Unable to login with LDAP user after upgrade to ARD HUB 3.4
Article ID: 277704
Updated On:
Products
Issue/Introduction
After upgrading to ARD 3.4, the integration with LDAP active directory is not working and the users are not able to login with AD accounts.
Only the local admin account works; trying to login results with the errors in " Unexpected error when handling authentication request to identity provider ".
Environment
ARD HUB 3.4
Cause
When running Keycloak service in DEBUG mode, got the SSL exception during handshake between keycloak and ldaps server. This was also proved when authentication was tested from keycloak admin console.
The reason for this failure was the missing ldap server certificate from the cacerts of new installed Open JDK version 17 which is a prerequisite for version 3.4.
An upgrade of OpenJDK from previous version would not have caused this error as the cacerts would be preserved.
Resolution
Two options to resolve this issue:
1. If previous JDK is backed up, copy the cacerts from that working JDK /lib/security/ to the same location in new JDK. Keep a backup copy of the new cacerts to revert in case of issues.
2. Import the public server certificate of ldap server into cacerts of new JDK.
Restart keycloak service to verify resolution.
Feedback
