ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

IAM LDAP Authentication Error


Article ID: 222321


Updated On:


Service Virtualization


Configured DevTest IAM with LDAP(with SSL) configuration and able to test the connectivity. However, when trying to authenticate, getting below error:

 ERROR [] (default task-12) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: LDAPS.HOSTNAME:636: javax.naming.CommunicationException: simple bind failed: LDAPS.HOSTNAME:636 [Root exception is PKIX path building failed: unable to find valid certification path to requested target]


This is because the IAM keystore did not had the LDAP server public key imported and the iam.keystore file was placed in /IdentityAccessManager instead of /IdentityAccessManager/certs/ folder.


Release : 10.6

Component : CA Application Test


** Make sure that iam.keystore file is under /IdentityAccessManager/certs/

Follow below steps to make sure that we have right set of certificates downloaded from LDAP Server and used in IAM trust store.

- First delete all the existing certs from iam-truststore keystore in IAM machine. 

keytool -delete -alias mydomain -keystore iam-truststore.ks

- Make sure there are no entries in the iam-truststore.

keytool -list -v -keystore iam-truststore.ks

- Get the required cert files copied to the IAM machine.

- Now import these certs into iam-truststore. You may have a certificate chain in which case, start from root cert, then intermediate cert and then server cert.

keytool -import -trustcacerts -alias mydomain  -keystore iam-truststore.ks -storepass passphrase -file certificate.cer

- Check the all entries in iam-truststore.

keytool -list -v -keystore iam-truststore.ks

- Now restart the IAMService and test the connection and authentication from IAM portal.