on 08-24-2018 7:07 AM
Hi everyone,
We have a requirement wherein we need to carry out integrations with Active Directory. In order to do so, we need to set up the cloud connector and make it communicate with the end system (Active Directory) using LDAPS protocol (this we configure under access control in SCC). For security reasons, we can only use LDAPS and not LDAP. When I select the LDAPS protocol, the check result comes as "not reachable' while it comes out to be reachable when I use LDAP protocol.
In the SCC logs (ljs logs) I see the following two:
{
#Connectivity check failed for ldap://<Ipaddress>:<port>
#ldap://<Ipaddress>:<port> is unavailable or untrusted|
}
I am under an impression that I may have to configure a certificate regarding which I have the following doubts:-
1. Is there a certificate required to be configured in the SCC for LDAPS to work?
2. If yes, where in SCC should I configure it?
3. What should be the domain of that certificate? Internal domain or Virtual domain?
Any leads on this would really help. Also, I doubt if the LDAPS protocol is supported yet.
Thanks & regards,
Rishabh Sharma
Hi Rishabh,
1. Is there a certificate required to be configured in the SCC for LDAPS to work?
It is necessary in case the LDAP server SSL certificate is signed by a CA which is not listed in the cacerts file of the used JRE.
2. If yes, where in SCC should I configure it?
SAP KBA
2567812 - Connection from SAP Cloud Connector to LDAP is failing
describes how the LDAP server 's root CA can be imported into the JRA.
3. What should be the domain of that certificate? Internal domain or Virtual domain?
The the LDAP server host name entry must be the host name provided in the LDAP server SSL certificate CN field.
The LDAP server SSL certificate can be checked from Internet Explorer
https://ldapserverhost: <LDAP SSL port> , from certificate view the root CA can be downloaded, or it can downloaded using openssl tool:
openssl s_client -connect <ldaphost>:<ldap SSL port> -showcerts
Best regards,
Antal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.