Dell Unity: Could not connect to the LDAP server. Recheck your LDAP configuration under Directory Services. (Error Code: 0x6000193) [User Correctable]

Could not connect to the LDAP server. Recheck your LDAP configuration under Directory Services. (Error Code: 0x6000193)



 

• Incorrect LDAP server details | LDAP server not reachable 
• Incorrect Bind user DN and Password
• Incorrect LDAP server SSL certificate if using LDAPS

LDAP server details 
LDAP server has to be pingable from Unity using both the hostname and IP address.

C:\Users\user>nslookup <domain controller IP>
Server:  peeps-dc.peeps.lab   - - - > > >peeps-dc is the hostname  || peeps.lab is the domain name
Address:  5.6.xx.xx

Name:    peeps-dc.peeps.lab
Address:  5.6.xx.xx
C:\Users\user>


Incorrect Bind user DN and Password
From your windows host machine which is joined to the AD run the below command in cmd and search for the username to find the Distinguished name for the user.

C:\Users\Administrator>setspn LdapUser
Registered ServicePrincipalNames for CN=LdapUser,CN=Users,DC=peeps,DC=lab   
C:\Users\Administrator>

CN=LdapUser,CN=Users,DC=peeps,DC=lab   - - > > > This is the Distinguised name of the bind user

Incorrect LDAP server SSL certificate if using LDAPS
Once the SSL certificate is uploaded, verifying the connection, the connection fails, this can be verified from ldapsearch output.

Ldapsearch to test LDAP connection
ldapsearch  -x  -d 1  -v  -H  ldap://ldapserver_name_or_IP:389  -b "CN=Users,dc=peeps,dc=lab" -D "CN=Administrator,CN=Users,DC=peeps,DC=lab"  -w Password

Successful search part of the output:

# filter: (objectclass=*)
# requesting: ALL
#
res_errno: 0, res_error: <>, res_matched: <>                   <<<<< a Bind search or user search is successful. 
ldap_free_request (origid 2, msgid 2)


If the Policy on the domain controller is: "Domain controller: LDAP server signing requirements" is set to "Require signing,"  connections fail if not configured to use SSL with the LDAPS option on Unisphere.

If your LDAP server requires authentication and you are trying to configure LDAP, not LDAPS without uploading SSL, below is the ldapsearch output to verify the same.

res_errno: 8, res_error: <00002028: LdapErr: DSID-0C090259, 
comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v4563>, res_matched: <>

Ldapsearch to test LDAPS connection

env LDAPTLS_CACERT=/EMC/backend/CEM/LDAPCer/serverCertificate.cer ldapsearch  -x  -d 1  -v  -H  ldaps://ldapserver_name_or_IP:636   -b "CN=Users,dc=peeps,dc=lab" -D "CN=Administrator,CN=Users,DC=peeps,DC=lab"  -w Password

Below output on ldapsearch for LDAPS if SSL is incorrect.

TLS trace: SSL_connect:SSLv3/TLS write client hello
TLS trace: SSL_connect:SSLv3/TLS read server hello
TLS certificate verification: depth: 1, err: 20, subject: /DC=lab/DC=peeps/CN=issuer_name, issuer: /CN=issuer_name
TLS certificate verification: Error, unable to get local issuer certificate
tls_write: want=7, written=7
  0000:  15 03 03 00 02 02 30                               ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in error
TLS: can't connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get local issuer certificate). 
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
*** WARNING *** Unity service shell activated! *** WARNING ***
root@hostname spa:/home/service/user#

Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F , Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Family, Dell EMC Unity Hybrid, Dell EMC UnityVSA Professional Edition/Unity Cloud Edition ... View More View Less