Exception connecting to LDAPS

This topic contains 1 reply, has 2 voices, and was last updated by  david.bate 1 week, 1 day ago.

  • Author
    Posts
  • #26627
     AlessioBiancheri 
    Participant

    Hi All,

    I’ve configured OpenAM for connecting to an AD server with SSL authentication.
    So, in the AD module setting I’ve set:
    [Server IP]:636
    LDAP Connection Mode = LDAPS
    URL of LDAP Server = “ldaps://…:636”

    I’ve installed the certificates on the trusted store of Tomcat that is hosting the openAM application.

    During the connectiong to the AD server I receive the exception:
    ERROR: Connection factory became offline: CachedConnectionPool(size=0[in:0 + out:0 + pending:0], maxSize=5, blocked=0, factory=AuthenticatedConnectionFactory(HeartBeatConnectionFactory(LDAPConnectionFactory(SA1000001101.ad.ing.net:636)), SimpleBindRequest(name=CN=NPD8T-EXP-BROWSER2,OU=Application,OU=TEST,OU=Service Accounts,OU=D8,OU=Tenants,DC=ad,DC=ing,DC=net, authentication=simple, controls=[])))
    org.forgerock.opendj.ldap.ConnectionException: Connect Error



    Caused by: java.io.EOFException
    … 29 more

    Someone could helping understand what could cause this exception?

    Thanks a lot.

    Alessio

    #26636
     david.bate 
    Participant

    Hi Allesio,
    It appears that you are doing the correct steps. So AD’s Root CA certificate was added to the truststore of Tomcat? If that isn’t specified in the server.xml, then this will be the JVM’s cacerts file.

    How do I make AM/OpenAM (All versions) communicate with a secured LDAP server?

    See this Blog post for detailed steps on AD:
    Setting up an Active Directory DataStore in OpenAM

    For further troubleshooting can you add this to your Container’s JVM Startup commands.

    -Djavax.net.debug=SSL,handshake,trustmanager

    This will print SSL debug logs in your container logs, so in Tomcat, in catalina.out and should give you more information around the failure.

    Thanks,
    David

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?