search cancel

Unable to get OC to work with LDAP and VIP on a load balancer

book

Article ID: 216626

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Customer is changing the LDAP server they use in Spectrum to a VIP.
we used :
 openssl s_client -showcerts -connect localhost:3269
to get the LDAP server to output the certificate information and we copied and pasted the Cert text into a file and imported it using:
../../Java/bin/keytool -import -alias 'LDAP' -file OurFileaName.crt -keystore cacerts
All seems to work - One Click - displays the CERTS as loaded but the LDAP SSL config  test Fails

Environment

Release : 20.2

Component : Spectrum Core / SpectroSERVER

Cause

Need to obtain the certificate of the load balancer and import it to the Spectrum keystore

Resolution

When using a load balancer with a VIP configuration for LDAP, the LDAP certificates and the load balancer certificate need to be imported into the OneClick Tomcat keystore ($SPECROOT/custom/keystore/cacerts).  You can import it using any alias.