Skip to Content

Error while provisioning user to AD over SSL IDM 8.0

Hi Experts,

I am new to SAP IdM and trying to provision a user to AD over SSL and have received the below error.

ToDSADirect.init got exception, returning false. - URL:ldap://<SERVER_IP>:636

java.lang.Throwable: <SERVER_IP>:636

Following is the configuration I have done

1. Set the Directory LDAP port as LDP_PORT_SSL

2.Set security option as SSL

3.Installed AD certificate on runtime server

Please let me know if I am missing any configurations.

ad-error1-li.jpg (803.4 kB)
ad2.png (20.5 kB)
ad3.png (49.2 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    May 15 at 01:07 PM

    Hi Rekha,

    from the info provided it's hard for me to help. But it's also hard to tell you what else I would need... apart from everything... :-)

    Please try low level troubleshooting from the runtime. Try a connect to the configured AD Server e.g. with telnet (telnet <AD server> 389 -> proofs LDAP connection, telnet <AD server> 636 -> proofs LDAPS connection).

    Next step would be application level e.g. can you access LDAPS and query the directory? LDAP Admin is a helpful tool for this or LDIFDE as CLI tool on windows machines.

    The intension is to verify that the SSL/TLS handshakes works.

    If that is working but you are still facing problems, try to configure the dispatcher to trace/debug and see what it produces. Maybe this helps.

    HTH

    Best regards,

    Alex

    Add comment
    10|10000 characters needed characters exceeded

  • yesterday

    Hi All,

    This issue is resolved now. Problem was with LDAP_LOGIN .

    Thank you all for your help.

    Add comment
    10|10000 characters needed characters exceeded

  • May 16 at 10:31 AM

    We had to install two certificates on the runtime server. I think it the 2nd one was from the SUB CA.

    Add comment
    10|10000 characters needed characters exceeded

  • yesterday

    Hi Alexander Brietz

    Tried all the above, connection to AD is working from LDAP Admin

    Telnet is working.

    set the dispatcher log to trace/debug I could see the user name, password and the host it is printing are the same as I have given in the system configuration tab on Admin console.

    It gave me the below error.

    Note: I am able to login to AD from LDP admin with the same credentials I am providing in the system configuration tab on admin UI

    LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580

    Add comment
    10|10000 characters needed characters exceeded

  • yesterday

    Hi Matt Pollicove ,

    switched to 389 and it didn't work.

    Does the LDAP_LOGIN(repository constant in Admin UI) should be complete DN or only the CN (Testuser)?

    e.g. CN=Testuser,OU=TestAD,OU=Test OU,DC=abc,DC=com

    Add comment
    10|10000 characters needed characters exceeded

    • Guessing you figured this out, but the login does need to be complete. cn=administrator,cn=users,dc=domain,dc=com

      Matt