/var/log/proton/nsxapi.log[TIMESTAMP] WARN http-nio-exec-46 CrlWebDirectFetcher SYSTEM [nsx@6876 comp="nsx-manager" level="WARNING" reqId="[UUID]" subcomp="manager" username="[USERNAME]"] Couldn't get LDAP context from URI ldap:///CN=[CN],CN=[CN],CN=[CN],CN=[CN],CN=Services,CN=[CN],DC=[DC],DC=[DC
javax.naming.CommunicationException: [HOSTNAME].:389
at com.sun.jndi.ldap.Connection.<init>(Connection.java:243) ~[?:1.8.0_382]
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[?:1.8.0_382]
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615) ~[?:1.8.0_382]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2849) ~[?:1.8.0_382]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:347) ~[?:1.8.0_382]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229) ~[?:1.8.0_382]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) ~[?:1.8.0_382]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247) ~[?:1.8.0_382]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) ~[?:1.8.0_382]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) ~[?:1.8.0_382]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:695) ~[?:1.8.0_382]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[?:1.8.0_382]
at javax.naming.InitialContext.init(InitialContext.java:244) ~[?:1.8.0_382]
at javax.naming.InitialContext.<init>(InitialContext.java:216) ~[?:1.8.0_382]
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) ~[?:1.8.0_382]
at com.vmware.nsx.management.security.CrlWebDirectFetcher.downloadCrlFromLdap(CrlWebDirectFetcher.java:110) ~[nsx-trustmanager-1.0.jar:?]
GET https://<manager>/api/v1/global-configs/SecurityGlobalConfig
{
"crl_checking_enabled": true,
"ca_signed_only": false,
"eku_checking_enabled": true,
"id": "[UUID]",
"_create_time": [TIME],
"_create_user": "system",
"_last_modified_time": [TIME],
"_last_modified_user": "system",
"_protection": "NOT_PROTECTED",
"_revision": 0
}
VMware NSX
VMware NSX-T Data Center
VMware NSX doesn't currently support LDAP hosted CDPs.
Workaround:
GET https://<manager>/api/v1/global-configs/SecurityGlobalConfig
{
"crl_checking_enabled": true,
"ca_signed_only": false,
"eku_checking_enabled": true,
"id": "[UUID]",
"_create_time": [TIME],
"_create_user": "system",
"_last_modified_time": [TIME],
"_last_modified_user": "system",
"_protection": "NOT_PROTECTED",
"_revision": 0
}
PUT https://<manager>/api/v1/global-configs/SecurityGlobalConfig