LDAP Certificate Validation on OS8.7.19 and Older Fails with "openConnection: simple bind failed - Can't contact LDAP server"
(Doc ID 2445224.1)
Last updated on JANUARY 30, 2023
Applies to:
Sun ZFS Storage 7120 - Version All Versions to Not Applicable [Release All Releases to N/A]Oracle ZFS Storage ZS5-4 - Version All Versions to All Versions [Release All Releases]
Sun ZFS Storage 7320 - Version All Versions to All Versions [Release All Releases]
Sun ZFS Storage 7420 - Version All Versions to All Versions [Release All Releases]
Oracle ZFS Storage ZS3-2 - Version All Versions to All Versions [Release All Releases]
Information in this document applies to any platform.
Symptoms
Customer reported unexpected behavior with ZFS Storage Appliance firmware 2013.06.05.7.4 and the management of SSL Certificates.
Add a CA certificate to be trusted for use with the LDAP service.
Add an LDAP server using TLS/SSL whose server certificate is signed by the CA
'Test Connection' is successful but after applying the configuration, LDAP server cannot be contacted.
This is unexpected behavior - If the connection test works then the LDAP server connection should work as well.
Changes
Unexpected behavior reported after the upgrade to ZFS Storage Appliance firmware 2013.06.05.7.4.
Steps followed by customer :
1) Adding a trusted CA and then LDAP server
Trusted (Tab)
Upload a CA
Edit the uploaded CA and tick to be trusted for LDAP service
Add a new LDAP server (whose server certificate is signed by the uploaded CA)
Test connection "Certificate is trusted"
Add and apply
New LDAP server does not work. CLI shows error:
If the connection test works then the LDAP server connection should work with the CA , provided the certificates are valid
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |