Loading...
Loading...
Attempts to verify the LDAP configuration fail with: Operation failed. Error code: 0x6000193Could not connect to the LDAP server. Please recheck your LDAP configuration under Directory Services. (Error Code: 0x6000193) Example: uemcli /net/ldap -id <domain> verify Returns: Operation failed. Error code: 0x6000193 Could not connect to the LDAP server. The LDAP configuration appears correct: Protocol = ldaps Port = 636 Server name = ldapserver.company.com LDAP connectivity tests from the Unity service shell succeed: spX:/EMC/CEM/log# LDAPTLS_CACERT=/EMC/backend/CEM/LDAPCer/serverCertificate.cer ldapsearch -x -v -H ldaps://peeps-dc.peeps.lab -D "CN=Administrator,CN=Users,DC=peeps,DC=lab" -b "DC=peeps,DC=lab" samaccountname=administrator cn -w Password123#
The BSAFE library which is responsible for the certificate validation was upgraded in version 5.5.0. This library is using the more strict validation rules in that version. This is the reason the certificate without Subject Alternate Name (SAN) fails on 5.5.1. RFC 6125 recommends and prefers using the SAN extension. It provides the flexibility and modern browser support. Further, our Dell certificate service has the mandatory requirement of using SAN in the Certificate Signing Requests (CSR).
Regenerate the LDAP server certificate so that the LDAP server FQDN is present in the SAN extension. Example: X509v3 Subject Alternative Name: DNS:ldapserver.company.com Verify that: The LDAP server certificate contains a SAN extension. The SAN contains the exact FQDN configured in Unity. After replacing the LDAP server certificate: Import the required CA certificates chain to Unity. Reconfigure or verify LDAP for successful verification.
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
BugZero Plan
Streamline upgrades with automated vendor bug scrubs
BugZero Prevent
Wish you caught this bug sooner? Get proactive today.