Document toolboxDocument toolbox

(12.05.100-en) Troubleshooting: Problems When Configuring an Active Directory with LDAP over SSL

Symptom

You cannot configure an AD Connection under Active Directory /  LDAP with the option Use LDAPS connection activated. When testing the connection, one of the following types of error messages appears:

  • "The connection to the LDAP service failed! Check the certificate and server name";

  • "simple bind failed".
    The log file looks like:

  • "2019-05-23 14:13:38,512 ERROR [https-jsse-nio-8443-exec-151] dec: simple bind failed: QA-DC01:636 javax.naming.CommunicationException: simple bind failed: QA-DC01:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching QA-DC01 found.]"
    or

  • "javax.naming.CommunicationException: simple bind failed: dc01.your.domain:636
    [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]"

Problem

The Domain Controller(s) name and the certificate configured under Import SSL Certificate do not match.

Solution

  1. Check that a fully qualified name of the domain controller has been entered, e.g. "dc01.your.domain". An IP address or a short name such as "dc01" will not be accepted when the domain controller name is checked against the certificate.

  2. If several domain controllers are used, make sure that the root certificate has been configured.