Configuring remote LDAP source for eGuide

  • 3005110
  • 26-May-2006
  • 27-Apr-2012

Environment


Novell Open Enterprise Server 1 (OES) Service pack 2
Novell eGuide 2.1

Situation

Purpose:
Configure remote LDAP source for eGuide over SSL

Symptoms:
Problems with authentication when remote LDAP source is configured over the port 636.
Getting "login failed" at the login page

dstrace ERROR:
08:50:10 966C2400 LDAP: (192.168.108.27:51691)(0x0000:0x00) TLS accept
failure 5 on connection 0xa29f02a0, setting err = ‑5875. Error stack:
08:50:10 966C2400 LDAP: (192.168.108.27:51691)(0x0000:0x00) TLS handshake
failed on connection 0xa29f02a0, err = ‑5875

Changes:
In eGuide Administration utility page -> Configuration -> LDAP Data Sources -> Properties -> Edit, Host name has been changed to a remote LDAP server, SSL is enabled.

Resolution

Steps:
1. export the root certificate of the LDAP server referenced in the LDAP Data Sources in .der format using ConsoleOne or iManager.

2. import the certificate into the cacerts file on OES Linux server running eGuide:

keytool -import -alias -file -keystore -storepass changeit

example (may not reflect the same paths as on your system):

keytool -import -alias ldap1 -file /tmp/Cert1.der -keystore /var/opt/novell/tomcat5/conf/cacerts - storepass changeit

3. restart tomcat by running rcnovell-tomcat4 restart.

Additional Information

Root cause:

When eGuide is trying to connect to a remote LDAP server over SSL it has to have a certificate in order for LDAP server to establish secure connection. By importing the certificate using keytool, eGuide server can be trusted by the remote LDAP server.