ldap server require signing

venkat1974 · ‎09-23-2012

We have LDAP Server Signing Requirements group policy is set on our 2008R2 Domain Controllers, because of which we are getting the below error on the vCD Server.

=====

Caused by: java.net.UnknownHostException: vc.AD-IBM.local

This error is similatr the same that Joe is getting with SSO
I was testing vCloud Director (Red Hat Enterprise Linux) with LDAP for user authentication. Getting an identical error that I did with SSO. These errors came from using the bella.phoenixlab.net domain controllers.

Error trying with LDAP (TCP:389)

javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1^@]

Error trying with SSL (TCP:636)

| Error logging into LDAP. |
javax.naming.CommunicationException: simple bind failed: 10.5.63.13:636 [Root exception is java.net.SocketException: Connection reset]

=============

While on windows clients, you can set the group policy "Network security: LDAP client signing requirements" to allow Windows Clients to negotiate ldap signing, i want to know if there is anything equivalent in Ent Redhat Linux where you can set configure the LDAP Client to negotiate ldap signing (integrity checking).

Has anybody already hit this road block, if yes please share your experiences/solution.

virtfed · ‎10-29-2012

Did you make any progress on this error? I am seeing it with a customer under the same circumstances.

venkat1974 · ‎10-30-2012

No, the issue is still persisting. It looks like certs have to be installed on both AD DC and SSO Server. I am not too sure abt that.

Would be glad to know what you find.

Thanks

IamTHEvilONE · ‎10-30-2012

If you need more immediate assistance, can you file a ticket with tech support?

All

ldap server require signing