Hi all, I met problem to connect LSC to my AD, it shown connection reset while the event viewer of the domain controller shown "The SSL server credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure."
I'd follow the instruction on http://lsc-project.org/wiki/documentation/tutorial/openldaptoactivedirectory , built a CA on the domain controller, generate a certificate and export it to X.509 CER then import it to the Java keystore on the LSC machine and also tested the domain controller is listening port 636. Below is the error" Oct 07 11:50:29 - INFO - Connecting to LDAP server ldaps://test-dc.example.com:636/dc=example,dc=com as cn=ldapadmin,dc=Users,dc=example,dc=com Oct 07 11:50:30 - ERROR - Error opening the LDAP connection to the destination! (javax.naming.CommunicationException: simple bind failed: test-dc.example.com:636 [Root exception is java.net.SocketException: Connection reset]) Oct 07 11:50:30 - ERROR - org.lsc.exception.LscConfigurationException: Configuration exception: javax.naming.CommunicationException: simple bind failed: test-dc.example.com:636 [Root exception is java.net.SocketException: Connection reset] Config: <ldapConnection> <name>AD</name> <url>ldaps://test-dc.example.com:636/dc=example,dc=com</url> <username>cn=ldapadmin,dc=Users,dc=example,dc=com</username> <password>XXX</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>1000</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> Any idea? Thanks so much. Jan NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
