|Issue||The test connection for LDAP is not working in the Operations Console. There is no problem in network connectivity on either LDAP port 389 or LDAPS port 636. The issue is resolved if you change the protocol from LDAP to LDAPS.|
When testing, the following error displays:
There was a problem processing your request.
Test connection failed. One or more directory connections is incorrect.
Testing from an SSH session with open_ssl s_client is successful:
rsaadmin@am1p:~> openssl s_client -connect 192.168.2.120:389
rsaadmin@am1p:~> openssl s_client -connect 192.168.2.120:636
In a packet capture from RSA Authentication Manager, you find that the connection failed with the following error, as shown in the screenshot below:
The server requires binds to turn on integrity checking if SSL/TLS are not already active on the connection.
|Cause||There is a policy change that is applied to the Active Directory server.|
How to check the server LDAP signing requirement:
- Click Start > Run.
- In the text box, type mmc.exe, and then click OK.
- On the File menu, click Add/Remove Snap-in.
- In the Add or Remove Snap-ins dialog box, click Group Policy Management Editor, and then click Add.
- In the Select Group Policy Object dialog box, click Browse.
- In the Browse for a Group Policy Object dialog box, click Default Domain Policy under the Domains, OUs and Linked Group Policy Objects area.
- Click OK.
- Click Finish.
- Click OK.
- Expand the Default Domain Controller Policy.
- Expand Computer Configuration.
- Expand Policies.
- Expand Windows Settings.
- Expand Security Settings.
- Expand Local Policies.
- Click Security Options.
- Right click on the domain controller:
- Select LDAP server signing requirements and click Properties.
- In the domain controller, in the LDAP server signing requirements properties dialog box, enable Define this policy setting.
- Click to select Require signing in the Define this policy setting drop-down list, and then click OK.
- In the Confirm Setting Change dialog box, you find the value is Require Signing.