LDAP Contextless Login error: "LDAP Contextless Login: No LDAP server specified"

  • 7024626
  • 14-May-2020
  • 14-May-2020

Environment

Client for Open Enterprise Server 2 SP4 (IR13)
Client for Open Enterprise Server 2 SP5
LDAP Contextless Login with Encrypted Data (TLS) enabled

Situation

After upgrading from Client for OES 2 SP4 (1R12) to (IR13), when attempting to login, after providing the username and tabbing to the password field, the LDAP contextless login should activate to auto-fill the user's context, but instead returns the error "LDAP Contextless Login: No LDAP server specified."

Resolution

(Re)create the certificate on the LDAP server to include a Subject Alternative Name (SAN) attribute which contains the server's DNS name and IP address. By default, eDirectory certificates are created with both the server name and IP address in the SAN.

Cause

New security measures included in the LDAP SDK build included in Client for Open Enterprise Server 2 SP4 (IR13) and above enforce the validation of the certificate SAN attribute. Previously, the CN (Common Name) was sufficient.

If the current certificate does not have a SAN, LDAPS communication will fail.

NOTE: eDir certificates newer than 2017 or external certificate that contains the SAN attribute, will not be affected. In 2017, eDir implemented the SAN attribute on the eDir certificate.