Adding an LDAPS identity provider via the Layer 7 Policy Manager
search cancel

Adding an LDAPS identity provider via the Layer 7 Policy Manager


Article ID: 42892


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


How do I create an outbound SSL connection for my LDAPS provider?


my outbound SSL connection for LDAPS fails with the following error:
Cannot connect to this directory 'Could not establish context on any of the ldap urls'.


Release: Any
Component: Gateway


The secure connection (SSL) failed to establish between the LDAP and the policy manager


If an LDAP server is configured to use secure communications via LDAPS, it is imperative to ensure that the LDAPS server is trusted for Outbound SSL. If it is not trusted, the connection will not attempt to use SSL encryption and the connection to the LDAPS enabled identity provider may fail.

Enabling trust for outbound SSL involves importing the public certificate of the LDAPS server into the API Gateway via the Policy Manager. To import the public certificate of an LDAPS enabled identity provider:

  1. Log in to the Policy Manager as an administrative user.
  2. Select Manage Certificates from the Task menu.
  3. Select Add.
  4. Specify the protocol, hostname, and port of the LDAP server. (e.g., ldaps://
Note: The values "server," "domain," and "636" need to be adjusted for your LDAPS server, domain, and port, respectively.
  1. Ensure "Outbound SSL" is checked under "Options."

** If outbound SSL does not allow the LDAPS connection please add these additional options, Signing Certificates for Outbound SSL Connections, Signing Client Certificates, also on the validation tab select "certificate is a trust anchor".

Once the certificate is imported successfully, you will need to add the identity provider if it was not done prior:

  1. Select the Create LDAP Identity Provider task.
  2. Specify the Provider Name, URL, Search Base, Bind DN, and Bind Password as appropriate.
  3. Select the Test button to verify connectivity