Environment
eDirectory 8.8.7
Open Enterprise Server 11.1 (OES11 SP1)
Domain Services for Windows
DSfW
Situation
Bind error (13: Confidentiality required)
ldap_simple_bind failed: 13(Confidentiality required)
Configuring an application to bind to eDirectory over un-secure port 389 fails with "Bind error (13: Confidentiality required)"
Configuring an application to bind to Domain Services for Windows over un-secure port 389 fails with "Bind error (13: Confidentiality required)"
Configuring an application to bind to DSfW fails with "Bind error (13: Confidentiality required)"
Resolution
"Require TLS for Simple Binds with Password" is enabled and or "Require TLS for all operations" is enabled. Disable both to allow un-secure binds.
To disable use iManager or ldapconfig
Using ldapconfig to view and to set disable "Require TLS for Simple Binds with Password"and "Require TLS for all operations".
To see the settings with ldapconfig do the following:
ldapconfig get |grep TLS
The above command should return something like this
ldapTLSVerifyClientCertificate: 0
ldapTLSRequired: yes
Require TLS for Simple Binds with Password: yes
Notice ldapTLSRquired: Yes and Require TLS for Simple Binds with Password: yes
To allow un-secure binds set both to no
ldapconfig set "ldapTLSRequired: no"
and
ldapconfig set "Require TLS for Simple Binds with Password: no"
Using iMananager to set disable "Require TLS for Simple Binds with Password"and "Require TLS for all operations".
Modify the ldap group and server objects for the server in question using iManager
Here is one way to modify the ldap objects in iManager
Click on the LDAP role on the right side | LDAP Options | LDAP Group <ServerName> | un-check "Require TLS for Simple Binds with Password" | click apply
Click on the LDAP role on the right side | LDAP Options | LDAP Server <ServerName> | Connections sub tab under the General tab | un-check "Require TLS for all operations" | click apply | click refresh