reddragon27284 Absent Member.
Absent Member.
782 views

iManager LDAP Error editing dynamic group.

Hi,

When trying to edit a dynamic group in iManager I receive the following error:

"Unable to obtain a valid LDAP contect.

Creating secure SSL LDAP context failed:
192.168.9.246:636"

I have checked that LDAP is listening on port 636 and accepts connections.

Running this command is successful:
ldapsearch -H ldaps://192.168.9.246:636 -x


This is also successful:
openssl s_client -connect 192.168.9.246:636


The LDAP server's certificate is valid. It is set to "SSL CertificateIP" in the LDAP server connection options.

iManager is running on the same VM as the LDAP server. We are running OES 2015 SP1 with latest patches.

Disabling "Use secure LDAP for secure connections" in iManager settings and "Require TLS for simple bind with password" works however this is obviously not ideal.

I still suspect certificate issues but I'm a bit stuck as to where the issue is.

Does anyone have any ideas?
Labels (2)
0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: iManager LDAP Error editing dynamic group.

I'd guess you get a similar error message on trying to set a universal password.
On the LDAP server object, on the "Connection" tab, add the following values in the "Interfaces" section

ldap://192.168.9.246:389
ldaps://192.168.9.246:636

Issue
nldap -u
and nldap -l

try again. If you still get this error change the LDAP server's certificate to "SSL CertificateDNS". I've recently seen an instance where this was necessary despite of the fact that the "IP" cert was perfectly fine in and out of itself. IP and DNS certs also had SANs for their counterparts. Just didn't have the time to troubleshoot this any further, but maybe the plugin do some sort of check against /etc/ssl/servercerts which normally holds "SSL CertificateDNS" as PEM.
Knowledge Partner
Knowledge Partner

Re: iManager LDAP Error editing dynamic group.

In article <reddragon27284.8qddzc@no-mx.forums.microfocus.com>,
Reddragon27284 wrote:
> "Unable to obtain a valid LDAP contect.
>
> Creating secure SSL LDAP context failed:
> 192.168.9.246:636"


beyond/after Mathias' suggestions
check that eDir(&LUM) is behaving
rcndsd status
rcnamcd status
ndsrepair -T
ndsrepair -E
ndsrepair -C -Ad -A


another key checking tool as an alternative/compliment to openssl
command is http://keystore-explorer.org/


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
https://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
reddragon27284 Absent Member.
Absent Member.

Re: iManager LDAP Error editing dynamic group.

mathiasbraun;2490329 wrote:

try again. If you still get this error change the LDAP server's certificate to "SSL CertificateDNS". .


Thank you, that seems to have done the trick.
0 Likes
Knowledge Partner
Knowledge Partner

Re: iManager LDAP Error editing dynamic group.

If i ever find a few minutes i'll try to dig a little deeper into this.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.