SSL-enabled LDAP provider

Timo_Reichert · December 11, 2020, 3:58pm

I’m trying to connect to our ldap server over ssl.

Trustststore is configured and watt.server.ssl.trustStoreAlias is pointing to this truststore.

There is just the message " [ISS.0002.0009E] Unable to open a connection to ldaps://…" in the server log.

Is there any way I could get a more detailed error message?

webMethods Integration Server, Version 10.3.0.0

Feng_Sian5 · December 12, 2020, 8:17pm

@Timo_Reichert, just trying to figure out what is your objective: you’re attempting
Option 1: to set up the centralized user management.
Option 2: to connect to a LDAP, using the “ldaps” protocol.

Timo_Reichert · December 14, 2020, 7:21am

Option 2. I would like to connect our Integration Server to a LDAP, using ldaps.

Dave_Pemberton · December 14, 2020, 10:29am

Have you tried increasing the server logging level in the IS admin settings UI?

.

Under integration server, you’ll see log levels for various (many!) things including LDAP connection

Holm_Steinland3 · December 14, 2020, 10:59am

LDAPS is a bit tricky as this is technically implemented based on the JVM level.
This means for you to have add the respective Trusted Certificates to the JVM level “cacerts” file.

Not in your case I hope, but anyway worth mention is that you have to make sure you LDAP server and
your JDK / IS have a matching pair of protocols and ciphers.
When you not have a need for multiple / different trust stores in IS, you can also configure it to be the global one.
See:

Timo_Reichert · December 14, 2020, 3:14pm

I’m able to connect to the ldap server over ssl with a simple java tool, using the same jvm and same truststore.

After increasing the server logging level in the IS here is the following exception:

2020-12-14 16:11:29 CET [ISS.0002.0000T] [LDAPv2] PooledContext.getContext: CommunicationException: null, therefore scheduling all the contexts in this pool for reinitialization.
2020-12-14 16:11:29 CET [ISS.0002.0000T] [LDAPv2] javax.naming.CommunicationException [Root exception is java.net.SocketException: Connection reset]
        at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:163)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791)
        at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2699)
        at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2673)
        at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2669)
        at javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:193)
        at com.wm.app.b2b.server.ldap.PooledContext$LdapsConnector$1Connector.run(PooledContext.java:389)
Caused by: java.net.SocketException: Connection reset
        at java.net.SocketInputStream.read(SocketInputStream.java:210)
        at java.net.SocketInputStream.read(SocketInputStream.java:141)
        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
        at sun.security.ssl.InputRecord.read(InputRecord.java:503)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
        at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:940)
        at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
        at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
        at com.sun.jndi.ldap.Connection.run(Connection.java:877)
        at java.lang.Thread.run(Thread.java:748)