LDAP
- Subrat Sandilya
- Rajeev Rai
Issue | Cause | Diagnosis | Resolution |
While configuring LDAP in Adeptia to authenticate users against the Active Directory server but we want to change it to use SSL connection for the same LDAP server. We have followed the steps mentioned in the below document to configure a secure LDAP connection. https://docs.adeptia.com/display/AC2/Configuring+Adeptia+Connect+for+LDAP+Authentication But after Restart the services, we are getting the below error on Login. Login failed - Error while retrieving LDAP directory context, please verify connection with LDAP server or user's credentials. At the active directory server, we see "cannot validate token" error. | After analyzing the SSL logs, we found that this issue is caused due to the unsupported Signature Algorithm certificates exchange between Adeptia & the LDAP server. This can be verified from the SSL log trace:- CertificateRequest This issue occurs only with the Windows 2012 R2 server that doesn't support MD5 algorithm while Adeptia uses adeptiabpmtemp certificate signed with MD5WITHRSA Signature Algorithm. Due to this mismatch, Adeptia is unable to make a connection with Secure LDAP. | Check if TLS1.2 is enabled on the LDAP server side. If enabled, then, kindly, perform the following steps to enable the SSL logs for analysis:- Goto the location "<InstallationDirectory>/ServerKernal/etc" and open the launcher.properties file in edit mode. | To solve this issue you need to use the new certificates signed with Signature Algorithm SHA256WITHRSA. Using the updated certificates will allow you to establish a connection with the Secure LDAP successfully. Follow the below steps to download and use the updated certificates,:- Download and extract the attached zip file adeptiaBPM.zip. |