Cannot Bind LDAPs in Dell Security Management Server Virtual 11.0 or Later

Summary: This article discusses a situation where Dell Security Management Server Virtual v11.0 and later receive the error "unable to connect to the server" when binding LDAPs in Remote Management Console. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Affected Products:

  • Dell Security Management Server Virtual

Affected Versions:

  • v11.0 and Later

Affected Operating Systems:

  • Linux

Typically seen after upgrading to Dell Security Management Server Virtual v11.0 or later from an older version and attempting to use the same LDAPs settings that worked fine before the update now show a bad status for the domain and errors are encountered when attempting to save LDAPs settings.

Error unable to connect to the server appears when attempting to bind LDAPs in the remote management console. Logs show SSL handshake errors:

org.springframework.ldap.CommunicationException: simple bind failed: ADSERVER.DOMAIN.COM:636; nested exception is javax.naming.CommunicationException: simple bind failed: ADSERVER.DOMAIN.COM:636 [Root exception is javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching ADSERVER.DOMAIN.COM found.]

Unable to Connect to the Server
Figure 1: (English Only) Unable to Connect to the Server

Cause

Self-singed certificates and the Java updates in v11.0. Endpoint identification algorithms have been enabled by default, to improve the robustness of LDAPS (secure LDAP over TLS) connections. From the changelog: https://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html This hyperlink is taking you to a website outside of Dell Technologies.

Resolution

Disable endpoint identification by modifying wrapper.conf by following the instructions below.

Note: This operation can be performed over SSH session if wanted. How to enable SSH: How to Enable SSH in Dell Security Management Server Virtual / Dell Data Protection Virtual Edition
  1. Stop services reference How to Stop and Start Services in Dell Security Management Server Virtual / Dell Data Protection Virtual Edition.
  2. From the main menu, select Launch Shell:

Select Launch Shell
Figure 2: (English Only) Select Launch Shell

  1. Type su dellsupport and press enter:

Type su dellsupport
Figure 3: (English Only) Type su dellsupport

  1. Type the password for the dellsupport account and press enter:

Type the password
Figure 4: (English Only) Type the password

  1. Type sudo nano /opt/dell/server/security-server/conf/wrapper.conf.

Type sudo nano /opt/dell/server/security-server/conf/wrapper.conf
Figure 5: (English Only) Type sudo nano /opt/dell/server/security-server/conf/wrapper.conf

  1. Under # Additional java parameters to the VM, add the line wrapper.java.additional.XX=-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true where XX is incremental to the list (mine is 12 in this example):

Add line wrapper.java.additional.XX=-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
Figure 6: (English Only) Add line wrapper.java.additional.XX=-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true

  1. Press CTRL + O to save changes.
  2. Press CTRL + X to exit.
  3. Type exit and then press Enter to log out of dellsupport.

Type exit
Figure 7: (English Only) Type exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Type exit
Figure 8: (English Only) Type exit

  1. Start services reference How to Stop and Start Services in Dell Security Management Server Virtual / Dell Data Protection Virtual Edition.

Now you can bind the domain using LDAPs port.

Affected Products

Dell Encryption
Article Properties
Article Number: 000205453
Article Type: Solution
Last Modified: 15 Nov 2023
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.