This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
JosephGe
New Contributor
New Contributor
ā€Ž2022-01-27 01:35 PM

Unable to add External Identity Source in Operations Console

Jump to solution

I imported the LDAPS certificate successfully, but it always fails whenever testing the connection.

The FQDN and administrative credentials are supplied. RSA Authentication Manager version is 8.5.

Similar to the issue linked below.

connect to Active Directory via ldaps 

 

0 Likes
Reply
1 Solution

Accepted Solutions
DavidAllison
Respected Contributor Respected Contributor
Respected Contributor
ā€Ž2022-01-27 03:18 PM

Jump to solution

First off, does regular LDAP work?  If not then LDAPS has no chance.  Also, is your certificate 2048 bit?  Starting with 8.4, 1024 bit certs no longer work for LDAPS in Auth Manager.

View solution in original post

Reply
7 Replies
HassanMehsen
Respected Contributor
Respected Contributor
ā€Ž2022-01-27 02:24 PM

Jump to solution

Have you checked if the  authentication manager IP address is able to reach the identity source through TCP 636 ?

0 Likes
Reply
JosephGe
New Contributor
New Contributor
In response to HassanMehsen
ā€Ž2022-01-27 02:54 PM

Jump to solution

Yes. I logged into Authentication Manager server using a SSH client and then used openssl command line to establish a connection to my server using port 636. That was how I got the server certificate to import into the Operations Console.

0 Likes
Reply
DavidAllison
Respected Contributor Respected Contributor
Respected Contributor
ā€Ž2022-01-27 03:18 PM

Jump to solution

First off, does regular LDAP work?  If not then LDAPS has no chance.  Also, is your certificate 2048 bit?  Starting with 8.4, 1024 bit certs no longer work for LDAPS in Auth Manager.

Reply
JosephGe
New Contributor
New Contributor
In response to DavidAllison
ā€Ž2022-01-27 03:41 PM

Jump to solution

LDAP does work. The certificate is not 2048 bit.

However, I'm also testing against a different AD server where the certificate is 2048 bit. I'm still getting the same results over SSL and non-SSL. LDAP and LDAPS is working on this server.

0 Likes
Reply
JosephGe
New Contributor
New Contributor
ā€Ž2022-01-28 11:07 AM

Jump to solution

I had to add the IP to the hosts file in Auth Manager for it to map to the domain. After that, it was able to connect over LDAP and I was able to successfully retrieve users from AD.

Thanks for the assistance.

0 Likes
Reply
HassanMehsen
Respected Contributor
Respected Contributor
In response to JosephGe
ā€Ž2022-01-28 01:29 PM

Jump to solution

Is the authentication manager DNS IP settings pointing to a different server were the AD is installed on ?

0 Likes
Reply
JosephGe
New Contributor
New Contributor
In response to HassanMehsen
ā€Ž2022-01-28 04:15 PM

Jump to solution

Yes. They're on different servers within the same network. They're able to ping each other.

When creating a new external identity source, it doesn't seem to like IP address because the imported server certificate contains the FQDN. Since the FQDN is pointing to a different server, it didn't resolve the IP correctly until I added it to the host file.

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.