cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error while provisioning user to AD over SSL IDM 8.0

Go to solution
former_member611560
Explorer

on ‎05-15-2019 10:48 AM

0 Kudos

Hi Experts,

I am new to SAP IdM and trying to provision a user to AD over SSL and have received the below error.

ToDSADirect.init got exception, returning false. - URL:ldap://<SERVER_IP>:636

java.lang.Throwable: <SERVER_IP>:636

Following is the configuration I have done

1. Set the Directory LDAP port as LDP_PORT_SSL

2.Set security option as SSL

3.Installed AD certificate on runtime server

Please let me know if I am missing any configurations.

Show replies
Show replies
former_member2987
Active Contributor
‎05-21-2019 2:51 PM
0 Kudos

Can you switch to 389 and regular LDAP and make sure the connection is working from IDM?

Answer

Accepted Solutions (1)

Accepted Solutions (1)

alexanderbrietz
Active Contributor
‎05-15-2019 2:07 PM

Hi Rekha,

from the info provided it's hard for me to help. But it's also hard to tell you what else I would need... apart from everything... 🙂

Please try low level troubleshooting from the runtime. Try a connect to the configured AD Server e.g. with telnet (telnet <AD server> 389 -> proofs LDAP connection, telnet <AD server> 636 -> proofs LDAPS connection).

Next step would be application level e.g. can you access LDAPS and query the directory? LDAP Admin is a helpful tool for this or LDIFDE as CLI tool on windows machines.

The intension is to verify that the SSL/TLS handshakes works.

If that is working but you are still facing problems, try to configure the dispatcher to trace/debug and see what it produces. Maybe this helps.

HTH

Best regards,

Alex

Show replies
Show replies

Answers (4)

Answers (4)

former_member611560
Explorer
‎05-22-2019 10:24 AM

Hi All,

This issue is resolved now. Problem was with LDAP_LOGIN .

Thank you all for your help.

Show replies
Show replies
former_member836389
Member
‎01-04-2023 12:40 PM
0 Kudos

I am facing the same kind of issue can you tell me what change did you do to make it work.

Your help would be much appreciated.

former_member611560
Explorer
‎05-21-2019 7:13 PM
0 Kudos

Hi Matt Pollicove ,

switched to 389 and it didn't work.

Does the LDAP_LOGIN(repository constant in Admin UI) should be complete DN or only the CN (Testuser)?

e.g. CN=Testuser,OU=TestAD,OU=Test OU,DC=abc,DC=com

Show replies
Show replies
former_member2987
Active Contributor
‎05-22-2019 1:55 PM
0 Kudos

Guessing you figured this out, but the login does need to be complete. cn=administrator,cn=users,dc=domain,dc=com

Matt

former_member611560
Explorer
‎05-21-2019 1:59 PM
0 Kudos

Hi Alexander Brietz

Tried all the above, connection to AD is working from LDAP Admin

Telnet is working.

set the dispatcher log to trace/debug I could see the user name, password and the host it is printing are the same as I have given in the system configuration tab on Admin console.

It gave me the below error.

Note: I am able to login to AD from LDP admin with the same credentials I am providing in the system configuration tab on admin UI

LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580

Show replies
Show replies
former_member201064
Active Participant
‎05-16-2019 11:31 AM
0 Kudos

We had to install two certificates on the runtime server. I think it the 2nd one was from the SUB CA.

Show replies
Show replies
former_member649462
Explorer
‎06-18-2019 5:02 PM
0 Kudos 
Good morning gentlemen,

Could you please inform me which way should I install the AD certificate?

Thank you in advance for your support.
Ask a Question