Environment
Novell Open Enterprise Server 1 (OES) Service pack 2
Novell eGuide 2.1
Situation
Purpose:
Configure remote LDAP source for eGuide over SSL
Symptoms:
Problems with authentication when remote LDAP source is configured over the port 636.
Getting "login failed" at the login page
dstrace ERROR:
08:50:10 966C2400 LDAP: (192.168.108.27:51691)(0x0000:0x00) TLS accept
failure 5 on connection 0xa29f02a0, setting err = ‑5875. Error stack:
08:50:10 966C2400 LDAP: (192.168.108.27:51691)(0x0000:0x00) TLS handshake
failed on connection 0xa29f02a0, err = ‑5875
Changes:
In eGuide Administration utility page -> Configuration -> LDAP Data Sources -> Properties -> Edit, Host name has been changed to a remote LDAP server, SSL is enabled.
Configure remote LDAP source for eGuide over SSL
Symptoms:
Problems with authentication when remote LDAP source is configured over the port 636.
Getting "login failed" at the login page
dstrace ERROR:
08:50:10 966C2400 LDAP: (192.168.108.27:51691)(0x0000:0x00) TLS accept
failure 5 on connection 0xa29f02a0, setting err = ‑5875. Error stack:
08:50:10 966C2400 LDAP: (192.168.108.27:51691)(0x0000:0x00) TLS handshake
failed on connection 0xa29f02a0, err = ‑5875
Changes:
In eGuide Administration utility page -> Configuration -> LDAP Data Sources -> Properties -> Edit, Host name has been changed to a remote LDAP server, SSL is enabled.
Resolution
Steps:
1. export the root certificate of the LDAP server referenced in the LDAP Data Sources in .der format using ConsoleOne or iManager.
2. import the certificate into the cacerts file on OES Linux server running eGuide:
keytool -import -alias -file -keystore -storepass
changeit
example (may not reflect the same paths as on your system):
keytool -import -alias ldap1 -file /tmp/Cert1.der -keystore /var/opt/novell/tomcat5/conf/cacerts - storepass changeit
3. restart tomcat by running rcnovell-tomcat4 restart.
1. export the root certificate of the LDAP server referenced in the LDAP Data Sources in .der format using ConsoleOne or iManager.
2. import the certificate into the cacerts file on OES Linux server running eGuide:
keytool -import -alias
example (may not reflect the same paths as on your system):
keytool -import -alias ldap1 -file /tmp/Cert1.der -keystore /var/opt/novell/tomcat5/conf/cacerts - storepass changeit
3. restart tomcat by running rcnovell-tomcat4 restart.
Additional Information
Root cause:
When eGuide is trying to connect to a remote LDAP server over SSL it has to have a certificate in order for LDAP server to establish secure connection. By importing the certificate using keytool, eGuide server can be trusted by the remote LDAP server.
When eGuide is trying to connect to a remote LDAP server over SSL it has to have a certificate in order for LDAP server to establish secure connection. By importing the certificate using keytool, eGuide server can be trusted by the remote LDAP server.