Oracle DBA Tips Corner      Return to the Oracle DBA Tips Corner.

Default LDAP Port Numbers Not Working

by Jeff Hunter, Sr. Database Administrator

This article provides an insight into some of the problem that you may encounter with default LDAP port numbers when installing Oracle Internet Directory (OID) 9.0.2 and higher. If you are a user of OID version 2.1.1 or 3.0.1, you will not have this problem. For those running OID version 9.0.2 and higher, it is possible that the installer will choose ports other than the default (i.e. 389) due to the current system environment at installation. If the installer does choose another port other than the default, the LDAP tools that are provided with OID will not work without providing a port number as a command-line argument.

If you are among those unfortunate users that attempts to run any of the LDAP tools provided with OID (i.e. ldapbind) and get a message like "Cannot connect to the LDAP server", this is a good indication that your LDAP directory server is either down or not listening on the default ports that the LDAP tools expect. It is very possible that the LDAP Directory port is 4032 (or another port as chosen by the installer), but not 389. If this is the case, you must add the following option everytime with all OID command line LDAP tools:

-p <port number>

ldapbind -h dbautil -p 4032
bind successful

ldapsearch -h dbautil -p 4032 -b "" -s base "objectClass=*"
orcldirectoryversion=OID 9.2.0.1.0
supportedcontrol=2.16.840.1.113730.3.4.2
supportedcontrol=2.16.840.1.113894.1.8.1
supportedcontrol=2.16.840.1.113894.1.8.2
supportedldapversion=LDAP Version 2
supportedldapversion=LDAP Version 3
subschemasubentry=cn=subschemasubentry
subconfigsubentry=cn=subconfigsubentry
subregistrysubentry=cn=subregistrysubentry
changelog=cn=changelog
changestatus=cn=changestatus
orclservermode=rw
orclauditlevel=0
orclsuname=cn=orcladmin
orclsupassword={MD4}daHKLtgPBN1v54JGCyEBVg==
orcldebugflag=0
orclanonymousbindsflag=1
orcloptcontainsquery=0
orclprname=cn=proxy
orclprpassword={MD4}u/7/MSiUpRFIG2FergLc7w==
orclguname=cn=guest
orclgupassword={MD4}KzLGjQo0wbA9u9v7On6Kmg==
orclreplagreements=cn=orclreplagreements
matchingrules=distinguishedNameMatch
matchingrules=caseIgnoreMatch
matchingrules=caseExactMatch
matchingrules=numericStringMatch
matchingrules=telephoneNumberMatch
orclcatalogentrydn=cn=catalogs
orclsizelimit=1000
orcltimelimit=3600
orclenablegroupcache=1
orclecacheenabled=1
orclecachemaxsize=100000000
orclecachemaxentries=25000
orclmatchdnenabled=1
orclupgradeinprogress=FALSE
orclcryptoscheme=MD4
orclstatsflag=0
orclstatsperiodicity=60
orclstatslevel=0
orcldiprepository=FALSE
orclreplicaid=dbautil
orclaci=access to entry by * (browse,noadd,nodelete)
orclaci=access to attr=(userpkcs12,orclpkcs12hint,userpassword) by group="cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext" (search,read,write,compare) by self (search,read,write,compare) by * (none)
orclaci=access to attr=(orclpassword) by self (search,read,write,compare) by * (none)
orclaci=access to attr=(orclpasswordverifier) by self (search,read,write,compare) by * (none)
orclaci=access to attr=(orclstatsflag, orclstatsperiodicity) by dn="cn=emd admin,cn=oracle internet directory" (search,read,write,compare) by * (search,read)
orclaci=access to attr!=(userpkcs12,orclpkcs12hint,userpassword,orclpassword,orclpasswordverifier,orclstatsflag,orclstatsperiodicity) by * (search,read,compare)

The command line tools that come with OID, which comply with the LDAP RFC standard, will not be changed to use a different port as a default.

Starting with OID version 9.0.2, the installer has allocated a range of ports for each product apart from the product default ports. For OID, if the default ports which are 389 (non-SSL), and 636 (SSL) is not available, the installer will get a free port in the range: 4031 to 4039.

The installer determines if port 389 is free based on the following conditions:

• Port 389 is free
• There is no line with port 389 in the /etc/services file (which indicates that this port is reserved for some service).