sagar_mokal Absent Member.
Absent Member.
1536 views

unable to connect LDAP ssl and non ssl

Hi,

2 weeks ago we have integrated edirectory with active directory and placed userdata as department wise. yesterday i tried to connect Apache ldap studio with edirectory ldap but thrown authentication failed error and we can not see ldap ports url's (389,636) in the edirectory ,i think it might be crashed but we can see user data in the imanager. so please suggest me on this.

Thanks,
sagar
Labels (1)
0 Likes
8 Replies
Knowledge Partner
Knowledge Partner

Re: unable to connect LDAP ssl and non ssl

If iManager shows data then eDirectory is probably fine, since iManager
does not know anything without eDirectory. Of course, iManager, may be
pointing to a different eDirectroy server in the eDirectory tree, so if
you have multiples try another one.

How have you configured Apache Directory Studio to point to eDirectory?
Generally you need the following:

Network Parameter tab:
Hostname: DNS or IP address of the server
Port: 636 is preferred for guaranteed security, but 389 is also there by
default and supports StartTLS.
Encryption method: 'Use SSL' if using 636, or else 'Use StartTLS
extension' if on 389.
Note that unlike microsoft active directory (MAD), these ports can be
changed; these are the defaults, but if you chose to change them, then put
in the correct ports.

Authentication tab:
Bind DN: cn=admin,ou=context,o=goes,dc=here
Bind password: [the password]

Fill in your own user's DN, of course, but that's it. If you get some
kind of connection timeout even though eDirectory is up then you probably
have a firewall in the way. On the server side be sure the host-based
firewall is not blocking you; on SUSE Linux Enterprise Server (SLES) you
can easily configure this with yast (sudo /sbin/yast firewall) or
iptables; on with RedHat's (RHEL) you can probably set things with their
tools, even if just the iptables command. Also watch out for firewalls
within the network other than on the host..

On the client side you may be fine unless you are using windows, in which
case its firewall may be interfering by blocking outbound connections. If
your connections to microsoft active directory (MAD) from Apache Directory
Studio work properly, then you may be able to rule that out quickly.

Also, there is an eDirecory forum specifically where you may find more
help, as this forum is specifically meant for LDAP developers, though
you're fine to stay here if that is helpful.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner
Knowledge Partner

Re: unable to connect LDAP ssl and non ssl

What platform do you use to host eDirectory?
For example, if it hosted on Windows and you have an AD on the same box, ports 389/636 already in use.
You can validate configured eDirectory LDAP ports in nds.conf or in iManager (Roles and Tasks->LDAP->LDAP options->View LDAP Servers->Connections->Ports or LDAP Interface)
0 Likes
sagar_mokal Absent Member.
Absent Member.

Re: unable to connect LDAP ssl and non ssl

Thanks for your reply.
As you suggested ,we have validated ldap ports in nds config file and in iManager also , ports 380/636 set for edirectory ldap .ldap url's are missed in the edirectory, how to restore and repair the same.
0 Likes
Knowledge Partner
Knowledge Partner

Re: unable to connect LDAP ssl and non ssl

ldap url's are missed in the edirectory, how to restore and repair the same.

What exactly you mean? Which URL?

What platform host your eDirectory?
0 Likes
sagar_mokal Absent Member.
Absent Member.

Re: unable to connect LDAP ssl and non ssl

ldaplocal login interfaces and bound transports are empty and displays there are no IP addresses for ldapInterfaces:
ldapInterfaces: ldap://:389,ldaps://:636.
0 Likes
Knowledge Partner
Knowledge Partner

Re: unable to connect LDAP ssl and non ssl

sagar_mokal;2487664 wrote:
ldaplocal login interfaces and bound transports are empty and displays there are no IP addresses for ldapInterfaces:
ldapInterfaces: ldap://:389,ldaps://:636.


LDAPInterfaces configured and potentially works.

I already asked in another thread, but I will also reply here:
Could you confirm, that you have no local FW on this box and nothing "blocked" LDAP/LDAPS traffic?
0 Likes
Knowledge Partner
Knowledge Partner

Re: unable to connect LDAP ssl and non ssl

On 09/17/2018 04:44 AM, sagar mokal wrote:
>
> ldaplocal login interfaces and bound transports are empty and displays
> there are no IP addresses for ldapInterfaces:
> ldapInterfaces: ldap://:389,ldaps://:636.


That, alone is not a problem; this is just how eDirectory indicates it
listens on all IP addresses. It used to do so with 0.0.0.0 I think, but
with newer versions is does this.

Let's continue this in the eDirectory thread to avoid back-and-forth.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
sagar_mokal Absent Member.
Absent Member.

Re: unable to connect LDAP ssl and non ssl

Thanks for your reply.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.