Symptoms

Could not connect to the LDAP server. Recheck your LDAP configuration under Directory Services. (Error Code: 0x6000193)

Cause

Incorrect LDAP server details | LDAP server not reachable Incorrect Bind user DN and PasswordIncorrect LDAP server SSL certificate if using LDAPS

Resolution

LDAP server details LDAP server has to be pingable from Unity using both the hostname and IP address.C:\Users\user>nslookup Server: peeps-dc.peeps.lab - - - > > >peeps-dc is the hostname || peeps.lab is the domain nameAddress: 5.6.xx.xxName: peeps-dc.peeps.labAddress: 5.6.xx.xxC:\Users\user>Incorrect Bind user DN and PasswordFrom your windows host machine which is joined to the AD run the below command in cmd and search for the username to find the Distinguished name for the user.C:\Users\Administrator>setspn LdapUserRegistered ServicePrincipalNames for CN=LdapUser,CN=Users,DC=peeps,DC=lab C:\Users\Administrator>CN=LdapUser,CN=Users,DC=peeps,DC=lab - - > > > This is the Distinguised name of the bind userIncorrect LDAP server SSL certificate if using LDAPSOnce the SSL certificate is uploaded, verifying the connection, the connection fails, this can be verified from ldapsearch output.Ldapsearch to test LDAP connectionldapsearch -x -d 1 -v -H ldap://ldapserver_name_or_IP:389 -b "CN=Users,dc=peeps,dc=lab" -D "CN=Administrator,CN=Users,DC=peeps,DC=lab" -w PasswordSuccessful search part of the output:# filter: (objectclass=*)# requesting: ALL#res_errno: 0, res_error: , res_matched: ldap_free_request (origid 2, msgid 2)If the Policy on the domain controller is: "Domain controller: LDAP server signing requirements" is set to "Require signing," connections fail if not configured to use SSL with the LDAPS option on Unisphere.If your LDAP server requires authentication and you are trying to configure LDAP, not LDAPS without uploading SSL, below is the ldapsearch output to verify the same. res_errno: 8, res_error: <00002028: LdapErr: DSID-0C090259, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v4563>, res_matched: Ldapsearch to test LDAPS connection env LDAPTLS_CACERT=/EMC/backend/CEM/LDAPCer/serverCertificate.cer ldapsearch -x -d 1 -v -H ldaps://ldapserver_name_or_IP:636 -b "CN=Users,dc=peeps,dc=lab" -D "CN=Administrator,CN=Users,DC=peeps,DC=lab" -w Password Below output on ldapsearch for LDAPS if SSL is incorrect. TLS trace: SSL_connect:SSLv3/TLS write client hello TLS trace: SSL_connect:SSLv3/TLS read server hello TLS certificate verification: depth: 1, err: 20, subject: /DC=lab/DC=peeps/CN=issuer_name, issuer: /CN=issuer_name TLS certificate verification: Error, unable to get local issuer certificate tls_write: want=7, written=7 0000: 15 03 03 00 02 02 30 ......0 TLS trace: SSL3 alert write:fatal:unknown CA TLS trace: SSL_connect:error in error TLS: can't connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get local issuer certificate). ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) *** WARNING *** Unity service shell activated! *** WARNING *** root@hostname spa:/home/service/user#

Support Cases