UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
psloat
Absent Member.
Absent Member.
‎2010-08-18 18:14
4947 views

Adding new connection to user source - Certificate/SSL error

Hi all,
I am trying to add another connection to my user source in ZCM 10.3.0. Currently I have one Netware server setup as the source via LDAPS. When trying to add any other Netware server that is running LDAP I get the following error:

The wizard cannot continue for the following reason(s):
Unable to obtain a valid certificate for SSL communications using the provided connection information. Please verify that the address and port are correct and that the LDAP directory has been configured with a valid certificate.

This happens on 4 other Netware LDAP sources. I cannot connect on 389 or 636 (preferred). What certificate is the connection trying to use? I don't see any real difference in the server that works and the servers that don't. Users have no issues authentication to any of the servers using the Novell Client.

Do you have any ideas as to what might be the cause/solution?
Labels (2)
Labels
0 Likes
Reply
Report Inappropriate Content
13 Replies
Anonymous_User
Absent Member.
Absent Member.
‎2010-08-26 13:30

psloat,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Forums Team
http://forums.novell.com


0 Likes
Reply
Report Inappropriate Content
carfra11
Absent Member.
Absent Member.
‎2010-08-30 09:35

Hi,

I'm trying to configure a user source on my environment too, and I have the same error when trying to connect via LDAPs port 636.

I have read the documentantion and I don't find anything about this problem

Do you have solved it ??

Any clue ?

Thanks for your time

I
0 Likes
Reply
Report Inappropriate Content
rroncme
Absent Member.
Absent Member.
‎2010-08-30 20:34

It's a bug, Shaun Pond opened a bug on this last week. I have an SR open on it as well.
The SSL checkbox is missing from the screen.
SR10644698531

Ron Robertson Unsuspecting Novell Test Pilot for Not Ready for Enterprise Systems MCNE, MCSE, CCNA, CCA, PDQ, SOS,
0 Likes
Reply
Report Inappropriate Content
carfra11
Absent Member.
Absent Member.
‎2010-08-31 12:44

Thanks for your quick response, but I think my situation is different, the SSL checkbox appears.

To me, this error apears when I'm trying to configure for the first time the User Source, it's a new User Source.

Could you help me?

Thanks for your time
0 Likes
Reply
Report Inappropriate Content
rroncme
Absent Member.
Absent Member.
‎2010-08-31 19:52

Yes, that is a different issue.
Can you browse LDAP on the server with on of the free LDAP Browsers from the internet?
Have you used the cert from the same CA on both devices?
Have you used an ID that works for ldap authentication?
RDR

Ron Robertson Unsuspecting Novell Test Pilot for Not Ready for Enterprise Systems MCNE, MCSE, CCNA, CCA, PDQ, SOS,
0 Likes
Reply
Report Inappropriate Content
carfra11
Absent Member.
Absent Member.
‎2010-09-01 08:05

Hello Ron,

first of all thanks and tell you that my User Source is an MS - Active Directory

Can you browse LDAP on the server with on of the free LDAP Browsers from the internet?
Yes, I can browse the server with a free tool LDAP browser.

Have you used the cert from the same CA on both devices?
The ZCM Primary Server has a internal CA and my Active Directory Server has its own CA, are different.

Have you used an ID that works for ldap authentication?
Yes, I use an ID that can authenticate against the AD, is the same ID that I use with the LDAP tool.

Frank
0 Likes
Reply
Report Inappropriate Content
rroncme
Absent Member.
Absent Member.
‎2010-09-01 19:49

I think you need the cert for your AD on the ZCM box so it can use SSL to the AD. I don't know how you would do that. Check with Novell and the DOCS fro ZCM

Ron Robertson Unsuspecting Novell Test Pilot for Not Ready for Enterprise Systems MCNE, MCSE, CCNA, CCA, PDQ, SOS,
0 Likes
Reply
Report Inappropriate Content
rroncme
Absent Member.
Absent Member.
‎2010-09-01 21:52

Hey, look at that! There's a sticky at the top of this forum about using external CA's.

Ron Robertson Unsuspecting Novell Test Pilot for Not Ready for Enterprise Systems MCNE, MCSE, CCNA, CCA, PDQ, SOS,
0 Likes
Reply
Report Inappropriate Content
carfra11
Absent Member.
Absent Member.
‎2010-09-02 08:13

Hi,

thanks, but the sticky at the top of this forum is for how to use a external CA when you install your Primary Servers.

My ZCM servers are installed and running with a internal CA.
0 Likes
Reply
Report Inappropriate Content
rroncme
Absent Member.
Absent Member.
‎2010-09-02 16:58

Yeah, changing the CA is pretty hard. As far as I know, I saw a couple of folks who tried it a while ago, but had poor results. We tried and had lots of issues, so we rebuilt using the CA for our NDS tree for all of our servers private keys. You can search the forums, or open a ticket. I thought I remembered seeing something a while ago from Craig Wilson about it.

Ron Robertson Unsuspecting Novell Test Pilot for Not Ready for Enterprise Systems MCNE, MCSE, CCNA, CCA, PDQ, SOS,
0 Likes
Reply
Report Inappropriate Content
carfra11
Absent Member.
Absent Member.
‎2010-09-03 16:00

thanks for your dedication and time

Frank
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.