Auth Satellites fail and "Unable to create the user source object" when adding a second user source connection with SSL and LDAP Certificate has empty subject

  • 7007036
  • 11-Oct-2010
  • 30-Apr-2012

Environment

Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3

Situation

If the ssl certificate minted for ldap user source contains empty subject, then there are two identified problems:
  1. When adding a second user source connection to a new server in the same AD domain, this error is returned:

    Unable to complete your request for the following reason:  Unable to create the user source object.
  2. Additionally, all authentication satellites fail to authenticate users:
    ERROR (from ats.log on satellite):
    2010-12-23 15:18:17,238 INFO ia.IAContext Exception occured while adding
    connector specified at [XPath: /bci:realms/bci:realm[@id='server.com']]
    2010-12-23 15:18:17,238 INFO ia.IAContext class javax.naming.NamingException
    2010-12-23 15:18:17,238 INFO ia.IAContext Unable to connect to any specified
    LDAP address.
 



Resolution

For ZENworks 10.3.x:  This is fixed in version 10.3.3 - see KB 7007641 "ZENworks Configuration Management 10.3.3 - update information and list of fixes" which can be found at https://www.novell.com/support
For ZENworks 11:  This is fixed in version 11.1 - see KB 7008746 "ZENworks Configuration Management 11.1 - update information and list of fixes" which can be found at https://www.novell.com/support.

Additional Information

Note, as long as the alt subject is populated with the correct server information, per RFC this certificate should be considered valid. 

Feedback service temporarily unavailable. For content questions or problems, please contact Support.