756.1, which explain similar issue, there it mentioned “At the time of the bug investigation (April 2017), the determination was made that the Microsoft AD Server 2016 is not a certified server to be used with WLS 12.2.1 versions and therefore may be incompatible between SSL standards supported.  Ensure you are using a certified Microsoft AD Server with WebLogic Server 12.2.1.x”

 

The WLS version of the customer Application server is 12.2.1.3.0

 

Does Any one encountered the similar issue and any solution?  

In IFS  9 Support platform , under 3:rd Party LDAP Server, I can see “Windows 2016 Server” is supported as of UPD11

 

Thank you and Kind Regards

Amila