Using JXplorer to connect to the vSphere Single Sign-on
search cancel

Using JXplorer to connect to the vSphere Single Sign-on

book

Article ID: 301632

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article provides steps for using the third-party utility JXplorer to connect to VMDir.

Environment

vCenter Server

Resolution

To connect to the vSphere Single-Sign on vmdird with the third-party JXplorer utility:

LDAP

  1. Download and install JXplorer from https://jxplorer.org/downloads/.
    Note: Java must be installed for JXplorer to function properly.

  2. Open the JXplorer utility.
  3. Click File > Connect and enter the following information:

    Host: vcenter.example.com
    Protocol: LDAPv3
    Port: 389
    Base DN: dc=vsphere,dc=local
    Level: User + Password
    User DN: cn=Administrator,cn=Users,dc=vsphere,dc=local

    Note: vsphere.local is the default naming convention for the SSO domain. If the environment has an SSO domain different to vsphere.local, replace as appropriate.

LDAPS

  1. Download and install JXplorer from https://jxplorer.org/downloads/.
    Note: Java must be installed for JXplorer to function properly.

  2. Open the JXplorer utility.
  3. Click File > Connect and enter the following information.

    Host: vcenter.example.com
    Protocol: LDAPv3
    Port: 636
    Base DN: dc=vsphere,dc=local
    Level: SSL + User + Password
    User DN: cn=Administrator,cn=Users,dc=vsphere,dc=local

  4. Import the LDAPS certificate from vCenter (this is machine certificate)
  5. Click Security > Trusted Servers & CAs. Click "Add Certificate".
  6. When it prompts you for the store password, input the password. It is usually the default JXplorer password of 'changeit'
  •  

Additional Information

Common Errors

  1. If the certificate for vCenter Server is not added to the certificate store of JXplorer
    javax.naming.CommunicationException: simple bind failed:Hostname:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Server Certificate: server certificate could not be verified, and the CA certificate is missing from the certificate chain. 
raw error: sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
  2. If port 389 is blocked to vCenter Server (which means only LDAPS 636 is allowed)
    javax.naming.CommunicationException: Hostnamel:389 [Root exception is java.net.ConnectException: Connection timed out: connect]



Powered by Wolken Software