ldap_simple_bind failed: 13(Confidentiality required)

  • 7013372
  • 25-Sep-2013
  • 25-Sep-2013

Environment

eDirectory 8.8.7
Open Enterprise Server 11.1 (OES11 SP1)
Domain Services for Windows
DSfW

Situation

Bind error (13: Confidentiality required)
ldap_simple_bind failed: 13(Confidentiality required)
Configuring an application to bind to eDirectory over un-secure port 389 fails with "Bind error (13: Confidentiality required)"
Configuring an application to bind to Domain Services for Windows over un-secure port 389 fails with "Bind error (13: Confidentiality required)"
Configuring an application to bind to DSfW fails with "Bind error (13: Confidentiality required)"

Resolution

"Require TLS for Simple Binds with Password" is enabled and or "Require TLS for all operations" is enabled.  Disable both to allow un-secure binds.

To disable use iManager or ldapconfig

Using ldapconfig to view and to set disable "Require TLS for Simple Binds with Password"and "Require TLS for all operations".
To see the settings with ldapconfig do the following:
ldapconfig get |grep TLS

The above command should return something like this
ldapTLSVerifyClientCertificate: 0
ldapTLSRequired: yes
Require TLS for Simple Binds with Password: yes

Notice ldapTLSRquired: Yes and Require TLS for Simple Binds with Password: yes

To allow un-secure binds set both to no
ldapconfig set "ldapTLSRequired: no"
and 
ldapconfig set "Require TLS for Simple Binds with Password: no"


Using iMananager to set disable "Require TLS for Simple Binds with Password"and "Require TLS for all operations".
Modify the ldap group and server objects for the server in question using iManager
Here is one way to modify the ldap objects in iManager

Click on the LDAP role on the right side | LDAP Options | LDAP Group <ServerName> | un-check "Require TLS for Simple Binds with Password" | click apply
 
Click on the LDAP role on the right side | LDAP Options | LDAP Server <ServerName> | Connections sub tab under the General tab | un-check "Require TLS for all operations" | click apply | click refresh