LDAP operators failing on ports 636 and 3269
search cancel

LDAP operators failing on ports 636 and 3269

book

Article ID: 281809

calendar_today

Updated On: 04-09-2024

Products

CA Process Automation Base Process Automation Manager

Issue/Introduction

When trying to execute an LDAP operator in ITPAM, it works when using an unsecured connection over port 389, but when trying to implement an SSL connection using port 636 ie 3269, it fails.

In the c2o.log:

<date> <time> INFO  [com.optinuity.c2o.service.serviceoperation.ldapserviceoperation.RunnerLDAPGetUsersServiceOperation] [<session id>] LDAPGetUsersServiceOperation started
<date> <time> INFO  [com.optinuity.c2o.service.serviceoperation.ldapserviceoperation.RunnerLDAPGetUsersServiceOperation] [<session id>] LDAPGetUsersServiceOperation Parameters set
<date> <time> INFO  [com.optinuity.c2o.service.serviceoperation.ldapserviceoperation.RunnerLDAPGetUsersServiceOperation] [<session id>] Processing: LDAPGetUsersServiceOperation
<date> <time> INFO  [com.optinuity.c2o.service.serviceoperation.ldapserviceoperation.LDAPWrapper] [<session id>] createSession: method started.
<date> <time> INFO  [com.optinuity.c2o.service.serviceoperation.ldapserviceoperation.LDAPWrapper] [<session id>] createSession: Create Session: <ITPAM server>:636
<date> <time> ERROR [com.optinuity.c2o.service.serviceoperation.ldapserviceoperation.RunnerLDAPGetUsersServiceOperation] [<session id>] javax.naming.NamingException: LDAP connection has been closed
<date> <time> INFO  [com.optinuity.c2o.service.serviceoperation.ldapserviceoperation.LDAPWrapper] [<session id>] destroySession: method started.
<date> <time> ERROR [com.optinuity.c2o.service.serviceoperation.ldapserviceoperation.RunnerLDAPGetUsersServiceOperation] [<session id>] LDAPGetUsersServiceOperation failed to execute
com.optinuity.c2o.util.C2OException: LDAP connection has been closed
at com.optinuity.c2o.service.serviceoperation.ldapserviceoperation.RunnerLDAPGetUsersServiceOperation.processRequestedOperation(RunnerLDAPGetUsersServiceOperation.java:365) ~[ldapservice.jar:04.4.00.100]

Directory Services configuration page looks like this:

Environment

ITPAM 4.4 and up

Resolution

Please add the following settings to the Directory Services configuration page:

 "Security Authentication" --> "simple"
 "Security protocol" ---> "ssl"

After this, and adding any missing certificates to the JRE cacerts running PAM (or PAM Agent) the operator now works.

Additional Information

Which certificate must be added to the JRE cacerts keystore will depend a lot on the implementation of the certificates.

However, in this customer's case the certificates that had to be implemented were Third Party Sign (globalsign) and the client's own certificate.

Powered by Wolken Software