We are using the new Generic LDAP ECMA2 connector to manage an Oracle OID LDAP directory. We are able to connect and make it work with a simple BIND without SSL or TLS. We need to sync passwords so we need to make it work with TLS. When we choose the TLS option in the Bind setting on the Connectivity property panel the GUI insists that we also provide a certificate. We need to use TLS and authenticate with a DN and password. We cannot use a certificate to authenticate. Nevertheless, if we go ahead and provide a certificate and try to connect it times out. With Wireshark we see that 17 packets go back and forth. The second to last packet includes a Microsoft-specific OID value of 1.3.6.1.4.1.1466.20037. This is for an extended LDAP call named LDAP_SERVER_START_TLS_OID that is specific to Windows. We have no reason to believe that the Oracle LDAP system will understand this method of initiating a TLS session.
We know our OID system can handle TLS because we are able to make TLS connections using Softerra’s LDAP Browser and we’ve watched the TLSv1 handshake with Wireshark.
We need documentation that explains how to accomplish a secure session using the Generic LDAP Connector and Oracle OID