Unable to configure LDAPS for AD authentication in Aria Operations for Logs
Article ID: 410160
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
When require SSL box was checked, test connection was failing with AD authentication failed error message:
Environment
Aria Operations for Logs 8.x
Resolution
1. Take snapshot of the Aria Operations for Logs nodes.
2. Back up the file located at
/usr/java/default/conf/security/java.security using the below command:cp /usr/java/default/conf/security/java.security /usr/java/default/conf/security/java.security.bck3. Post that open the file in the editor:
vim /usr/java/default/conf/security/java.security4. Below is the algorithms definition before removing the lines:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
RSA keySize < 512, DESede, \
TLS_RSA_WITH_AES_256_CBC_SHA, \
TLS_RSA_WITH_AES_256_CBC_SHA256, \
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, \
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, \
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, \
TLS_RSA_WITH_AES_128_CBC_SHA, \
TLS_RSA_WITH_AES_128_CBC_SHA256, \
include jdk.disabled.namedCurves5. From this list above remove following (including backslash at the end):
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA2566. After performing the above steps save the file and restart the
loginsight service by running:systemctl restart loginsightFeedback
Yes
No
Powered by
