Configuring LDAPs with DSM fails with errors regarding Certificate Authority
search cancel

Configuring LDAPs with DSM fails with errors regarding Certificate Authority

book

Article ID: 374280

calendar_today

Updated On:

Products

VMware Data Services Manager

Issue/Introduction

During the configuration of LDAP and LDAPs with DSM, it fails with errors below:

LDAP config failed with error:


admission webhook "directoryservices.infrastructure.dataservices.vmware.com" denied the request: invalid ldap server url: 'ldap://xxxx-xxxx.com:636': 'ldap' is an invalid scheme. schema must be ldaps

LDAPS config failed with error:


Certificate for the server ldaps://xxxx-xxxx.com:636 should be self-signed or issuer CA certificate should be added to the Trusted Root Certificates.

Environment

DMS 2.0

Cause

For DSM services, LDAP is unsupported.

The error is indicating that we should be using LDAP over SSL (LDAPs)

When we use LDAPS, it would verify the certificate and certificates chain.

If the Certificate is not CA signed or Self signed, it would report an error should be self-signed or issuer CA certificate should be added to the Trusted Root Certificates.

Note:

  • For self signed certificates, the CA flag needs to be enabled
  • Also, some certificate providers e.g. LetsEncrypt may not issue all the certificates with flag CA associated with SSL certificate issued.

Resolution

Fix the certificate chain and make sure to use either self signed or CA signed certificate.

Verify that if its a self signed certificate, the certificate has the CA signed flag associated with it. If not, please work with certificate provider and regenerate the certificate with the CA flag.

 

 

Powered by Wolken Software