Commander
Commander
1162 views

Softerra LDAP Administrator - eDirectory 9 - Suite B Enable

Hi All,

Softerra LDAP Administrator 2015.2 - eDirectory 9 - Suite B Enabled

Anybody have the above combination working? Softerra just advises the server is down, but Apache Directory Studio is connecting fine.
Labels (1)
0 Likes
6 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

gbatty1 wrote:

> Softerra just advises the
> server is down, but Apache Directory Studio is connecting fine.


You might want to ask in http://www.ldapadministrator.com/forum/ then...

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Commander
Commander

Already have, but it doesn't seem like a very "active" forum, hence I thought I'd try here.


lhaeger;2457676 wrote:
gbatty1 wrote:

> Softerra just advises the
> server is down, but Apache Directory Studio is connecting fine.


You might want to ask in http://www.ldapadministrator.com/forum/ then...

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

gbatty1 wrote:

> Already have, but it doesn't seem like a very "active" forum, hence I
> thought I'd try here.


Since Apache can connect, it isn't a server side problem and you won't find
much help here. My guess is that Softerra needs to update the TLS code in it's
LDAP Admin tool to support the latest EC-based ciphers to make this work.

Did you check an Edir LDAP trace (or a packet trace) to see at which point the
connection attempt fails and which error code/message you get? I would not be
surprised if it was something like an SSLHandshakeException saying "no cipher
suites in common"...

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Agreed; Softerra has never been super-intelligent about how they handle
TLS, breaking rules once they finally did make it work. I suppose that
has changed since I was in Support and had to help customers figure out
that they should just use Apache Directory Studio instead, but your
feedback is not very encouraging..

The most-likely problem would likely be support for strong ciphersuites
which your eDir box is enforcing and your Softerra product cannot handle,
which both matches them historically and your description currently. The
only option you have is to fix the client, unless you want to downgrade
security on the eDirectory side which, of course, isn't a good idea ever.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Commander
Commander

Thanks guys,

Appreciate your input.

After further troubleshooting, it was a windows issue. I reverted back to another certificate and was testing enabling / disabling protocols / ciphers as listed here.

It became evident whilst my browsers could "talk" TLS 1.2, my softerra install was limited to TLS 1. The thread here goes into the changes I needed to make locally.
0 Likes
Vice Admiral
Vice Admiral

Try using Apache Studio.
Does a MUCH nicer job.
http://directory.apache.org/studio/
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.