Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

LDAP with SSL

nolanChabert-Od
Level 2
Level 2

Hi,

I want to setup the LDAP with SSL on Adobe Campaign, but I got this issue:

LDA-340002[ldap_start_tls_s]LDAP error with server XXXX-ldap.lb.dev.XXX:636 (err=-1, Can't contact LDAP server) (TLS error -8179:Peer's Certificate issuer is not recognized.)

so I want to understand where I have to put my certificates or if I have to do another thing.

 

my action:

- change the port in the deployment wizard (to 636)

- change the authentication method to plain text password (TLS/SSL)

- generate my certificates 

- import my certificate in my java cacert

 

Thanks in advance.

Nolan

1 Accepted Solution
nolanChabert-Od
Correct answer by
Level 2
Level 2

with SSL we have to use the 389 port. it's imposible to use the 636 port with the SSL configuration.

thanks for all your return.

Nolan

View solution in original post

4 Replies
vasudevaraog731
Level 3
Level 3
  • Upload LDAP server pem file to a location /home/<root> in campaign server
  • creates a certificate :openssl x509 -outform der -in ldap.pem -out certificate.der
  • Imports the certificate into JAVA keystore:keytool -import -alias <LDAP Host Name> -keystore cacerts -file certificate.der

  • Restart NL server

nolanChabert-Od
Level 2
Level 2

Hi,

thanks for your return, but can I have more details, please.

thanks in advance.

Nolan

nolanChabert-Od
Level 2
Level 2

see below my actions:

  1. get the ldap server pem file (ldapCA.pem)
  2. create the certificate with the the ldapCA.pem (openssl x509 -outform der -in ldapCA.pem -out certificateLdap.der)
  3. import this certificate (certificateLdap.der) on my JAVA cacerts (Certificate was added to keystore)
  4. I restarted the nl server

I still got this error... 😞

nolanChabert-Od
Correct answer by
Level 2
Level 2

with SSL we have to use the 389 port. it's imposible to use the 636 port with the SSL configuration.

thanks for all your return.

Nolan