"Not Connected" when LDAP connections to generic LDAP are made over SSL
search cancel

"Not Connected" when LDAP connections to generic LDAP are made over SSL


Article ID: 325603


Updated On:


VMware Cloud Director


  • Specifying a generic FQDN resolved by multiple domain controllers for the configuration.
  • Multiple domain controllers are resolving to the generic name.
  • Simple mode is selected for configuration. 
  • Configuration with single Domain Controller is successful.
  • Using Both SSL and Accept all certificates for the generic FQDN fails.
  • From /opt/vmware/vcloud-director/logs/vcloud-container-debug.log
2020-04-30 15:46:27,062 | ERROR  | pool-jetty-5916143    | LdapProviderImpl        | Error logging into LDAP. | requestId=<REQUEST_ID>,request=POST https://vcloud.example.com/cloud/amfsecure,requestTime=1234567890123,remoteAddress=<IP>:57372,userAgent=Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTM...,accept=*/* method=orgService.testLdapConnection
javax.naming.CommunicationException: simple bind failed: example.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching example.com found]
    at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151)


VMware Cloud Director for Service Provider 9.x


This issue is caused when the certificates on the multiple domain controllers doesn't have the generic name in their Subject Alternative Name section.


To resolve the issue, verify the certificates from the domain controllers to see if the generic name is included in their certificates.
For example : if you have dc1.
example.com and dc2.example.com and you want to connect with example.com FQDN then both of the server needs to have example.com in their certificate SAN field.