This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee Edge - LDAPSearch failing with ssl handshake using unboundid

Posted 2 weeks ago
johnwilliams
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

@dchiesa1 We are using unboundid (6.0.9) for connecting to LDAP and we are seeing this error when establishing connection to LDAP host,

Ldap search exception occurred An error occurred while attempting to connect to server HOST:636: IOException(LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server HOST/IP:636: SSLHandshakeException(Received fatal alert: handshake_failure), ldapSDKVersion=6.0.9, revision=42839ddf0d77d954805fbbe3cce73a792af40474')).

I have added the required certs to Java keystore in the JDK path /lib/security/cacerts.

I wanted to know how can I narrow down the issue or if there is a way to enable debug logs for this ? 

Note: This works in the different environment with same settings. Firewalls are open and tested using openssl commands. 

2 1 63
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Have you created the LdapResource in both environments with the same settings?  the LdapResource is an environment-scoped thing, so you'd need to do it the same way for each one. 

https://docs.apigee.com/api-platform/reference/policies/ldap-policy#ldapresource

"handshake failure" usually means what you are suspecting - the certs aren't resolving properly. If I were you I would check the apigee logs to see a full stack trace. Maybe there will be some additional information there to help you diagnose. This will be in the MP logs.