https://community.cisco.com/t5/network-access-control/acs-5-2-ldaps-error/m-p/1757958#M223788 <P>Hello,</P><P></P><P>I configured a LDAP identity store.</P><P>When I use LDAP without Secure Authentication, connection works.</P><P></P><P>When I use LDAP with Secure Authentication, I have to configure root CA.</P><P>I check LDAP connectivity with "Test Bind to Server" button --&gt; "Connection test bind Succeeded"</P><P>After "Directory Organization" configuration, I check with "Test Configuration" button --&gt; "Number of Subjects &gt;100, Number of Groups &gt; 100"</P><P></P><P>When ACS receives a real authentication, I got this error:</P><P></P><TABLE id="S2"><TBODY><TR align="left" style="font-weight: normal; color: #000000; padding: 1pt 2pt; border: thin none solid #8499a2;" valign="middle"><TD style="padding: 2pt 4pt;" valign="middle"><P style="margin-top: 0pt;">24016&nbsp; Looking up user in LDAP Server - username</P></TD></TR><TR align="left" style="font-weight: normal; color: #ff0000; padding: 1pt 2pt; border: thin none solid #8499a2;" valign="middle"><TD style="padding: 2pt 4pt;" valign="middle"><P style="margin-top: 0pt;">24030&nbsp; SSL connection error was encountered</P></TD></TR><TR align="left" style="font-weight: normal; color: #ff0000; padding: 1pt 2pt; border: thin none solid #8499a2;" valign="middle"><TD style="padding: 2pt 4pt;" valign="middle"><P style="margin-top: 0pt;">24033&nbsp; Primary server failover. Switching to secondary server</P></TD></TR></TBODY></TABLE><P></P><P>And this description by ACS: </P><TABLE id="__TOC_0" style="border-collapse: collapse; empty-cells: show; width: 98%; font-family: sans-serif; font-size: small; margin: 0pt; border: 1px none solid solid #e3e3e3 #808080 #808080;"><TBODY><TR align="left" style="font-family: arial; font-weight: bold; font-size: 10pt; color: #000000; text-transform: none;" valign="middle"><TH align="center" style="font-family: arial; font-weight: normal; font-size: 10pt; padding-top: 1pt; padding-right: 2pt; padding-left: 2pt; background-color: #d9e3e9; border: 1px 1px 1px thin solid #8499a2 #ffffff #8499a2 #8499a2;" valign="middle"><P id="AUTOGENBOOKMARK_5" style="text-align: left; padding-top: 1pt; padding-left: 5pt;">Description</P></TH> </TR><TR align="left" style="font-weight: normal; color: #000000; padding: 1pt 2pt; background-color: #f5f9fd; border: thin none solid #8499a2;" valign="middle"><TD style="padding: 2pt 4pt;" valign="middle"><P style="text-align: left; padding-top: 1pt; padding-left: 5pt;">SSL connection error was encountered</P></TD></TR></TBODY></TABLE><P></P><TABLE id="__TOC_1" style="border-collapse: collapse; empty-cells: show; width: 98%; font-family: sans-serif; font-size: small; margin: 3pt 0pt 0pt; border: 1px none solid solid #e3e3e3 #808080 #808080;"><COL style="width: 98%;" /> <TBODY><TR align="left" style="font-family: arial; font-weight: bold; font-size: 10pt; color: #000000; text-transform: none;" valign="middle"><TH align="center" style="font-family: arial; font-weight: normal; font-size: 10pt; padding-top: 1pt; padding-right: 2pt; padding-left: 2pt; background-color: #d9e3e9; border: 1px solid #8499a2 #ffffff #8499a2 #8499a2;" valign="middle"><P id="AUTOGENBOOKMARK_6" style="text-align: left; padding-top: 1pt; padding-left: 5pt;">Resolution Steps</P></TH> </TR><TR align="left" style="font-weight: normal; color: #000000; padding: 1pt 2pt; background-color: #f5f9fd; border: thin none solid #8499a2;" valign="middle"><TD style="padding: 2pt 4pt;" valign="middle"><DIV style="text-align: left; padding-top: 1pt; padding-left: 5pt;">Check&nbsp; whether Use Secure Connection is enabled for the appropriate LDAP&nbsp; server and the appropriate root CA is selected to have SSL connection to&nbsp; LDAP Server</DIV></TD></TR></TBODY></TABLE><P></P><P>I don't understand what is the problem...</P><P></P><P>If someone has an idea...</P><P></P><P>Best regards,</P><P></P><P>Patrick</P> Mon, 11 Mar 2019 01:26:21 GMT Patrick Tran 2019-03-11T01:26:21Z https://community.cisco.com/t5/network-access-control/acs-5-2-ldaps-error/m-p/1757958#M223788 <P>Hello,</P><P></P><P>I configured a LDAP identity store.</P><P>When I use LDAP without Secure Authentication, connection works.</P><P></P><P>When I use LDAP with Secure Authentication, I have to configure root CA.</P><P>I check LDAP connectivity with "Test Bind to Server" button --&gt; "Connection test bind Succeeded"</P><P>After "Directory Organization" configuration, I check with "Test Configuration" button --&gt; "Number of Subjects &gt;100, Number of Groups &gt; 100"</P><P></P><P>When ACS receives a real authentication, I got this error:</P><P></P><TABLE id="S2"><TBODY><TR align="left" style="font-weight: normal; color: #000000; padding: 1pt 2pt; border: thin none solid #8499a2;" valign="middle"><TD style="padding: 2pt 4pt;" valign="middle"><P style="margin-top: 0pt;">24016&nbsp; Looking up user in LDAP Server - username</P></TD></TR><TR align="left" style="font-weight: normal; color: #ff0000; padding: 1pt 2pt; border: thin none solid #8499a2;" valign="middle"><TD style="padding: 2pt 4pt;" valign="middle"><P style="margin-top: 0pt;">24030&nbsp; SSL connection error was encountered</P></TD></TR><TR align="left" style="font-weight: normal; color: #ff0000; padding: 1pt 2pt; border: thin none solid #8499a2;" valign="middle"><TD style="padding: 2pt 4pt;" valign="middle"><P style="margin-top: 0pt;">24033&nbsp; Primary server failover. Switching to secondary server</P></TD></TR></TBODY></TABLE><P></P><P>And this description by ACS: </P><TABLE id="__TOC_0" style="border-collapse: collapse; empty-cells: show; width: 98%; font-family: sans-serif; font-size: small; margin: 0pt; border: 1px none solid solid #e3e3e3 #808080 #808080;"><TBODY><TR align="left" style="font-family: arial; font-weight: bold; font-size: 10pt; color: #000000; text-transform: none;" valign="middle"><TH align="center" style="font-family: arial; font-weight: normal; font-size: 10pt; padding-top: 1pt; padding-right: 2pt; padding-left: 2pt; background-color: #d9e3e9; border: 1px 1px 1px thin solid #8499a2 #ffffff #8499a2 #8499a2;" valign="middle"><P id="AUTOGENBOOKMARK_5" style="text-align: left; padding-top: 1pt; padding-left: 5pt;">Description</P></TH> </TR><TR align="left" style="font-weight: normal; color: #000000; padding: 1pt 2pt; background-color: #f5f9fd; border: thin none solid #8499a2;" valign="middle"><TD style="padding: 2pt 4pt;" valign="middle"><P style="text-align: left; padding-top: 1pt; padding-left: 5pt;">SSL connection error was encountered</P></TD></TR></TBODY></TABLE><P></P><TABLE id="__TOC_1" style="border-collapse: collapse; empty-cells: show; width: 98%; font-family: sans-serif; font-size: small; margin: 3pt 0pt 0pt; border: 1px none solid solid #e3e3e3 #808080 #808080;"><COL style="width: 98%;" /> <TBODY><TR align="left" style="font-family: arial; font-weight: bold; font-size: 10pt; color: #000000; text-transform: none;" valign="middle"><TH align="center" style="font-family: arial; font-weight: normal; font-size: 10pt; padding-top: 1pt; padding-right: 2pt; padding-left: 2pt; background-color: #d9e3e9; border: 1px solid #8499a2 #ffffff #8499a2 #8499a2;" valign="middle"><P id="AUTOGENBOOKMARK_6" style="text-align: left; padding-top: 1pt; padding-left: 5pt;">Resolution Steps</P></TH> </TR><TR align="left" style="font-weight: normal; color: #000000; padding: 1pt 2pt; background-color: #f5f9fd; border: thin none solid #8499a2;" valign="middle"><TD style="padding: 2pt 4pt;" valign="middle"><DIV style="text-align: left; padding-top: 1pt; padding-left: 5pt;">Check&nbsp; whether Use Secure Connection is enabled for the appropriate LDAP&nbsp; server and the appropriate root CA is selected to have SSL connection to&nbsp; LDAP Server</DIV></TD></TR></TBODY></TABLE><P></P><P>I don't understand what is the problem...</P><P></P><P>If someone has an idea...</P><P></P><P>Best regards,</P><P></P><P>Patrick</P> Mon, 11 Mar 2019 01:26:21 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-ldaps-error/m-p/1757958#M223788 Patrick Tran 2019-03-11T01:26:21Z https://community.cisco.com/t5/network-access-control/acs-5-2-ldaps-error/m-p/1757959#M223792 <HTML><HEAD></HEAD><BODY><P>Solved!</P><P>I used an Intermediate CA instead of root CA...</P><P>My bad!</P><P></P><P>Unfortunately, I was focused on LDAP test which succeeded...</P><P></P><P>Patrick</P></BODY></HTML> Wed, 28 Sep 2011 11:31:08 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-ldaps-error/m-p/1757959#M223792 Patrick Tran 2011-09-28T11:31:08Z