Hi Jan, It seems that your AD is misconfigured and does not support Ldaps. Can you look at Microsoft documentation and forums ? You can then check with any other ldap GUI like apache directory studio to ensure your AD settings are correct.
Regards Le vendredi 7 octobre 2016, Jan Leung <[email protected]> a écrit : > > Hi all, > > I met problem to connect LSC to my AD, it shown connection reset while the > event viewer of the domain controller shown "The SSL server credential's > certificate does not have a private key information property attached to > it. This most often occurs when a certificate is backed up incorrectly and > then later restored. This message can also indicate a certificate > enrollment failure." > > I'd follow the instruction on > http://lsc-project.org/wiki/documentation/tutorial/ > openldaptoactivedirectory > , built a CA on the domain controller, generate a certificate and export > it to X.509 CER then import it to the Java keystore on the LSC machine and > also tested the domain controller is listening port 636. Below is the > error" > > Oct 07 11:50:29 - INFO - Connecting to LDAP server > ldaps://test-dc.example.com:636/dc=example,dc=com as > cn=ldapadmin,dc=Users,dc=example,dc=com > Oct 07 11:50:30 - ERROR - Error opening the LDAP connection to the > destination! (javax.naming.CommunicationException: simple bind failed: > test-dc.example.com:636 [Root exception is java.net.SocketException: > Connection reset]) > Oct 07 11:50:30 - ERROR - org.lsc.exception.LscConfigurationException: > Configuration exception: javax.naming.CommunicationException: simple bind > failed: test-dc.example.com:636 [Root exception is > java.net.SocketException: Connection reset] > > Config: > > <ldapConnection> > <name>AD</name> > <url>ldaps://test-dc.example.com:636/dc=example,dc=com</url> > <username>cn=ldapadmin,dc=Users,dc=example,dc=com</username> > <password>XXX</password> > <authentication>SIMPLE</authentication> > <referral>IGNORE</referral> > <derefAliases>NEVER</derefAliases> > <version>VERSION_3</version> > <pageSize>1000</pageSize> > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > <tlsActivated>false</tlsActivated> > </ldapConnection> > > > Any idea? > > Thanks so much. > > Jan > > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy > all > copies of the original message. > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] <javascript:;> > http://lists.lsc-project.org/listinfo/lsc-users > -- Sebastien BAHLOUL
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
