CA Service Management

Environment: Service Desk r17.1 cum 2 running on Windows 2012
LDAP integration works (without ldap_enable_tls) on port 389.

I am having an issue getting this option to work with Active Directory.

First of all, I can verify an LDAP SSL (port 636) connection from the applicaiton server to the Active Directory server using Softerra LDAP Browser (although I get a warning about a client certificate, I can still browse through the directory).

I have tried configuring using TLS (on both ports 389 and 636) and SSL (on port 636). I get an error in the std log of "ldap_connect ... Server Down" using port 636 (TLS or SSL). I get an error in std log of "ldap_start_tls_s ... Local Error. Please verify relevant certificates are present ..." using port 389 (TLS).

Looking for someone who has done this configuration successfully before and might point me in the right direction.

Many thanks in advance.

Cheers,
Lindsay

------------------------------
Lindsay Estabrooks
Principal Consultant
IT-EDU Consultants
------------------------------

Thought I would ping this once to see if anyone had any suggestions.

Cheers,
Lindsay

------------------------------
Lindsay Estabrooks
Principal Consultant
IT-EDU Consultants
------------------------------

Original Message:
Sent: 07-08-2020 02:43 PM
From: Lindsay Estabrooks
Subject: ldap_enable_tls option

Environment: Service Desk r17.1 cum 2 running on Windows 2012
LDAP integration works (without ldap_enable_tls) on port 389.

I am having an issue getting this option to work with Active Directory.

First of all, I can verify an LDAP SSL (port 636) connection from the applicaiton server to the Active Directory server using Softerra LDAP Browser (although I get a warning about a client certificate, I can still browse through the directory).

I have tried configuring using TLS (on both ports 389 and 636) and SSL (on port 636). I get an error in the std log of "ldap_connect ... Server Down" using port 636 (TLS or SSL). I get an error in std log of "ldap_start_tls_s ... Local Error. Please verify relevant certificates are present ..." using port 389 (TLS).

Looking for someone who has done this configuration successfully before and might point me in the right direction.

Many thanks in advance.

Cheers,
Lindsay

------------------------------
Lindsay Estabrooks
Principal Consultant
IT-EDU Consultants
------------------------------

Lindsay.......

I might not understand the entire scenario, but have you thought about trying to import the LDAP SSL cert in Service Desk first via pdm_keystore_mgr.pl. Then, configure the Service Desk LDAP options like port to use SSL with LDAP.

Service Desk Management 17.1 documentation has information about pdm_keystore_mgr.pl usage.  Although the steps are for CA PAM, it should also work for the ldap connection as well. Take a look at steps 8 and 9 on the section "Enable Communications When CA Process Automation is SSL Enabled" - https://docops.ca.com/ca-service-management/17-1/en/troubleshooting/troubleshooting-ca-service-management/integrate-ca-service-desk-manager-with-common-components-manually/integrate-ca-service-desk-manager-with-ca-process-automation-manually

------------------------------
Paul Coccimiglio
Principal Support Engineer
Broadcom Inc.
------------------------------

Original Message:
Sent: 07-28-2020 04:20 PM
From: Lindsay Estabrooks
Subject: ldap_enable_tls option

Thought I would ping this once to see if anyone had any suggestions.

Cheers,
Lindsay

------------------------------
Lindsay Estabrooks
Principal Consultant
IT-EDU Consultants

Original Message:
Sent: 07-08-2020 02:43 PM
From: Lindsay Estabrooks
Subject: ldap_enable_tls option

Environment: Service Desk r17.1 cum 2 running on Windows 2012
LDAP integration works (without ldap_enable_tls) on port 389.

I am having an issue getting this option to work with Active Directory.

First of all, I can verify an LDAP SSL (port 636) connection from the applicaiton server to the Active Directory server using Softerra LDAP Browser (although I get a warning about a client certificate, I can still browse through the directory).

I have tried configuring using TLS (on both ports 389 and 636) and SSL (on port 636). I get an error in the std log of "ldap_connect ... Server Down" using port 636 (TLS or SSL). I get an error in std log of "ldap_start_tls_s ... Local Error. Please verify relevant certificates are present ..." using port 389 (TLS).

Looking for someone who has done this configuration successfully before and might point me in the right direction.

Many thanks in advance.

Cheers,
Lindsay

------------------------------
Lindsay Estabrooks
Principal Consultant
IT-EDU Consultants
------------------------------