Novell Home

My Favorites

Close

Please to see your favorites.

Unable to connect to LDAP server using SSL

This document (7012481) is provided subject to the disclaimer at the end of this document.

Environment

Novell Data Synchronizer Mobility Pack

Situation

Mobility can't connect to LDAP server using SSL
Users can't authenticate, authentication fails
Can't connect to LDAPS with Mobility
Connecting unsecure with port 389 is successful, but not with port 636 Secure.
DataSync WebAdmin | Manage Global Settings | Selecting Secure LDAP Port 636 | Save LDAP Settings shows error:
Could not connect to LDAP server "ldaps://serverAddress:636"

Resolution

Please follow the steps below to configure DataSync for secure LDAP authentication:
  1. Verify the Server Certificates are valid.
    • Log into iManager with an administrator with proper rights.
    • From the Roles and Tasks menu, select Novell Certificate Access | Server Certificates
    • Select the magnifying glass and browse to the specified LDAP server.
    • Check all and then select Validate
    • If certificates are invalid, follow TID 7006567 to renew the invalid certificates.
  2. Configure Mobility for Secure LDAP over port 636:
    • Option A - WebAdmin: 
      • Login to WebAdmin with server's root credentials.
      • Select Manage Global Settings from the top-right
      • Change LDAP Port to the secure port (default: 636) and select Secure
      • Click Save LDAP Settings
    • Option B - Terminal:
      • Edit /etc/datasync/configengine/configengine.xml
      • Within the <ldap> section, modify the following:
        <secure>true</secure>
        <port>636</port>

        Note: Use the LDAP secure port (default: 636)
      • Save the file.
  3. Add the following line to /etc/openldap/ldap.conf:
    TLS_REQCERT allow
  4. Restart DataSync services:
    rcdatasync restart

Cause

LDAP Server using an untrusted self-signed certificate. TLS_REQCERT allow must be added in order to connect to the server using SSL.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7012481
  • Creation Date:24-MAY-13
  • Modified Date:10-DEC-13
    • NovellData Synchronizer
      GroupWise

Did this document solve your problem? Provide Feedback