ACS 5.1 configuring LDAP with Secure authentication

paulnuffer · ‎03-16-2012

I am setting up an LDAP identity store over ldaps in ACS 5.1. I specify that the connection uses secure authentication and provide the Root CA certificate. When I hit "Test Bind to Server", I get this error message in a popup window:

"Connection test bind Failed :server certificate not found"

Is this saying that ACS can't find the CA certificate uploaded, or does it mean the actual certificate presented by my LDAPS server during the bind test? How do I go about fixing this?

Thanks for your time,

Paul

Tarik Admani · ‎03-17-2012

What you can do in order to help mitigate if this is a cert issue is try to use openssl to connect to the ldaps port. You can use a linux box if you have one handy and run this command found here:

Check an SSL connection. All the certificates (including Intermediates) should be displayed openssl s_client -connect www.paypal.com:443

Using paypal as an example and you should see the entire chain, verify that the root CA trails the list of certs and make sure that is what you are using in order to build your ldaps connection.

thanks

Tarik Admani

( I referenced the site -

http://www.sslshopper.com/article-most-common-openssl-commands.html)

paulnuffer · ‎03-19-2012

I am able to verify that the chain exists and is correct using the command you provided. Also, the LDAPS server is being used successfully with a few other services (including Cisco Clean Access Manager), so I can look beyond an incorrectly configured LDAPS server.

Would there be any type of debugging logs I could check on in ACS?

Regards,

Paul