May 14, 2020 at 7:13 pm #27932
I attempted install of OpenDJ version 3.0 on rhel 7 server (having Java 1.8.0_251). During install process (rpm), I selected no to ssl/tls however when I started it up after installation was complete, I ran into following exception:
Error reading configuration. Details: javax.naming.CommunicationException: simple bind failed: 0.0.0.0:4444 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present]
Can someone expound me why I am getting ^ exception? Thank you for your time!May 14, 2020 at 8:11 pm #27933
So my 2nd attempt of install, I gave proper fqdn and set yes to ssl/tls to generate self signed cert. When I ran
service opendj status, it says
Runningso far so good however when I executed
/opt/opendj/bin/statuswhich asked me user dn and its password, I still got same cert exception as earlier post describes. Maybe OpenDJ is running…and that exception is misleading somehow (I could be wrong on that assumption of course). what proper test I can run in order to verify OpenDJ is running safe and sound? I set base dn entry but it is empty now. I plan to import schema from Oracle OUD into OpenDJ.
So atm, I like to know how to verify this ldap server is running? ldapsearch cmd?May 14, 2020 at 10:09 pm #27934
Plz bear with me. I wasn’t sure how to edit my 1st or 2nd post so that I decided to create another post.
I followed: https://backstage.forgerock.com/knowledge/kb/article/a54816700 to verify if OpenDJ I stood up is handling ldap request…
I ran this cmd first:
./ldapsearch --hostname foo.domain.com --port 636 --useSsl --trustAll --bindDN "cn=Directory Manager" --bindPassword password --baseDN "" --searchScope base "(objectclass=*)" 1.1 dn:
Then I ran this cmd:
./ldapsearch --port 389 --baseDN "" --searchScope base "(&)" alive healthy dn:
Both returned empty
dn:response. I like to know what this response means.. Again current OpenDJ is empty (no ldap schema is imported yet).May 15, 2020 at 9:25 pm #27941Jatinder SinghParticipant
The exception generally means the value (host) you are using to access your LDAP server does not match the SAN hostnames (DNS entries) present in your certificate. You have to use the same
FQDNyou used to set-up your Directory Server and is resolvable.
Did you check your access logs to see if the
BINDrequest was successful? If you were successfully able to connect but got an empty response, perhaps there’s nothing in your DS? The status will print the # of entries present.
You must be logged in to reply to this topic.