Auth Satellites fail and "Unable to create the user source object" when adding a second user source connection with SSL and LDAP Certificate has empty subject

  • Document ID:7007036
  • Creation Date:11-Oct-2010
  • Modified Date:30-Apr-2012
    • Micro Focus Products:
      ZENworks Configuration Management

Environment

Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3

Situation

If the ssl certificate minted for ldap user source contains empty subject, then there are two identified problems:
  1. When adding a second user source connection to a new server in the same AD domain, this error is returned:

    Unable to complete your request for the following reason:  Unable to create the user source object.
  2. Additionally, all authentication satellites fail to authenticate users:
    ERROR (from ats.log on satellite):
    2010-12-23 15:18:17,238 INFO ia.IAContext Exception occured while adding
    connector specified at [XPath: /bci:realms/bci:realm[@id='server.com']]
    2010-12-23 15:18:17,238 INFO ia.IAContext class javax.naming.NamingException
    2010-12-23 15:18:17,238 INFO ia.IAContext Unable to connect to any specified
    LDAP address.
 



Resolution

For ZENworks 10.3.x:  This is fixed in version 10.3.3 - see KB 7007641 "ZENworks Configuration Management 10.3.3 - update information and list of fixes" which can be found at https://www.novell.com/support
For ZENworks 11:  This is fixed in version 11.1 - see KB 7008746 "ZENworks Configuration Management 11.1 - update information and list of fixes" which can be found at https://www.novell.com/support.

Additional Information

Note, as long as the alt subject is populated with the correct server information, per RFC this certificate should be considered valid.