Integrated Data Protection Appliance Family: How to import SLDAP Certificate from ACM to DPC in IDPA version 2.1 for Internal LDAP Setup

Summary: This KB Article walks you through the steps to import SLDAP certificate from ACM to DPC 1.x to configure internal LDAP in IDPA version 2.1.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms



In order for DPC 1.x to work with internal LDAP setup on ACM, the secure ldap certificate needs to be imported. If the certificate is not imported, the following error can be seen on DPC/System Manager while login:
  
2020-04-08 08:44:08,884 ERROR http-nio-9002-exec-4 c.e.c.s.a.b.BasicLoginProcessingFilter An internal error occurred while trying to authenticate the user.
org.springframework.security.authentication.InternalAuthenticationServiceException: simple bind failed: xxxxxx-acm1.xxx.com:636; nested exception is javax.naming.CommunicationException: simple bind failed: xxxxxx-acm1.xxx.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.]
        at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)
        at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
        at com.emc.clp.security.auth.ldap.ExternalAuthenticationProvider.authenticate(ExternalAuthenticationProvider.java:242)
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
@                                                                                      

.
.
.
.
Caused by: org.springframework.ldap.CommunicationException: simple bind failed: xxxxxx-acm1.xxx.com:636; nested exception is javax.naming.CommunicationException: simple bind failed: xxxxxx-acm1.xxx.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.]
        at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
        at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)
        at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)
        at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158)
        at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)
        at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:316)
        at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:127)
        at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:95)
        at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:187)
        ... 66 common frames omitted
Caused by: javax.naming.CommunicationException: simple bind failed: xxxxxx-acm1.xxx.com:636
        at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)

Cause

SLDAP Certificate was not imported to DPC from Internal LDAP Server (ACM). 

Resolution

Step 1. Copy the file /data01/productrepo/trust_ldaps_cert.sh to DPC /usr/local/dpc/bin/ 
scp /data01/productrepo/trust_ldaps_cert.sh admin@<DPC_IP_ADDRESS>:/usr/local/dpc/bin/

Step 2. On DPC, Provide executable permissions to trust_ldaps_cert.sh script.


chmod +x /usr/local/dpc/bin/trust_ldaps_cert.sh
 


Step 3. Execute the following command on DPC and accept the SLDAP certificate:


sudo /usr/local/dpc/bin/trust_ldaps_cert.sh <ACM_FQDN> /var/lib/dpc/webcerts/
 


Note: Provide root password and say 'y' to acknowledgement. 


Step 4. Run the following command to import the certificate.



sudo keytool -importcert -file /var/lib/dpc/webcerts/ldaps_<ACM_FQDN>.pem -v -keystore /var/lib/ca-certificates/java-cacerts -storepass changeit


Step 5. Restart DPC services as root user.

/usr/local/dpc/bin/dpc stop 
/usr/local/dpc/bin/dpc start

Affected Products

Integrated Data Protection Appliance Family

Products

PowerProtect DP5300, PowerProtect DP5800, PowerProtect DP8300, PowerProtect DP8800, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware
Article Properties
Article Number: 000068947
Article Type: Solution
Last Modified: 27 May 2025
Version:  3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.