LDAP fails Exception javax.naming.CommunicationException
search cancel

LDAP fails Exception javax.naming.CommunicationException

book

Article ID: 244550

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

A user implemented LDAP in v21.0.x

The LDAP server certificates were imported into cacerts however the user is unable to connect via their LDAP users

20220621/061805.444 - 41     U00045033 Log on to LDAP server 'gwynnbleid:636' with user 'witcher\47754'.
20220621/061805.584 - 41     U00045014 Exception 'javax.naming.CommunicationException: "gwynnbleid:636"' at 'com.sun.jndi.ldap.Connection.<init>():252'.
20220621/061805.600 - 41     U00045015 The previous error was caused by 'javax.net.ssl.SSLHandshakeException: "No subject alternative DNS name matching gwynnbleid found."' at 'sun.security.ssl.Alert.createSSLException():131'.
20220621/061805.600 - 41     U00045015 The previous error was caused by 'java.security.cert.CertificateException: "No subject alternative DNS name matching gwynnbleid found."' at 'sun.security.util.HostnameChecker.matchDNS():212'.
20220621/061805.600 - 41     U00045040 LDAP check with logon user 'witcher\47754' failed.

Environment

Release : 21.0.3

Component :

Cause

A common mistake is to not use the FQDN of the server and use the server name instead when creating the certificates and keys.

Resolution

Make sure that all certificates and keys contain the FQDN. The FQDN should also be used in the UC_LDAP_*   for the SERVER variable.