on 05-15-2019 10:48 AM
Hi Experts,
I am new to SAP IdM and trying to provision a user to AD over SSL and have received the below error.
ToDSADirect.init got exception, returning false. - URL:ldap://<SERVER_IP>:636
java.lang.Throwable: <SERVER_IP>:636
Following is the configuration I have done
1. Set the Directory LDAP port as LDP_PORT_SSL
2.Set security option as SSL
3.Installed AD certificate on runtime server
Please let me know if I am missing any configurations.
Hi Rekha,
from the info provided it's hard for me to help. But it's also hard to tell you what else I would need... apart from everything... 🙂
Please try low level troubleshooting from the runtime. Try a connect to the configured AD Server e.g. with telnet (telnet <AD server> 389 -> proofs LDAP connection, telnet <AD server> 636 -> proofs LDAPS connection).
Next step would be application level e.g. can you access LDAPS and query the directory? LDAP Admin is a helpful tool for this or LDIFDE as CLI tool on windows machines.
The intension is to verify that the SSL/TLS handshakes works.
If that is working but you are still facing problems, try to configure the dispatcher to trace/debug and see what it produces. Maybe this helps.
HTH
Best regards,
Alex
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All,
This issue is resolved now. Problem was with LDAP_LOGIN .
Thank you all for your help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Matt Pollicove ,
switched to 389 and it didn't work.
Does the LDAP_LOGIN(repository constant in Admin UI) should be complete DN or only the CN (Testuser)?
e.g. CN=Testuser,OU=TestAD,OU=Test OU,DC=abc,DC=com
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Tried all the above, connection to AD is working from LDAP Admin
Telnet is working.
set the dispatcher log to trace/debug I could see the user name, password and the host it is printing are the same as I have given in the system configuration tab on Admin console.
It gave me the below error.
Note: I am able to login to AD from LDP admin with the same credentials I am providing in the system configuration tab on admin UI
LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We had to install two certificates on the runtime server. I think it the 2nd one was from the SUB CA.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
77 | |
11 | |
8 | |
8 | |
6 | |
6 | |
6 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.