Secure LDAP user import and authentication fails with patch 5 on iPrint Appliance 3.2

  • 7024566
  • 16-Apr-2020
  • 16-Apr-2020


iPrint Appliance 3.2 Patch 5


Users on iPrint Appliance 3.2 Patch.4 authenticate fine and LDAP import synchronizations are successful. However, after applying patch 5 (to upgrade to 3.2.5), the two following problems are introduced:
  • News users do not import into the Appliance.
  • Existing users can not print to SSL enable printers
    • Authentications fail.


Recreate the certificate on the source LDAP server to have a SAN ( Subject Alternative Name) attribute which contains the server DNS and IP address.


Patch 5 for the iPrint Appliance 3.2 introduces a new set of security measures which enforces the validation of the certificate SAN attribute.  Prior to this update, the CN (Common Name) was sufficient.

If the current certificate does not have a SAN, LDAPS communication will fail.

Additional Information

The following error where show witin the /var/opt/novell/tomcat-filr/logs/appserver.log
---------->Starting ldap sync...
2020-04-01 09:45:01,002 ERROR [Sitescape_Worker-16] [org.kablink.teaming.module.ldap.impl.LdapModuleImpl] - syncUsers() threw an exception:
javax.naming.CommunicationException: [Root exception is No subject alternative names matching IP address found]

Note that in this example, is the source LDAP server.