venkat1974
Contributor
Contributor

ldap server require signing

We have LDAP Server Signing Requirements group policy is set on our 2008R2 Domain Controllers, because of which we are getting the below error on the vCD Server.

=====

Caused by: java.net.UnknownHostException: vc.AD-IBM.local



This error is similatr the same that Joe is getting with SSO
I was testing vCloud Director (Red Hat Enterprise Linux) with LDAP for user authentication. Getting an identical error that I did with SSO. These errors came from using the bella.phoenixlab.net domain controllers.

Error trying with LDAP (TCP:389)

javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1^@]

Error trying with SSL (TCP:636)

| Error logging into LDAP. |
javax.naming.CommunicationException: simple bind failed: 10.5.63.13:636 [Root exception is java.net.SocketException: Connection reset]

=============

While on windows clients, you can set the group policy "Network security: LDAP client signing requirements" to allow Windows Clients to negotiate ldap signing, i want to know if there is anything equivalent in Ent Redhat Linux where you can set configure the LDAP Client to negotiate ldap signing (integrity checking).

Has anybody already hit this road block, if yes please share your experiences/solution.

0 Kudos
3 Replies
virtfed
VMware Employee
VMware Employee

Did you make any progress on this error? I am seeing it with a customer under the same circumstances.

0 Kudos
venkat1974
Contributor
Contributor

No, the issue is still persisting. It looks like certs have to be installed on both AD DC and SSO Server. I am not too sure abt that.

Would be glad to know what you find.

Thanks

0 Kudos
IamTHEvilONE
Immortal
Immortal

If you need more immediate assistance, can you file a ticket with tech support?

0 Kudos