The error "Can't contact LDAP server (-1) : (null)" appears when testing an LDAP connection with TLS in NuGenesis 9 SDMS - WKB59312
Article number: 59312
SYMPTOMS
- The following error message appears in SDMS Administrator when testing an LDAP connection with TLS:
- Can't contact LDAP server (-1) : (null)
- The LDAP connection test works if TLS is not selected
ENVIRONMENT
- NuGenesis 9 SDMS
- The LDAP server's certificates are copied into the Trusted Root Certificate Authorities store in Windows
CAUSE
Port 636 or 6360 was configured for the TLS connection. In NuGenesis 9, secure LDAP connections use port 389 and send the "STARTTLS" command in the connection in order to encrypt the data transfer.
FIX or WORKAROUND
Use port 389 for all of the LDAP servers (up to five) in the list.
ADDITIONAL INFORMATION
See also: WKB76455 for the equivalent error in Empower 3 FR5
Per the IETF's RFC2830, the old means of securing LDAP connections via port 636 is deprecated. NuGenesis 9 was updated to use the standard "STARTTLS" mechanism for securing LDAP connections.
id59312, SDMS, SDMS8, SDMS8NU, SUPISDMS, SUPNG