Issue/Problem/Symptoms:
User configures LDAP integration in the SSO utility however when testing user authentication, the LDAP test fails with the error below:
SSO Configuration/CA Performance Center:
1. LDAP Authentication
2. SAML2 Authentication
3. Performance Center
4. Single Sign-On
5. Test LDAP
6. Export SAML2 Service Provider Metadata
Choose an option > 5
SSO Configuration/CA Performance Center/Test LDAP
Enter username > jessica
Enter password > ********
The UserBind option has been selected. We will now perform the first bind with the LdapConnectionUser and LdapConnectionPassword supplied in the SSO Config utility.
ldapSearchDomain = ldap://ldapserver.company.com/
ldapTimeout = 10000
DirContext.SECURITY_AUTHENTICATION = simple
DirContext.SECURITY_PRINCIPAL = CN=Service Account,DC=netqossupport,DC=local
DirContext.SECURITY_CREDENTIALS set
Could not obtain a DirectoryContext.
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1]
Bind to the directory failed.
Environment:
This problem can happen with the following products that uses Single Sign-On authentication with LDAP integration:
Cause:
This issue is the result of a non-default domain policy set in active directory that enforces all LDAP authentication to be secured with SSL. The registry key below should be set to the default value in the AD Server or LDAPS should be configure to securely connect to the AD Server.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity
Resolution/Workaround:
Please check the Microsoft KB to resolve this issue from the AD Server:
https://support.microsoft.com/en-us/kb/2545140
If LDAPS is required due to company's policy, please follow the LDAPS configuration instructions, check additional information below.
Additional Information: