sagar_mokal Absent Member.
Absent Member.
1407 views

unable to connect LDAP ssl and non ssl .

Hi,

3 weeks ago we have integrated edirectory with active directory and placed userdata as department wise . earlier we established the connection and was able to access userdata but yesterday i tried to connect Apache ldap studio with edirectory ldap but thrown authentication failed error and we can not see ldap ports url's (389,636) in the edirectory nds console ,i think it might be crashed but we can see user data in the imanager. we have validated ldap ports in nds config and imanager console .Please suggest me how to recover/repair to ldap in the ed

Thanks,
sagar
Labels (1)
0 Likes
9 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: unable to connect LDAP ssl and non ssl .

On 09/14/2018 12:44 AM, sagar mokal wrote:
>
> 3 weeks ago we have integrated edirectory with active directory and


How, specifically, did you do this? Were you using Identity Manager (IDM)
to link the two, or does this mean that you have eDirectory and microsoft
active directory (MAD) on the same system, maybe even on a domain
controller (DC) (not recommended, but it can work)?

> placed userdata as department wise . earlier we established the
> connection and was able to access userdata but yesterday i tried to
> connect Apache ldap studio with edirectory ldap but thrown


Apache Directory Studio is great, but without showing us the password
could you post the text of the values you are using for the connection?
The DNS name or IP address is pretty straight forward, and the port
component should be whichever one you chose, but then there are other
things like how security is handled (none, Using StartTLS, or using
TLS/SSL), plus the user DN format could possibly be an issue depending on
the format you are trying. If you are on a MAD DC keep in mind that MAD
does not let you change the ports it uses, so it always uses TCP 389 and
TCP 636, meaning the default eDirectory ports which are the same will
likely fail since the two applications conflict there.

> authentication failed error and we can not see ldap ports url's
> (389,636) in the edirectory nds console ,i think it might be crashed but
> we can see user data in the imanager. we have validated ldap ports in
> nds config and imanager console .Please suggest me how to
> recover/repair to ldap in the ed


I do not think there are command line tools on windows to troubleshoot
this properly, but maybe via iManager the steps can still be done. In the
LDAP Server object are some settings regarding tracing/debugging. Enable
all of the options in there (one of them is 'Packet dump', just so you
know you are on the right page) and then save that.

Next go into ndstrace, which I think you can do within the NDS Console
thing. Uncheck all of the various filters and then leave the following
enabled: TIME TAGS LDAP INIT

If it is anything like Linux/Unix/Netware you should be able to enter a
command to try to unload the NLDAP module, and then try to reload it and
see what messages you get. This should show the messages as the NLDAP
module tries to load, which may give some errors that are helpful for
troubleshooting.


unload nldap
load nldap


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner
Knowledge Partner

Re: unable to connect LDAP ssl and non ssl .

On 9/14/2018 7:34 AM, ab wrote:
> If it is anything like Linux/Unix/Netware you should be able to enter a
> command to try to unload the NLDAP module, and then try to reload it and
> see what messages you get. This should show the messages as the NLDAP
> module tries to load, which may give some errors that are helpful for
> troubleshooting.
>
>

> unload nldap
> load nldap
>


In the eDir console (Control panels) the DLM's are listed for each
service, so you would find the nldap.dlm and click stop/unload (I forget
what the actual button says) and then load/start it back up with the
dstrace.dlm started and in the menus, select the tags Aaron suggested.

(TIME TAGS LDAP INIT)
0 Likes
Knowledge Partner
Knowledge Partner

Re: unable to connect LDAP ssl and non ssl .

3 weeks ago we have integrated edirectory with active directory and placed userdata as department wise . earlier we established the connection and was able to access userdata but yesterday i tried to connect Apache ldap studio with edirectory ldap but thrown authentication failed error


Apache Directory Studio allows to validate connection in the one tab and authentication on another tab.
Could you specify your issue? (connectivity or authentication)

Do you have eDirectory installed on the same box with AD?
0 Likes
sagar_mokal Absent Member.
Absent Member.

Re: unable to connect LDAP ssl and non ssl .

Thanks for reply .

earlier we are able to access netiq ldap server using Apache ldap studio , now ldap server might have been crashed in the edirectoy and cannot see ldap url's in the edirectory servers list.
we have edirectory and ad resides on the same domain but different VM servers.
0 Likes
sagar_mokal Absent Member.
Absent Member.

Re: unable to connect LDAP ssl and non ssl .

while connecting with netiq ldap server with apache ldap studion throwing following error.

The authentication failed
- SSL handshake failed.
org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL handshake failed.
at org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
at org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:79)
at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:122)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)

SSL handshake failed.
0 Likes
Knowledge Partner
Knowledge Partner

Re: unable to connect LDAP ssl and non ssl .

sagar_mokal;2487651 wrote:
Thanks for reply .

earlier we are able to access netiq ldap server using Apache ldap studio , now ldap server might have been crashed in the edirectoy and cannot see ldap url's in the edirectory servers list.
we have edirectory and ad resides on the same domain but different VM servers.


Ok,
I will try to "translate" your response. Please confirm, that my understanding of your situation right:
1. You have eDirectory hosted on Windows Member server VM.
2. You don't have Active Directory installed on the same box (LDAP ports are "free", it doesn't conflicting with AD).

Now some questions:
1. What exactly Windows version installed on your VM, hosted eDirectory?
2. Could you confirm, that Windows "internal" FW on this host disabled?
3. Could you enable in iMonitor LDAP trace and make LDAP "refresh" in iManager?
iManager>LDAP>LDAP Options>View LDAP server>LDAP server-...> Information> Refresh

If LDAP service run, you suppose to see some information in iMonitor LDAP trace
4. Do you see any configured LDAP interfaces?
iManager>LDAP>LDAP Options>View LDAP server>LDAP server-...> Connections> LDAP interfaces
0 Likes
sagar_mokal Absent Member.
Absent Member.

Re: unable to connect LDAP ssl and non ssl .

Thanks for your reply.

1. What exactly Windows version installed on your VM, hosted eDirectory?

windows server 2012 R2 standard
2. Could you confirm, that Windows "internal" FW on this host disabled?

No

3. Could you enable in iMonitor LDAP trace and make LDAP "refresh" in iManager?
iManager>LDAP>LDAP Options>View LDAP server>LDAP server-...> Information> Refresh

If LDAP service run, you suppose to see some information in iMonitor LDAP trace

LDAP service is not running
4. Do you see any configured LDAP interfaces?
iManager>LDAP>LDAP Options>View LDAP server>LDAP server-...> Connections> LDAP interfaces

i could see ldap://:389 in the LDAP interfaces
0 Likes
sagar_mokal Absent Member.
Absent Member.

Re: unable to connect LDAP ssl and non ssl .

ldap url's missed under network address in the nds console.

Thanks,
sagar
0 Likes
Knowledge Partner
Knowledge Partner

Re: unable to connect LDAP ssl and non ssl .


> 3. Could you enable in iMonitor LDAP trace and make LDAP "refresh" in
> iManager?
> iManager>LDAP>LDAP Options>View LDAP server>LDAP server-...>
> Information> Refresh
>
> If LDAP service run, you suppose to see some information in iMonitor
> LDAP trace
>
> LDAP service is not running


Aye, theres the rub. If the LDAP service is not running, it would seem
likely that it is not listening for LDAP requests.

Per Alex's suggestion, if you watch in ndstrace in iMonitor with the
proper trace settings as discussed earlier, then you would see, when you
try to load nldap, some kind of message we can hopefully work from to
diagnose.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.