Univiewer Management Server can not connect to the LDAP server with SSL
Article ID: 87268
Updated On:
Products
CA Automic Dollar Universe
Issue/Introduction
Error Message :
On unicheckms or unicheckldap output:
***************************************
Host: LDAP_SERVER Port: 636 SSL: true
cannot connect to ldap server: javax.naming.CommunicationException: simple bind failed: LDAP_SERVER :636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
FAILURE Host: LDAP_SERVER configuration is KO
****************************************
Or:
****************************************
Host: LDAP_SERVER Port: 636 SSL: true
cannot connect to ldap server: javax.naming.CommunicationException: simple bind failed: LDAP_SERVER:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
FAILURE Host: LDAP_SERVER configuration is KO
****************************************
Patch level detected:Univiewer Management Server 4.0.00
Product Version: Univiewer Management Server version 6
Univiewer Management Server can not connect to the LDAP server with SSL enabled, as a results UVC users cannot login into UVMS with their LDAP login.
Internal logins are able to connect to the UVMS.
Unicheckldap command fails to connect to the LDAP server.
On unicheckms or unicheckldap output:
***************************************
Host: LDAP_SERVER Port: 636 SSL: true
cannot connect to ldap server: javax.naming.CommunicationException: simple bind failed: LDAP_SERVER :636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
FAILURE Host: LDAP_SERVER configuration is KO
****************************************
Or:
****************************************
Host: LDAP_SERVER Port: 636 SSL: true
cannot connect to ldap server: javax.naming.CommunicationException: simple bind failed: LDAP_SERVER:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
FAILURE Host: LDAP_SERVER configuration is KO
****************************************
Patch level detected:Univiewer Management Server 4.0.00
Product Version: Univiewer Management Server version 6
Univiewer Management Server can not connect to the LDAP server with SSL enabled, as a results UVC users cannot login into UVMS with their LDAP login.
Internal logins are able to connect to the UVMS.
Unicheckldap command fails to connect to the LDAP server.
Cause
Cause type:
Configuration
Root Cause: This error means that the LDAP SSL certificate has not been correctly imported on the UVMS.
Configuration
Root Cause: This error means that the LDAP SSL certificate has not been correctly imported on the UVMS.
Environment
OS: All
OS Version: All
OS Version: All
Resolution
Please re-import the LDAP SSL certificate as specified in the UVMS Administration manual, example:
Fix Status: No Fix
Fix Version(s):
N/A
9.2.1.5 SSL Configuration
To use an LDAP directory in SSL mode, UVMS is not required to be configured in SSL mode.
The unissl command, located in the univiewer_server\<nodename>\app\bin\ folder enables the SSL communication configuration between UVMS and LDAP.
The UVMS SSL architecture is described in section "SSL Communications" on page 67.
The following steps must be followed:
- Create a keystore / trustore (if necessary) with a unissl genstore command. Refer to section "Generate the keystore/truststore" on page 118.
- Add the LDAP certificate to the UVMS-approved certificates list with a unissl import command (refer to section "Import a certificate" on page 119).
Fix Status: No Fix
Fix Version(s):
N/A
Additional Information
Workaround :
Disable the SSL between UVMS and LDAP server,in order to do so:
1. On the folder data of the uvms, backup the current ldap.xml and then edit the file ldap.xml
2. Replace the following two lines:
<port>636</port>
by
<port>389</port>
and
<SSL>YES</SSL>
by
<SSL>NO</SSL>
3. Restart the UVMS to take into account the modification.
Disable the SSL between UVMS and LDAP server,in order to do so:
1. On the folder data of the uvms, backup the current ldap.xml and then edit the file ldap.xml
2. Replace the following two lines:
<port>636</port>
by
<port>389</port>
and
<SSL>YES</SSL>
by
<SSL>NO</SSL>
3. Restart the UVMS to take into account the modification.
Feedback
Powered by
