Configured LDAP with steps listed at https://docs.vmware.com/en/VMware-Smart-Assurance/10.1.4/ncm-installation-guide-1014/GUID-3AB52B96-A1C9-44E1-84C9-24A521E63C39.html
Login to NCM with LDAP user fails & $VOYENCE_HOME/ncmcore/logs/powerup.log has following error:
2020-02-28 20:53:44,696 DEBUG [com.powerup.configmgr.server.config.impl.SystemConfig] (http-nio-8881-exec-8) Getting user supplied value for config.security.ldap-auth: 0.ldap.server.securityprotocol
2020-02-28 20:53:44,696 DEBUG [com.powerup.configmgr.server.security.impl.LDAPAuthenticator] (http-nio-8881-exec-8) Using security protocol property in the context - ssl
2020-02-28 20:53:44,696 DEBUG [com.powerup.configmgr.server.security.impl.LDAPAuthenticator] (http-nio-8881-exec-8) Getting context for principal = CN=Admin,CN=Users,DC=testdomain,DC=org
2020-02-28 20:53:44,696 ERROR [com.powerup.configmgr.server.security.impl.LDAPAuthenticator] (http-nio-8881-exec-8) Naming exception
javax.naming.CommunicationException: x.x.x.x:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address x.x.x.x found]
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address x.x.x.x found
Refer https://www.oracle.com/java/technologies/javase/8u181-relnotes.html for details. Snippet of information from the above link as below:
From Java version 8 update 181, to improve the robustness of LDAPS (secure LDAP over TLS) connections, endpoint identification algorithms have been enabled by default.
Note that there may be situations where some applications that were previously able to successfully connect to an LDAPS server may no longer be able to do so. Such applications may, if they deem appropriate, disable endpoint identification using a new system property: com.sun.jndi.ldap.object.disableEndpointIdentification.
Define this system property (or set it to true) to disable endpoint identification algorithms.
Follow the below steps in NCM Application Server / Combination Server:
a) Execute: service vcmaster stop
b) Take a back up of /etc/init.d/ncm-as file.
c) Open the file /etc/init.d/ncm-as and add the flag -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true in CATALINA_OPTS before end of the quotes. Save and close the file.
d) Execute: service vcmaster start