AD connector failed to connect when SSL is turned on
search cancel

AD connector failed to connect when SSL is turned on

book

Article ID: 93538

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

Able to connect to our AD endpoint using AD connector in non-SSL mode.

When SSL is mode is enabled, and restarted the connector servers, we get the following error message on any operation we perform:
ETA_E_0019, Active Directory Endpoint 'ADTest' read failed: Connector Server Add failed: code 52 (UNAVAILABLE): failed to add entry eTADSDirectoryName=ADTest,eTNamespaceName=ActiveDirectory,dc=im,dc=etasa: JCS@hostname:  JNDI: Failed to activate connector on proxy connector server: [LDAP: error code 52 - Server Down] (ldaps://xxx.xxx.xx.x:20411) - Return Code: 13
 

Environment

Release:
Component: IDSVA

Cause

https://ldap.com/ldap-result-code-reference-core-ldapv3-result-codes/#rc-confidentialityRequired

confidentialityRequired (13)

Applicable operation types: add, bind, compare, delete, extended, modify, modify DN, search

The confidentialityRequired result code indicates that the server is only willing to process the requested operation if it is received over a secure connection that does not allow an eavesdropper to decipher or alter the contents of the request or response. For example, a server may only permit operations that involve clear-text passwords (like a simple bind request or a password modify extended request) to be requested over a secure connection and could return this result code in response to an attempt to send a clear-text password over an insecure connection.

If a client receives the confidentialityRequired result code, then it should take steps to secure the existing connection (for example, using the StartTLS extended operation, or by binding with a SASL mechanism that supports the auth-conf quality of protection), or to establish a new secure connection (for example, using a TLS-based connection) before re-sending the request.

Resolution

The error message is typically due to a certificate issue.   Please verify the certificate details.  We have seen this issue with missing certificates, as well as with configuration issues related to the certificate.  For example, using an IP address that does not match the fully qualified domain name the certificate was assigned to.
 

Please, refer to the CA Identity Management & Governance Connectors Guides for the Microsoft Active Directory, Microsoft Exchange, and Microsoft Lync connectors, :How to Connect to Active Directory for very detailed instructions on implementing the connector both in a secure, and non-secure environments:

Acquire an Active Directory Endpoint


 

Powered by Wolken Software