Please open a support ticket for this error.
Original Message:
Sent: Dec 01, 2023 08:08 AM
From: Sebasti Reeta Mary S
Subject: LDAP over TLS/SSL setup in AAKE v21
Hi Oana,
Yes this helps. We were able to configure LDAPS in AAKE using keystore in JWP. So now once it is done the existing LDAP users were able to login successfully to the clients. However when we try to add a existing LDAP user to another client and Synchronize LDAP we get error as below.
LDAP error, class 'javax.naming.NamingException', message 'Failed to select search base.'.
Do we need to specify any more configuration related to search base DN etc., anywhere. We do not see any such config for AAKE or document around the same or even any setup before migration to v21 from V12.3.
Note: We migrated to a new LDAP server. LDAP works fine after new cert update through keystore only for existing user/client mapping and not when we modify or update any user where LDAP Sync fails and Login is denied.
Thanks
Original Message:
Sent: Nov 22, 2023 11:23 AM
From: Oana Botez
Subject: LDAP over TLS/SSL setup in AAKE v21
Hi,
These are the steps to setup LDAP with TLS for AAKE:
- Create a PKCS 12 Java Keystore with a tool like Keytool or Keystore Explorer and import the LDAP server certificate in the keystore, for example:
keytool -keystore ldap-keystore.p12 -importcert -alias ldapServer -file ldapcertficate.cer
More details in the docu here https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/21.0.8/Automic%20Automation%20Guides/Content/Installation_Manual/AE/InstalltheAE_JWP.htm#link9 - Create the jwp-keystore Kubernetes secret in the same namespace as AAKE and include the previously created keystore file:
kubectl create secret generic jwp-keystore --from-file ldap-keystore.p12
More details in the docu here
https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/21.0.8/Automic%20Automation%20Guides/Content/Installation_Containers/containers_LDAP_AAKE.htm?tocpath=Installing%7CContainer-Based%20Installation%7CPreparing%20for%20the%20Container-Based%20Installation%7C_____8 - After the deployment, configure in UC_SYSTEM_SETTINGS the JWP_KEYSTORE_PATH to usr/server/bin/secrets/jwp-keystore/cacerts and if you set a password for the keystore file, the JWP_KEYSTORE_LOGIN to point to the login object where the password is configured
More details in the docu here https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/21.0.8/Automic%20Automation%20Guides/Content/AWA/Variables/UC_SYSTEM_SETTINGS/UC_SYSTEM_JWP_Parameters.htm#JWPPath
Hope this helps,
Oana
Original Message:
Sent: Nov 20, 2023 06:24 AM
From: Sebasti Reeta Mary S
Subject: LDAP over TLS/SSL setup in AAKE v21
Hi,
We have moved from LDAP to LDAPS (over TLS/SSL) and AAKE v21 LDAPS needs to be updated. But however the documentation was not very clear on how the entire setup should be done. https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/21.0.8/Automic%20Automation%20Guides/Content/Installation_Containers/containers_LDAP_AAKE.htm?tocpath=Installing%7CContainer-Based%20Installation%7CPreparing%20for%20the%20Container-Based%20Installation%7C_____8
We had followed as per the steps given, however LDAP login gives Access denied. Is there any other detailed document for LDAP over TLS/SSL on AAKE. Need more clear details on the keystore file generation of LDAP certificate and secret creation, JWP_KEYSTORE_LOGIN parameter.
Thanks