This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

LDAP policy with Secure LDAP is not working. giving Naming exception simple bind failed error (Apigee 4.18.01.00)

Posted on 04-17-2018 03:16 PM
Not applicable
Reply posted on --/--/---- --:-- AM

I am integrating with secure LDAP using LDAP policy. I created LDAP resource with sSLEnabled value to true . Imported all root and intermediate root certificates of the the LDAP server to default store in the specific environment. Copied resource creation payload and LDAP policy at the bottom.

When we request the proxy with LDAP policy we are getting below fault. The simple binding is working fine with other LDAP brower and tools. Not sure why it is failing.

{ "fault": { "faultstring": "Naming exception simple bind failed: ldap.myorg.com:636 occurred. Reason: simple bind failed: ldap.myorg.com:636.", "detail": { "errorcode": "messaging.runtime.NamingException" } } }

One of the possible reason could be due to handshake issue. Like target setup we don't have any explicit way to specify which key trust stoe and alias should be used for handshake. the policy description in the apigee site doesn't tells anything about ssl based communication. Need help fixing the issue.

LDAP Policy:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <Ldap async="false" continueOnError="false" enabled="true" name="LDAP-1"> <DisplayName>LDAP-1</DisplayName> <LdapResource>SecureLDAP-myorg</LdapResource> <Authentication> <Password ref="var_ldap_password"/> <Scope>subtree</Scope> <BaseDN>ou=people,ou=org-intranet,dc=myorg</BaseDN> <SearchQuery>(uid={var_ldap_username})</SearchQuery> </Authentication> <Search> <BaseDN>ou=people,ou=org-intranet,dc=myorg</BaseDN> <SearchQuery>(uid={var_ldap_username})</SearchQuery> <Attributes> <Attribute>uid</Attribute> </Attributes> <Scope>subtree</Scope> </Search> </Ldap>

LDAP Resource creation pay load:

{ "admin": { "dN": "uid=test-user,ou=people,ou=org-intranet,dc=myorg", "password": "****" }, "connectPool": { "enabled": true, "initsize": 0, "maxsize": 50, "prefsize": 30, "protocol": "", "timeout": 30000 }, "connection": { "authentication": "simple", "connectionProvider": "jndi", "hosts": [ { "port": 636, "value": "ldap.myorg.com" } ], "sSLEnabled": true, "version": 3 }, "name": "SecureLDAP-myorg" }

0 2 796
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
deniska
New Member
Reply posted on --/--/---- --:-- AM

Hi, did you came up with solution for this issue?

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

It seems LDAP policy doesn't honor the Certificates available in environment trust store. We installed the LDAP certificates in JDK trust store as workaround for this issue.

0 Likes