Connection to LDAP with TLS : SSLHandshakeException

Similar Messages

• Connect to LDAP with Address Book and Mail

  The admin guide for OD is pretty vague from what I've been able to figure out. How do I connect to my LDAP with Address Book and Mail? I'm sure this is a really simple setup and I'm just missing some minor detail.

  Address Book > Preferences > LDAP
  HTH
  Martin

• Problem connecting to LDAP with SSL enabled

  Hi,
  I'm trying to connect to Active Directory with JNDI, but I got a few problems.
  I use Win2003 server, I tried the code from adler_steven (very good and works well), but I got a problem when I want to connect over TLS.
  Apparently, I have to install the SSL/TLS on the machine. I tried to follow the howto http://support.microsoft.com/default.aspx?scid=kb;en-us;321051, but i got an error when i create a new certifcate :
  Expected INF file section name 0xe0000000 (INF:-536870912) request.inf.
  I tried differents stuff but without results.
  I'm not able to install it, so when I run the code I've got the errors :
  IO Exception, Problem creating object: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
  It s a first time that I use the JNDI API and LDAP (Active Directory ) sorry for any incomprehension, but I really need to finish the program.
  Thanks in advance
  cyroul

  Hi,
  I'm trying to connect to Active Directory with JNDI, but I got a few problems.
  I use Win2003 server, I tried the code from adler_steven (very good and works well), but I got a problem when I want to connect over TLS.
  Apparently, I have to install the SSL/TLS on the machine. I tried to follow the howto http://support.microsoft.com/default.aspx?scid=kb;en-us;321051, but i got an error when i create a new certifcate :
  Expected INF file section name 0xe0000000 (INF:-536870912) request.inf.
  I tried differents stuff but without results.
  I'm not able to install it, so when I run the code I've got the errors :
  IO Exception, Problem creating object: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
  It s a first time that I use the JNDI API and LDAP (Active Directory ) sorry for any incomprehension, but I really need to finish the program.
  Thanks in advance
  cyroul

• OpenLDAP ldapsearch connect to OID with SSL?

  I can connect to LDAPS with the Oracle ldapsearch client, but not with the OpenLdap ldapsearch client. I'm using OID 10.1.4.2. Is there a way to get OpenLdap clients to connect using SSL?
  The following works:
  Non-SSL With Oracle ldapsearch
  $OH/bin/ldapsearch -h HOST -p 3389 -D "cn=orcladmin" -w MYPASSWORD "(objectClass=person)" cn
  Non-SSL With OpenLdap ldapsearch
  /usr/bin/ldapsearch -x -L -h HOST -p 3389 -b "" -D "cn=orcladmin" -w MYPASSWORD "(objectClass=person)" cn
  SSL With Oracle ldapsearch
  $OH/bin/ldapsearch -h HOST -p 3636 -U 1 -D "cn=orcladmin" -w MYPASSWORD "(objectClass=person)" cn
  The following fails - appearing to hang:
  SSL With OpenLdap ldapsearch
  /usr/bin/ldapsearch -x -h HOST -p 3636 -b "" -D "cn=orcladmin" -w MYPASSWORD "(objectClass=person)" cn
  /usr/bin/ldapsearch -I -h HOST -p 3636 -b "" -D "cn=orcladmin" -w MYPASSWORD "(objectClass=person)" cn
  I see the following in logs under $OH/ldap/log/
  SSLthread:23 * ERROR * gslsflnNegotiateSSL * SSL Hand Shake failed

  I haven't done this myself, but looks like you want the -Z switch. Issuing the command without any parameters should print out the usage details.
  -Vinod

• What version of SQL Server support ssl connection with TLS. 1.2 (SHA-256 HASH)

  Hi,
  I just want to know,
  What version of SQL Server support ssl connection with TLS. 1.2 (SHA-256 HASH).
  if support already,
  how can i setting.
  plz.  help me!!! 

  The following blog states that SQL Server "leverages the SChannel layer (the SSL/TLS layer provided
  by Windows) for facilitating encryption.  Furthermore, SQL Server will completely rely upon SChannel to determine the best encryption cipher suite to use." meaning that the version of SQL Server you are running has no bearing on which
  encryption method is used to encrypt connections between SQL Server and clients.
  http://blogs.msdn.com/b/sql_protocols/archive/2007/06/30/ssl-cipher-suites-used-with-sql-server.aspx
  So the question then becomes which versions of Windows Server support TLS 1.2.  The following article indicates that Windows Server 2008 R2 and beyond support TLS 1.2.
  http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx
  So if you are running SQL Server on Windows Server 2008 R2 or later you should be able to enable TLS 1.2 and install a TLS 1.2 certificate.  By following the instructions in the following article you should then be able to enable TLS 1.2 encryption
  for connections between SQL Server and your clients:
  http://support.microsoft.com/kb/316898
  I hope that helps.

• Trouble with Unity Connection and LDAP

  Our CUCM 8.6 is currently integrated with LDAP, this was done before I started with the company, I'm working on getting the CUC integrated as well, but I keep getting the following error message:
  Error while Connecting to ldap://xx.xx.xx.xx:389, null   
  I took the exact same settings that was used on the cucm (the LDAP syncs fine with CUCM)  
  LDAP Configuration name: ActiveDirectory
  LDAP Manager Distinguished Name: [email protected]
  LDAP Password: *******
  LDAP User Search Base: DC=xyz,DC=net
  User ID: sAMAccountName
  Middle Name: middleName
  Manage ID: manager
  phone number: ipPhone
  First name: givenName
  Last Name: sn
  Department: department
  Mail ID: mail
  User ID: sAMAccountName
  Middle Name: middleName
  Manage ID: manager
  phone number: ipPhone
  First name: givenName
  Last Name: sn
  Department: department
  Mail ID: mail    
  Any ideas what could be causing that error? I've ran into this before somewhere but was able to figure out that it was something with the way I had put in the OU..This time I'm really I have not idea, especially since I took the settings from the LDAP setup in CUCM. 

  Hi Chris,
  Yes I'm sure the sync is still working, I've went into CUCM and did a full sync and it was successful, I also hit save and that was successful as well, that was the first thing I did just to make sure it was working, I was thinking like you that maybe it wasn't working properly ...I'll take some screen shots and post shortly
  Fred
  Here's a screenshot of both CUCM and CUC
  Message was edited by: Fred Rawlings

• Outlook 2010 IMAP connection problem and not work with TLS enabled

  Dear all,
  Need your help.  5 users of my customer Outlook 2010 suddenly popped error message "Your IMAP server closed the connection".  We checked that there is no problem in IMAP connection in Exchange 2007 server (SP3) (we tested with setup new
  account in another Outlook and able to connect, send and receive email).  
  We are able to workaround the problem of that 5 users by disabling TLS in account setting for SMTP to Exchange.  The users can then connect and able to send and receive. (however, in our testing above, there is no problem with TLS).
  Could you help to enlighten me what may be the cause of this situation?  
  Best Regards,
  Rayson Wong 

  Hi,
  Please click File > Account Settings > Account Settings > Select the IMAP account and click
  Change > More Settings button > Advanced tab, and then adjust the
  Server Timeouts slider bar to a longer time to check the result.
  Also make sure the SMTP server port number is set correctly.
  Please let me know the result.
  Regards,
  Steve Fan
  TechNet Community Support

• ExtendedOperation() with TLS fails with javax.naming.NotContextException

  With JDK 1.4.2_12, I'm trying to access a Win2003 server with "ldap://<fqdn.server>:389" as Context.PROVIDER_URL. An SSL connection ("ldaps://<fqdn.server>:636") using the same keystore works fine. Testing it as a stand-alone app with TLS on a different machine also works fine (JDK 1.4.2_11) . Any help would be much appreciated as I'm completely flummoxed.
  The line that throws the error is:
  tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());-Gregg
  ======================================
  LdapContext ctx = null;
  StartTlsResponse tls = null;
  Hashtable env = new Hashtable(11);
  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
  env.put("java.naming.ldap.version" , "3");
  env.put("java.naming.ldap.derefAliases", "always");
  env.put(Context.PROVIDER_URL, getLDAPURL());
  if (useSSL()) env.put(Context.SECURITY_PROTOCOL, "ssl");
  if (useSSL() || useTLS()) {
       java.lang.System.setProperty(JAVA_NET_KEYSTORE, getKeystore());
       java.lang.System.setProperty(JAVA_NET_KEYSTORE_PW, getKeystorePass());
       java.lang.System.setProperty(JAVA_NET_TRUSTSTORE, getKeystore());
       java.lang.System.setProperty(JAVA_NET_TRUSTSTORE_PW, getKeystorePass());
  try {
       // Create initial context
       ctx = new InitialLdapContext(env, null);
       if (useTLS()) {
            tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
  } catch (NamingException e) {
  }======================================
  Partial stack trace:
  at javax.naming.ldap.InitialLdapContext.extendedOperation(InitialLdapContext.java:163)
  at javax.naming.ldap.InitialLdapContext.getDefaultLdapInitCtx(InitialLdapContext.java:151)
     javax.naming.NotContextException: Not an instance of LdapContext

  If it works on one machine and not another, then I hate to state the obvious, but you have to find out what is the difference between the two.
  I have no idea why or how you get the "Not an instance of LdapContext". Unfortunately for you, this is where I can resort to my lame "I'm not a Java developer" excuse :-)
  The only thing I can suggest is to remove the StartTLS stuff, and just see whether you can perform a basic LDAP operation over the ctx, such as a simple search.
  Sorry that this is not much help.
  Good luck.

• Error while connecting to LDAP directly

  Hi All,
  We are working on the server which is connected to LDAP . Here, we are trying to connect directly to ldap with ldap url "ldap://myHost:port" as in below mentioned code :
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.PROVIDER_URL, "ldap://myHost:port");
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.SECURITY_PRINCIPAL, "DC=ad,DC=org,DC=com");
  env.put(Context.SECURITY_CREDENTIALS, "");
  DirContext ctx = new InitialDirContext(env);
  While deploying we got some error as
  u201C[LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]u201D. 
  It seems, we need to pass certain parameters along with url like cn: common name, uid=unique id ,ou=org unit, o=organization. Need some information regarding what all details have to be provided for integration from configtool and in which format like for common name, organization etc.
  Also, what should be the entry for Context.SECURITY_PRINCIPAL?
  Appreciate an early response.
  Thanks in advance.
  Regards,
  Mitali

  [Start of UME Service Failed |http://help.sap.com/saphelp_nw04/helpdata/en/20/361941edd5ef23e10000000a155106/frameset.htm]check this same exception got resolved..
  one more thing, Have you uploaded the LDAP servers certificate in the TrustedCAS of the keystore in Visual Admin in the WAS server? If you are using LDAP ssl the connection to the server will expect a certificate if you dont have the trust enabled you wont be able to connect
  Thanks

• Unable to connect  remote LDAP server 2005Q1

  To connect remote LDAP server with local mail server in iMS5.2, it was successful and very easy.
  But, with Sun Java Messaging 2005Q1, I failed so many times when I configure mail server.
  Only two things( LDAP and messaging ) are in the same machine, it was successful.
  It's very weird.
  In Install Guide, remote LDAP system has no problem to connect with local mail server.
  Here is LDAP server version.
  # ./monitor
  version: 1
  dn: cn=monitor
  objectClass: top
  objectClass: extensibleObject
  cn: monitor
  connectionpeak: 9
  version: Sun Java(TM) System Directory Server/5.2_Patch_3 B2004.331.1125
  Messaging server version is Sun Java Messaging 2005Q1.
  ================ Install Log ================
  The following items for the product Messaging Server will be configured:
  Product: Messaging Server
  Location: /data/MailData
  Space Required: 0 bytes
  Message Transfer Agent
  Message Store
  Messenger Express
  Ready to Configure
  1. Configure Now
  2. Start Over
  3. Exit Configure Program
  What would you like to do [1] {"<" goes back, "!" exits}?
  Starting Task Sequence
  ===== Thu Apr 21 18:50:38 KST 2005 =====
  Running /usr/sbin/groupadd mail
  ===== Thu Apr 21 18:50:38 KST 2005 =====
  Running /usr/sbin/useradd -g mail -d / mailsrv
  ===== Thu Apr 21 18:50:38 KST 2005 =====
  Running /usr/sbin/usermod -G mail mailsrv
  ===== Thu Apr 21 18:50:38 KST 2005 =====
  Running /bin/rm -rf /opt/java05Q1/Mail/config /opt/java05Q1/Mail/data
  ===== Thu Apr 21 18:50:38 KST 2005 =====
  Running /bin/chmod 600 /opt/java05Q1/Mail/lib/config-templates/Devsetup.
  properties
  ===== Thu Apr 21 18:50:38 KST 2005 =====
  Running /opt/java05Q1/Mail/lib/devinstall -l schema1:sepadmsvr:pkgcfg:config:
  msg:msg_en:imta:msma:webmail:imta -v -m -i /opt/java05Q1/Mail/lib/config-
  templates/config.ins /opt/java05Q1/Mail/lib/config-templates
  /opt/java05Q1/Mail/lib/jars /opt/java05Q1/Mail/lib
  ===== Thu Apr 21 18:50:45 KST 2005 =====
  Running /bin/sh -c /opt/java05Q1/Mail/sbin/imsimta clbuild -
  image_file=IMTA_COMMAND_DATA IMTA_BIN:pmdf.cld
  ===== Thu Apr 21 18:50:46 KST 2005 =====
  Running /bin/sh -c /opt/java05Q1/Mail/sbin/imsimta chbuild
  ===== Thu Apr 21 18:50:46 KST 2005 =====
  Running /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
  cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/cfgdir23381 -c -
  e /opt/java05Q1/Mail/config/cfgdir.ldif.rej -f /opt/java05Q1/Mail/config/cfgdir.
  ldif
  ===== Thu Apr 21 18:50:46 KST 2005 =====
  Running /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
  cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
  e /opt/java05Q1/Mail/config/usergroup.ldif.rej -f
  /opt/java05Q1/Mail/config/usergroup.ldif
  ===== Thu Apr 21 18:50:46 KST 2005 =====
  Running /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
  cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
  e /opt/java05Q1/Mail/config/dctree.ldif.rej -f /opt/java05Q1/Mail/config/dctree.
  ldif
  ===== Thu Apr 21 18:50:46 KST 2005 =====
  Running /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
  cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
  e /opt/java05Q1/Mail/config/mid_dctree.ldif.rej -f
  /opt/java05Q1/Mail/config/mid_dctree.ldif
  ===== Thu Apr 21 18:50:47 KST 2005 =====
  Running /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
  cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
  e /opt/java05Q1/Mail/config/last_dctree.ldif.rej -f
  /opt/java05Q1/Mail/config/last_dctree.ldif
  ===== Thu Apr 21 18:50:47 KST 2005 =====
  Running /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
  cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
  e /opt/java05Q1/Mail/config/pab.ldif.rej -f /opt/java05Q1/Mail/config/pab.ldif
  ===== Thu Apr 21 18:50:47 KST 2005 =====
  Running /bin/sh -c /opt/java05Q1/Mail/sbin/imsimta cnbuild
  ===== Thu Apr 21 18:50:47 KST 2005 =====
  Running /bin/sh -c /bin/cp /opt/java05Q1/Mail/lib/config-
  templates/madman_solaris.reg /etc/snmp/conf/ims.reg
  ===== Thu Apr 21 18:50:47 KST 2005 =====
  Running /bin/sh -c /bin/cp /opt/java05Q1/Mail/lib/config-
  templates/madman_solaris.acl /etc/snmp/conf/ims.acl
  ===== Thu Apr 21 18:50:47 KST 2005 =====
  Running /bin/sh -c /usr/bin/crle
  ===== Thu Apr 21 18:50:47 KST 2005 =====
  Running /bin/sh -c /usr/bin/crle -s /usr/lib/secure -s /opt/java05Q1/Mail/lib
  ===== Thu Apr 21 18:50:48 KST 2005 =====
  Running /bin/sh -c /usr/bin/crle
  ===== Thu Apr 21 18:50:48 KST 2005 =====
  Running /bin/sh -c /bin/cp -rpf /opt/java05Q1/Mail/lib/config-templates/html
  /opt/java05Q1/Mail/config/
  ===== Thu Apr 21 18:50:57 KST 2005 =====
  Running /bin/chown -Rh mailsrv /opt/java05Q1/Mail/config/html
  ===== Thu Apr 21 18:50:57 KST 2005 =====
  Running /bin/chgrp -Rh mail /opt/java05Q1/Mail/config/html
  ===== Thu Apr 21 18:50:57 KST 2005 =====
  Running /bin/sh -c /bin/cp -rpf /opt/java05Q1/Mail/config
  /opt/java05Q1/Mail/install/configure_20050421184758
  ===== Thu Apr 21 18:51:08 KST 2005 =====
  Running /bin/sh -c /bin/cp -p /opt/java05Q1/Mail/lib/config-templates/Devsetup.
  properties /opt/java05Q1/Mail/install/configure_20050421184758/Devsetup.
  properties
  Sequence Completed
  PASSED: /usr/sbin/groupadd mail : status = 9
  PASSED: /usr/sbin/useradd -g mail -d / mailsrv : status = 0
  PASSED: /usr/sbin/usermod -G mail mailsrv : status = 3
  PASSED: /bin/rm -rf /opt/java05Q1/Mail/config /opt/java05Q1/Mail/data : status
  = 0
  PASSED: /bin/chmod 600 /opt/java05Q1/Mail/lib/config-templates/Devsetup.
  properties : status = 0
  FAILED: /opt/java05Q1/Mail/lib/devinstall -l schema1:sepadmsvr:pkgcfg:config:
  msg:msg_en:imta:msma:webmail:imta -v -m -i /opt/java05Q1/Mail/lib/config-
  templates/config.ins /opt/java05Q1/Mail/lib/config-templates
  /opt/java05Q1/Mail/lib/jars /opt/java05Q1/Mail/lib : status = 1
  PASSED: /bin/sh -c /opt/java05Q1/Mail/sbin/imsimta clbuild -
  image_file=IMTA_COMMAND_DATA IMTA_BIN:pmdf.cld : status = 0
  PASSED: /bin/sh -c /opt/java05Q1/Mail/sbin/imsimta chbuild : status = 0
  FAILED: /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
  cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/cfgdir23381 -c -
  e /opt/java05Q1/Mail/config/cfgdir.ldif.rej -f /opt/java05Q1/Mail/config/cfgdir.
  ldif : status = 89
  FAILED: /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
  cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
  e /opt/java05Q1/Mail/config/usergroup.ldif.rej -f
  /opt/java05Q1/Mail/config/usergroup.ldif : status = 89
  FAILED: /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
  cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
  e /opt/java05Q1/Mail/config/dctree.ldif.rej -f /opt/java05Q1/Mail/config/dctree.
  ldif : status = 89
  FAILED: /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
  cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
  e /opt/java05Q1/Mail/config/mid_dctree.ldif.rej -f
  /opt/java05Q1/Mail/config/mid_dctree.ldif : status = 89
  FAILED: /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
  cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
  e /opt/java05Q1/Mail/config/last_dctree.ldif.rej -f
  /opt/java05Q1/Mail/config/last_dctree.ldif : status = 89
  FAILED: /opt/java05Q1/Mail/lib/ldapmodify -h love.daou.co.kr -p 389 -D
  cn=Directory Manager -j /opt/java05Q1/Mail/lib/config-templates/ugdir23382 -c -
  e /opt/java05Q1/Mail/config/pab.ldif.rej -f /opt/java05Q1/Mail/config/pab.ldif
  : status = 89
  PASSED: /bin/sh -c /opt/java05Q1/Mail/sbin/imsimta cnbuild : status = 0
  PASSED: /bin/sh -c /bin/cp /opt/java05Q1/Mail/lib/config-
  templates/madman_solaris.reg /etc/snmp/conf/ims.reg : status = 0
  PASSED: /bin/sh -c /bin/cp /opt/java05Q1/Mail/lib/config-
  templates/madman_solaris.acl /etc/snmp/conf/ims.acl : status = 0
  PASSED: /bin/sh -c /usr/bin/crle : status = 0
  PASSED: /bin/sh -c /usr/bin/crle -s /usr/lib/secure -s /opt/java05Q1/Mail/lib :
  status = 0
  PASSED: /bin/sh -c /usr/bin/crle : status = 0
  PASSED: /bin/sh -c /bin/cp -rpf /opt/java05Q1/Mail/lib/config-templates/html
  /opt/java05Q1/Mail/config/ : status = 0
  FAILED: /bin/chown -Rh mailsrv /opt/java05Q1/Mail/config/html : status = 1
  FAILED: /bin/chgrp -Rh mail /opt/java05Q1/Mail/config/html : status = 1
  PASSED: /bin/sh -c /bin/cp -rpf /opt/java05Q1/Mail/config
  /opt/java05Q1/Mail/install/configure_20050421184758 : status = 0
  PASSED: /bin/sh -c /bin/cp -p /opt/java05Q1/Mail/lib/config-templates/Devsetup.
  properties /opt/java05Q1/Mail/install/configure_20050421184758/Devsetup.
  properties : status = 0
  FAILURE: Number of task failed:9. Please check install log
  /opt/java05Q1/Mail/install/configure_20050421184758.log
  for further details.
  Hit NEXT to continue
  Configuration Details:
  Product Result More Information
  1. Messaging Server Failed Available
  2. Done
  Enter the number corresponding to the desired selection for more
  information, or enter 2 to continue [2] {"!" exits}:
  ================
  Any Good ADVICE would be welcomed.

  I already did what you advised - installing admin server on each machine. I tested throught connecting admin console,modifying ldap,mail config and adding users.
  To say about running 'comm_dssetup.pl' script , if I didn't I could not even setup and configure mail server.
  In a month, there is a chance to setup both mail and ldap servers on diferrent machines.
  I am a little bit worry. What did I wrong?
  welcomed... any words of advice..

• Lotus Notes & LDAP with EP 7

  Hello All,
  We are planning to integrate Lotus Notes with EP 7.0 I would like to know if Lotus Notes is an LDAP or do we need a seperate LDAP Server.
  We are also planning to use Windows based authentication for the Portal, do we need to have an LDAP or can we use the Lotus Notes as an LDAP Server as well, I would appreciate any help or suggestions you can offer.
  Please do let me know if Lotus Domino is an LDAP Server as well.
  Best Wishes,
  John.

  Hello John,
  for windows integrated authentication you simply configure the SPNego LoginModule which comes with the NetWeaver product UME.
  SPNego can technically work together with different user stores such as Microsoft AD, Novell eDirectory, ABAP user store and others. It is also technically feasable to connect Lotus LDAP functionality to the NetWeaver UME on project base.
  Summarizing: technically it can work but it require consultancy / project work since this configuration is not covered by the standard.
  If you need more information or assistance please contact me.
  Regards
  Michael

• Console cannot connect to ldap after SSL config

  Hi,
  I configured our iplanet DS 5.0 to use SSL (requested cert from DS, signed and created a new cert with openSSL, verified that DS could read that cert, and turned on ssl). Restarted DS and admin-serv. The ldap is working but ldaps is not. The console is unable to connect to DS and just hangs when trying to connect. The console is configured to connect to ldap not ldaps, but when I view the configuration for DS in console it shows port 636. So -
  - how do I make the console use port 389 to connect to the DS?
  - What do I need to do to get ldaps working?
  TIA.
  Raj Dolas

  There are some limitations in using the Console when SSL is enabled for the Directory Server. These are documented... in the release notes at least.
  Regards,
  Ludovic.

• Why is PayPal still preferring a RC4 cipher with TLS 1.2? Is RC4 with TLS secure?

  My connection with Paypal is using RC4_128 as the preferred cipher with TLS 1.2. I was under the impression that RC4 was quite vulnerable and that AES-GCM is strongly preferred with TLS 1.2 as a more secure alternative? Am I incorrect? How much of a concern is this? thanks! 

  I'm no expert here so forgive me if I do not make sense. As I understand it and as you noted, TLS 1.2 with AES GCM is really the tour-de-force of a secure connection that best mitigates the chance of victimization (but enterprise clients are still progressively adopting it.) Maybe 12-18 months back I recall reading Microsoft urging enterprise clients to work in the direction of phasing out RC4, and immediately make RC4 at the bottom at the list of preferred ciphers due to fears of growing ease in exploitation (many of which were NOT necessarily instituted in practice but more 'theoretical targeting'. However, based on what you showed me, I am guessing this was said when CBC was assumed to be more secure than it is today (as was TLS 1.0/1.1). Some of Paypal's servers support GCM and those servers make AES GCM prioritized over RC4. However, from what I can tell not all PayPal servers support GCM. Based on what you are saying, does that mean Paypal is likely prioritizing RC4 over CBC on these servers given the recent demonstrations of how CBC is also vulnerable? If that is the case, hopefully they are moving in the direction of GCM. Whether Paypal likes it or not, they are a huge target (and therefore we are too ) While it's impossible to quantify, based on what you are saying it sounds like the risk here is still relatively low? Again, I'm not an expert on this but rather a guy who does research for a living and had a financial nightmare unfold because I never gave much thought to secure connections. One website, some obsolete cryptography, and the entering of the financial data you use to make purchases, **bleep** on earth broke. (I consider myself partly at fault due to my ignorance of assuming that a secure connection was a secure connection.) https://www.ssllabs.com/ssltest/analyze.html?d=paypal.com&s=23.203.228.56

• OWSM won't connect to ldap for authentication in policy

  System: 10.1.3 on Windows with SOA Suite
  I've got a web service deployed, got OWSM running, have registered the web service with a gateway component and have built a basic policy (just to log) in the Pipeline "request" and Pipeline "Response" parts of the governing policy; this basic policy works correctly. However, when I try to add an "Ldap Authenticate" step to the Pipeline "Request" part of the policy, OWSM doesn't seem to really try to connect to the LDAP. I have tried two LDAPs (Lotus Notes and OID) that are operational - I can access both of them via command line using the same credentials with which I configured the "Ldap Authenticate" step. Yet, when I invoke the web service with the "Ldap Authenticate" step configured in the policy I get the following exception:
  A fault was thrown in the step Client.AuthenticationFault:Invalid username or password
  I'm pretty dang sure I have entered the correct credentials in the "Ldap Authenticate" configuration (I checked it 45,000 times) - it seems that OWSM really isn't trying to connect to the LDAPs - and there's no logging that I've found that will tell me what it's really trying to do.
  Anyone have any hints or know what's going on?

  I have the same problem.
  With the help of Vikas's instuctions for changing log level I could log the gateway's activities:
  security.WSBasicCredsExtractor - Element Value:farbod
  security.WSBasicCredsExtractor - Element Value:mypassword
  security.WSBasicCredsExtractor - Successfully retrieved username and password
  security.WSBasicCredsExtractor - Removing the UsernameToken Header
  ldap.DirContextHolder - Creating new directory context
  ldap.LDAPAuthenticatorStep - Failed to connect to ldap server.
  I am unsure whether my LDAP settings in OWSM are correct:
  my server name is nfsserver.com(OID Server) and I have this user in OID:
  cn=farbod,cn=Users,dc=nfsserver,dc=com
  so I think these settings should work:
  LDAP host (*)      nfsserver
  LDAP port (*)      389      
  User objectclass (*)      inetOrgPerson      
  LDAP baseDN (*)      cn=Users,dc=nfsserver,dc=com
  LDAP adminDN (*)      cn=orcladmin,cn=Users,dc=nfsserver,dc=com
  LDAP admin password      ******          
  LDAP admin login enabled (*)      true
  Uid Attribute (*)      string      uid      
  User Attributes to be retrieved      uid
  Is the bold part correct?
  Regards
  Farbod

• EPM 11.1.2: Using LDAP with BugTracker

  Hi,
  I'm using EPM 11.1.2 as production env with NativeDirectory and I'd like to use Redmine as bugtracker for my support of EPM.
  I need for integration it's LDAP and my bugtracker (Redmine).
  I found this: http://www.redmine.org/projects/redmine/wiki/RedmineLDAP
  --Can you tell me BaseDN string to connect for LDAP? dc=users or dc=css,dc=hyperion,dc=com--
  What is port number for connect to LDAP? 389 doesn't works.
  Ohh... http://john-goodwin.blogspot.com/2010/05/epm-1112-life-after-openldap.html :(
  Does it possible to using SSO?
  Edited by: Antony NoFog on 12.01.2012 18:47

  You can't connect Redmine to the EPM native directory because it does not emulate an LDAP interface. Native user management is based on a relational database.
  But EPM can be (and usually is) integrated to one or more external LDAP directories (Microsoft Active Directory, Novell, or anything else the supports the LDAP v3 standard). In most environments there are only a handful of native administrator users on an EPM system and all the regular users are external users (although they are often grouped into native groups). Could you not integrate Redmine with the same external directory as EPM? Then your users should be able to log into both Redmine and EPM using their external directory credentials.