Skip to Content

Error while provisioning to AD over SSL

Hello Everyone,

I am trying to provision the user/set password from SAP IDM 8.0 to Microsoft AD over the SSL, however, received the below error.

Steps performed -

1) Set the 636 as LDAP SSL port in the AD repository

2) Install the AD certificate in the IDM runtime server and verified that its exists in the certificate store.

3) ensured that SSL port and SSL is selected as Security options in To LDAP pass.

Please let me know If I missed anything. Please note that telnet over 636 port to AD server is working fine from my SAP IDM server and user provisioning over 389 port is also working fine.

MessageTypeMessageErrorToDSADirect.init got exception, returning false. - URL:ldap://<AD_SERVER_IP>:636
java.lang.Throwable: <AD_SERVER_IP>:636 ErrorInit failed

Regards,

C Kumar

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Feb 08 at 01:03 PM

    Hi Kumar,

    As per the below post, i believe you need to use LDAPS in the URL and hope the certificate is available in the java key stroke

    https://archive.sap.com/discussions/message/16770714#16770714

    Regards,

    Deva

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 12 at 03:47 AM

    Hi Kumar,

    You may use LDAP for read access, but for change operation, you may need to change the protocol from LDAP to LDAPS manually here.

    Security Option can be SSL or simple authentication.

    Cheers

    Chenyang

    Add comment
    10|10000 characters needed characters exceeded

    • Hello Chenyang,

      It seems you have provided the screenshot from SAP IDM 7.2

      In IDM 7.2, we had the provision to provide the full LDAP URL but it seems this feature has been omitted in IDM 8.0

      Do refer the screenshot provided in the comments earlier.

      Regards,

      C Kumar