Environment
Novell Data Synchronizer Mobility Pack
Situation
Mobility can't connect to LDAP server using SSL
Users can't authenticate, authentication failsCan't connect to LDAPS with Mobility
Connecting unsecure with port 389 is successful, but not with port 636 Secure.
DataSync WebAdmin | Manage Global Settings | Selecting Secure LDAP Port 636 | Save LDAP Settings shows error:
Could not connect to LDAP server "ldaps://serverAddress:636"
Resolution
Please follow the steps below to configure DataSync for secure LDAP authentication:
- Verify the Server Certificates are valid.
- Log into iManager with an administrator with proper rights.
- From the Roles and Tasks menu, select Novell Certificate Access | Server Certificates
- Select the magnifying glass and browse to the specified LDAP server.
- Check all and then select Validate
- If certificates are invalid, follow TID 7006567 to renew the invalid certificates.
- Configure Mobility for Secure LDAP over port 636:
- Option A - WebAdmin:
- Login to WebAdmin with server's root credentials.
- Select Manage Global Settings from the top-right
- Change LDAP Port to the secure port (default: 636) and select Secure
- Click Save LDAP Settings
- Option B - Terminal:
- Edit /etc/datasync/configengine/configengine.xml
- Within the <ldap> section, modify the following:
<secure>true</secure>
<port>636</port>
Note: Use the LDAP secure port (default: 636) - Save the file.
- Add the following line to /etc/openldap/ldap.conf:
TLS_REQCERT allow - Restart DataSync services:
rcdatasync restart
Cause
LDAP Server using an untrusted self-signed certificate. TLS_REQCERT allow must be added in order to connect to the server using SSL.